diff --git a/external-secrets.io/clusterexternalsecret_v1beta1.json b/external-secrets.io/clusterexternalsecret_v1beta1.json index d603073b..0bb98707 100644 --- a/external-secrets.io/clusterexternalsecret_v1beta1.json +++ b/external-secrets.io/clusterexternalsecret_v1beta1.json @@ -106,7 +106,7 @@ "maxProperties": 1, "properties": { "generatorRef": { - "description": "GeneratorRef points to a generator custom resource.\n\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", + "description": "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", "properties": { "apiVersion": { "default": "generators.external-secrets.io/v1alpha1", diff --git a/external-secrets.io/clustersecretstore_v1beta1.json b/external-secrets.io/clustersecretstore_v1beta1.json index b08ef54b..17b665fb 100644 --- a/external-secrets.io/clustersecretstore_v1beta1.json +++ b/external-secrets.io/clustersecretstore_v1beta1.json @@ -494,6 +494,10 @@ "description": "AWS External ID set on assumed IAM roles", "type": "string" }, + "prefix": { + "description": "Prefix adds a prefix to all retrieved values.", + "type": "string" + }, "region": { "description": "AWS Region to be used for the provider", "type": "string" @@ -712,6 +716,278 @@ "type": "object", "additionalProperties": false }, + "beyondtrust": { + "description": "Beyondtrust configures this store to sync secrets using Password Safe provider.", + "properties": { + "auth": { + "description": "Auth configures how the operator authenticates with Beyondtrust.", + "properties": { + "certificate": { + "description": "Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateKey": { + "description": "Certificate private key (key.pem). For use when authenticating with an OAuth client Id", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientId": { + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecret" + ], + "type": "object", + "additionalProperties": false + }, + "server": { + "description": "Auth configures how API server works.", + "properties": { + "apiUrl": { + "type": "string" + }, + "clientTimeOutSeconds": { + "description": "Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.", + "type": "integer" + }, + "retrievalType": { + "description": "The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system.", + "type": "string" + }, + "separator": { + "description": "A character that separates the folder names.", + "type": "string" + }, + "verifyCA": { + "type": "boolean" + } + }, + "required": [ + "apiUrl", + "verifyCA" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "server" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardensecretsmanager": { + "description": "BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider", + "properties": { + "apiURL": { + "type": "string" + }, + "auth": { + "description": "Auth configures how secret-manager authenticates with a bitwarden machine account instance.\nMake sure that the token being used has permissions on the given secret.", + "properties": { + "secretRef": { + "description": "BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.", + "properties": { + "credentials": { + "description": "AccessToken used for the bitwarden instance.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "credentials" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardenServerSDKURL": { + "type": "string" + }, + "caBundle": { + "description": "Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack\ncan be performed.", + "type": "string" + }, + "caProvider": { + "description": "see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "identityURL": { + "type": "string" + }, + "organizationID": { + "description": "OrganizationID determines which organization this secret store manages.", + "type": "string" + }, + "projectID": { + "description": "ProjectID determines which project this secret store manages.", + "type": "string" + } + }, + "required": [ + "auth", + "organizationID", + "projectID" + ], + "type": "object", + "additionalProperties": false + }, "chef": { "description": "Chef configures this store to sync secrets with chef server", "properties": { @@ -1026,6 +1302,56 @@ "type": "object", "additionalProperties": false }, + "device42": { + "description": "Device42 configures this store to sync secrets using the Device42 provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Device42 instance.", + "properties": { + "secretRef": { + "properties": { + "credentials": { + "description": "Username / Password is used for authentication.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "host": { + "description": "URL configures the Device42 instance URL.", + "type": "string" + } + }, + "required": [ + "auth", + "host" + ], + "type": "object", + "additionalProperties": false + }, "doppler": { "description": "Doppler configures this store to sync secrets using the Doppler provider", "properties": { @@ -1260,6 +1586,10 @@ "type": "object", "additionalProperties": false }, + "location": { + "description": "Location optionally defines a location for a secret", + "type": "string" + }, "projectID": { "description": "ProjectID project where secret is located", "type": "string" @@ -1405,6 +1735,100 @@ "type": "object", "additionalProperties": false }, + "infisical": { + "description": "Infisical configures this store to sync secrets using the Infisical provider", + "properties": { + "auth": { + "description": "Auth configures how the Operator authenticates with the Infisical API", + "properties": { + "universalAuthCredentials": { + "properties": { + "clientId": { + "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hostAPI": { + "default": "https://app.infisical.com/api", + "type": "string" + }, + "secretsScope": { + "properties": { + "environmentSlug": { + "type": "string" + }, + "projectSlug": { + "type": "string" + }, + "recursive": { + "default": false, + "type": "boolean" + }, + "secretsPath": { + "default": "/", + "type": "string" + } + }, + "required": [ + "environmentSlug", + "projectSlug" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "secretsScope" + ], + "type": "object", + "additionalProperties": false + }, "keepersecurity": { "description": "KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider", "properties": { @@ -1546,6 +1970,25 @@ "type": "object", "additionalProperties": false }, + "authRef": { + "description": "A reference to a secret that contains the auth information.