InfisicalSecret
secrets.infisical.com / v1alpha1
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
InfisicalSecretSpec defines the desired state of InfisicalSecret
authentication object
awsIamAuth object
identityId
string required
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
azureAuth object
azureManagedIdentityClientId
string
identityId
string required
resource
string
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
gcpIamAuth object
identityId
string required
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
serviceAccountKeyFilePath
string required
gcpIdTokenAuth object
identityId
string required
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
kubernetesAuth object
autoCreateServiceAccountToken
boolean
Optionally automatically create a service account token for the configured service account.
If this is set to `true`, the operator will automatically create a service account token for the configured service account.
identityId
string required
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
serviceAccountRef object required
name
string required
namespace
string required
serviceAccountTokenAudiences
[]string
The audiences to use for the service account token. This is only relevant if `autoCreateServiceAccountToken` is true.
ldapAuth object
credentialsRef object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
identityId
string required
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
serviceAccount object
environmentName
string required
projectId
string required
serviceAccountSecretReference object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
serviceToken object
secretsScope object required
envSlug
string required
recursive
boolean
secretsPath
string required
serviceTokenSecretReference object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
universalAuth object
credentialsRef object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
secretsScope object required
envSlug
string required
projectId
string
projectSlug
string
recursive
boolean
secretName
string
secretsPath
string required
hostAPI
string
Infisical host to pull secrets from
instantUpdates
boolean
managedKubeConfigMapReferences []object
configMapName
string required
The name of the Kubernetes ConfigMap
configMapNamespace
string required
The namespace where the Kubernetes ConfigMap is located
creationPolicy
string
The Kubernetes ConfigMap creation policy.
Enum with values: 'Owner', 'Orphan'.
Owner creates the config map and sets .metadata.ownerReferences of the InfisicalSecret CRD that created it.
Orphan will not set the config map owner. This will result in the config map being orphaned and not deleted when the resource is deleted.
template object
The template to transform the secret data
data
object
The template key values
includeAllSecrets
boolean
This injects all retrieved secrets into the top level of your template.
Secrets defined in the template will take precedence over the injected ones.
metadata object
Custom metadata (labels/annotations) for the managed secret.
When specified, these values are used instead of copying metadata from the InfisicalSecret CR.
annotations
object
Custom annotations to apply to the managed secret
labels
object
Custom labels to apply to the managed secret
managedKubeSecretReferences []object
creationPolicy
string
The Kubernetes Secret creation policy.
Enum with values: 'Owner', 'Orphan'.
Owner creates the secret and sets .metadata.ownerReferences of the InfisicalSecret CRD that created it.
Orphan will not set the secret owner. This will result in the secret being orphaned and not deleted when the resource is deleted.
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
secretType
string
The Kubernetes Secret type (experimental feature). More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
template object
The template to transform the secret data
data
object
The template key values
includeAllSecrets
boolean
This injects all retrieved secrets into the top level of your template.
Secrets defined in the template will take precedence over the injected ones.
metadata object
Custom metadata (labels/annotations) for the managed secret.
When specified, these values are used instead of copying metadata from the InfisicalSecret CR.
annotations
object
Custom annotations to apply to the managed secret
labels
object
Custom labels to apply to the managed secret
managedSecretReference object
creationPolicy
string
The Kubernetes Secret creation policy.
Enum with values: 'Owner', 'Orphan'.
Owner creates the secret and sets .metadata.ownerReferences of the InfisicalSecret CRD that created it.
Orphan will not set the secret owner. This will result in the secret being orphaned and not deleted when the resource is deleted.
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
secretType
string
The Kubernetes Secret type (experimental feature). More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
template object
The template to transform the secret data
data
object
The template key values
includeAllSecrets
boolean
This injects all retrieved secrets into the top level of your template.
Secrets defined in the template will take precedence over the injected ones.
metadata object
Custom metadata (labels/annotations) for the managed secret.
When specified, these values are used instead of copying metadata from the InfisicalSecret CR.
annotations
object
Custom annotations to apply to the managed secret
labels
object
Custom labels to apply to the managed secret
resyncInterval
integer
syncConfig object
instantUpdates
boolean
resyncInterval
string
tls object
caRef object
Reference to secret containing CA cert
key
string required
The name of the secret property with the CA certificate value
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The namespace where the Kubernetes Secret is located
tokenSecretReference object
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
status object
InfisicalSecretStatus defines the observed state of InfisicalSecret
conditions []object required
lastTransitionTime
string required
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format:
date-time
message
string required
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength:
32768
observedGeneration
integer
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format:
int64minimum:
0
reason
string required
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
pattern:
^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$minLength:
1maxLength:
1024
status
string required
status of the condition, one of True, False, Unknown.
enum:
True, False, Unknown
type
string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern:
^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$maxLength:
316No matches. Try .spec.authentication for an exact path