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "remoteNamespace": { "default": "default", "description": "Remote namespace to fetch the secrets from", @@ -1600,9 +2043,6 @@ "additionalProperties": false } }, - "required": [ - "auth" - ], "type": "object", "additionalProperties": false }, @@ -1994,6 +2434,55 @@ "type": "object", "additionalProperties": false }, + "previder": { + "description": "Previder configures this store to sync secrets using the Previder provider", + "properties": { + "auth": { + "description": "PreviderAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "description": "PreviderAuthSecretRef holds secret references for Previder Vault credentials.", + "properties": { + "accessToken": { + "description": "The AccessToken is used for authentication", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessToken" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "baseUri": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, "pulumi": { "description": "Pulumi configures this store to sync secrets using the Pulumi provider", "properties": { @@ -2024,7 +2513,7 @@ "additionalProperties": false }, "apiUrl": { - "default": "https://api.pulumi.com", + "default": "https://api.pulumi.com/api/esc", "description": "APIURL is the URL of the Pulumi API.", "type": "string" }, @@ -2035,12 +2524,17 @@ "organization": { "description": "Organization are a space to collaborate on shared projects and stacks.\nTo create a new organization, visit https://app.pulumi.com/ and click \"New Organization\".", "type": "string" + }, + "project": { + "description": "Project is the name of the Pulumi ESC project the environment belongs to.", + "type": "string" } }, "required": [ "accessToken", "environment", - "organization" + "organization", + "project" ], "type": "object", "additionalProperties": false @@ -2130,6 +2624,82 @@ "type": "object", "additionalProperties": false }, + "secretserver": { + "description": "SecretServer configures this store to sync secrets using SecretServer provider\nhttps://docs.delinea.com/online-help/secret-server/start.htm", + "properties": { + "password": { + "description": "Password is the secret server account password.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serverURL": { + "description": "ServerURL\nURL to your secret server installation", + "type": "string" + }, + "username": { + "description": "Username is the secret server account username.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "password", + "serverURL", + "username" + ], + "type": "object", + "additionalProperties": false + }, "senhasegura": { "description": "Senhasegura configures this store to sync secrets using senhasegura provider", "properties": { @@ -2721,6 +3291,13 @@ "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault\nleader instead of simply retrying within a loop. This can increase performance if\nthe option is enabled serverside.\nhttps://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", "type": "boolean" }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers to be added in Vault request", + "type": "object" + }, "namespace": { "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" diff --git a/external-secrets.io/externalsecret_v1alpha1.json b/external-secrets.io/externalsecret_v1alpha1.json index 0248e3b2..e09a2977 100644 --- a/external-secrets.io/externalsecret_v1alpha1.json +++ b/external-secrets.io/externalsecret_v1alpha1.json @@ -273,7 +273,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, diff --git a/external-secrets.io/externalsecret_v1beta1.json b/external-secrets.io/externalsecret_v1beta1.json index 4c849319..e8350147 100644 --- a/external-secrets.io/externalsecret_v1beta1.json +++ b/external-secrets.io/externalsecret_v1beta1.json @@ -80,7 +80,7 @@ "maxProperties": 1, "properties": { "generatorRef": { - "description": "GeneratorRef points to a generator custom resource.\n\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", + "description": "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", "properties": { "apiVersion": { "default": "generators.external-secrets.io/v1alpha1", @@ -557,7 +557,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, diff --git a/external-secrets.io/pushsecret_v1alpha1.json b/external-secrets.io/pushsecret_v1alpha1.json index a750aa14..f237f756 100644 --- a/external-secrets.io/pushsecret_v1alpha1.json +++ b/external-secrets.io/pushsecret_v1alpha1.json @@ -152,7 +152,33 @@ }, "selector": { "description": "The Secret Selector (k8s source) for the Push Secret", + "maxProperties": 1, + "minProperties": 1, "properties": { + "generatorRef": { + "description": "Point to a generator to create a Secret.", + "properties": { + "apiVersion": { + "default": "generators.external-secrets.io/v1alpha1", + "description": "Specify the apiVersion of the generator resource", + "type": "string" + }, + "kind": { + "description": "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.", + "type": "string" + }, + "name": { + "description": "Specify the name of the generator resource", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "additionalProperties": false + }, "secret": { "description": "Select a Secret to Push.", "properties": { @@ -168,9 +194,6 @@ "additionalProperties": false } }, - "required": [ - "secret" - ], "type": "object", "additionalProperties": false }, diff --git a/external-secrets.io/secretstore_v1beta1.json b/external-secrets.io/secretstore_v1beta1.json index 553905aa..aaee618e 100644 --- a/external-secrets.io/secretstore_v1beta1.json +++ b/external-secrets.io/secretstore_v1beta1.json @@ -494,6 +494,10 @@ "description": "AWS External ID set on assumed IAM roles", "type": "string" }, + "prefix": { + "description": "Prefix adds a prefix to all retrieved values.", + "type": "string" + }, "region": { "description": "AWS Region to be used for the provider", "type": "string" @@ -712,6 +716,278 @@ "type": "object", "additionalProperties": false }, + "beyondtrust": { + "description": "Beyondtrust configures this store to sync secrets using Password Safe provider.", + "properties": { + "auth": { + "description": "Auth configures how the operator authenticates with Beyondtrust.", + "properties": { + "certificate": { + "description": "Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateKey": { + "description": "Certificate private key (key.pem). For use when authenticating with an OAuth client Id", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientId": { + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecret" + ], + "type": "object", + "additionalProperties": false + }, + "server": { + "description": "Auth configures how API server works.", + "properties": { + "apiUrl": { + "type": "string" + }, + "clientTimeOutSeconds": { + "description": "Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.", + "type": "integer" + }, + "retrievalType": { + "description": "The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system.", + "type": "string" + }, + "separator": { + "description": "A character that separates the folder names.", + "type": "string" + }, + "verifyCA": { + "type": "boolean" + } + }, + "required": [ + "apiUrl", + "verifyCA" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "server" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardensecretsmanager": { + "description": "BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider", + "properties": { + "apiURL": { + "type": "string" + }, + "auth": { + "description": "Auth configures how secret-manager authenticates with a bitwarden machine account instance.\nMake sure that the token being used has permissions on the given secret.", + "properties": { + "secretRef": { + "description": "BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.", + "properties": { + "credentials": { + "description": "AccessToken used for the bitwarden instance.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "credentials" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardenServerSDKURL": { + "type": "string" + }, + "caBundle": { + "description": "Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack\ncan be performed.", + "type": "string" + }, + "caProvider": { + "description": "see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "identityURL": { + "type": "string" + }, + "organizationID": { + "description": "OrganizationID determines which organization this secret store manages.", + "type": "string" + }, + "projectID": { + "description": "ProjectID determines which project this secret store manages.", + "type": "string" + } + }, + "required": [ + "auth", + "organizationID", + "projectID" + ], + "type": "object", + "additionalProperties": false + }, "chef": { "description": "Chef configures this store to sync secrets with chef server", "properties": { @@ -1026,6 +1302,56 @@ "type": "object", "additionalProperties": false }, + "device42": { + "description": "Device42 configures this store to sync secrets using the Device42 provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Device42 instance.", + "properties": { + "secretRef": { + "properties": { + "credentials": { + "description": "Username / Password is used for authentication.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "host": { + "description": "URL configures the Device42 instance URL.", + "type": "string" + } + }, + "required": [ + "auth", + "host" + ], + "type": "object", + "additionalProperties": false + }, "doppler": { "description": "Doppler configures this store to sync secrets using the Doppler provider", "properties": { @@ -1260,6 +1586,10 @@ "type": "object", "additionalProperties": false }, + "location": { + "description": "Location optionally defines a location for a secret", + "type": "string" + }, "projectID": { "description": "ProjectID project where secret is located", "type": "string" @@ -1405,6 +1735,100 @@ "type": "object", "additionalProperties": false }, + "infisical": { + "description": "Infisical configures this store to sync secrets using the Infisical provider", + "properties": { + "auth": { + "description": "Auth configures how the Operator authenticates with the Infisical API", + "properties": { + "universalAuthCredentials": { + "properties": { + "clientId": { + "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hostAPI": { + "default": "https://app.infisical.com/api", + "type": "string" + }, + "secretsScope": { + "properties": { + "environmentSlug": { + "type": "string" + }, + "projectSlug": { + "type": "string" + }, + "recursive": { + "default": false, + "type": "boolean" + }, + "secretsPath": { + "default": "/", + "type": "string" + } + }, + "required": [ + "environmentSlug", + "projectSlug" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "secretsScope" + ], + "type": "object", + "additionalProperties": false + }, "keepersecurity": { "description": "KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider", "properties": { @@ -1546,6 +1970,25 @@ "type": "object", "additionalProperties": false }, + "authRef": { + "description": "A reference to a secret that contains the auth information.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "remoteNamespace": { "default": "default", "description": "Remote namespace to fetch the secrets from", @@ -1600,9 +2043,6 @@ "additionalProperties": false } }, - "required": [ - "auth" - ], "type": "object", "additionalProperties": false }, @@ -1994,6 +2434,55 @@ "type": "object", "additionalProperties": false }, + "previder": { + "description": "Previder configures this store to sync secrets using the Previder provider", + "properties": { + "auth": { + "description": "PreviderAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "description": "PreviderAuthSecretRef holds secret references for Previder Vault credentials.", + "properties": { + "accessToken": { + "description": "The AccessToken is used for authentication", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessToken" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "baseUri": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, "pulumi": { "description": "Pulumi configures this store to sync secrets using the Pulumi provider", "properties": { @@ -2024,7 +2513,7 @@ "additionalProperties": false }, "apiUrl": { - "default": "https://api.pulumi.com", + "default": "https://api.pulumi.com/api/esc", "description": "APIURL is the URL of the Pulumi API.", "type": "string" }, @@ -2035,12 +2524,17 @@ "organization": { "description": "Organization are a space to collaborate on shared projects and stacks.\nTo create a new organization, visit https://app.pulumi.com/ and click \"New Organization\".", "type": "string" + }, + "project": { + "description": "Project is the name of the Pulumi ESC project the environment belongs to.", + "type": "string" } }, "required": [ "accessToken", "environment", - "organization" + "organization", + "project" ], "type": "object", "additionalProperties": false @@ -2130,6 +2624,82 @@ "type": "object", "additionalProperties": false }, + "secretserver": { + "description": "SecretServer configures this store to sync secrets using SecretServer provider\nhttps://docs.delinea.com/online-help/secret-server/start.htm", + "properties": { + "password": { + "description": "Password is the secret server account password.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serverURL": { + "description": "ServerURL\nURL to your secret server installation", + "type": "string" + }, + "username": { + "description": "Username is the secret server account username.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "password", + "serverURL", + "username" + ], + "type": "object", + "additionalProperties": false + }, "senhasegura": { "description": "Senhasegura configures this store to sync secrets using senhasegura provider", "properties": { @@ -2721,6 +3291,13 @@ "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault\nleader instead of simply retrying within a loop. This can increase performance if\nthe option is enabled serverside.\nhttps://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", "type": "boolean" }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers to be added in Vault request", + "type": "object" + }, "namespace": { "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" diff --git a/generators.external-secrets.io/acraccesstoken_v1alpha1.json b/generators.external-secrets.io/acraccesstoken_v1alpha1.json index 7ef1f52a..162ff682 100644 --- a/generators.external-secrets.io/acraccesstoken_v1alpha1.json +++ b/generators.external-secrets.io/acraccesstoken_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "ACRAccessToken returns a Azure Container Registry token\nthat can be used for pushing/pulling images.\nNote: by default it will return an ACR Refresh Token with full access\n(depending on the identity).\nThis can be scoped down to the repository level using .spec.scope.\nIn case scope is defined it will return an ACR Access Token.\n\n\nSee docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md", + "description": "ACRAccessToken returns a Azure Container Registry token\nthat can be used for pushing/pulling images.\nNote: by default it will return an ACR Refresh Token with full access\n(depending on the identity).\nThis can be scoped down to the repository level using .spec.scope.\nIn case scope is defined it will return an ACR Access Token.\n\nSee docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -135,7 +135,7 @@ "type": "string" }, "scope": { - "description": "Define the scope for the access token, e.g. pull/push access for a repository.\nif not provided it will return a refresh token that has full scope.\nNote: you need to pin it down to the repository level, there is no wildcard available.\n\n\nexamples:\nrepository:my-repository:pull,push\nrepository:my-repository:pull\n\n\nsee docs for details: https://docs.docker.com/registry/spec/auth/scope/", + "description": "Define the scope for the access token, e.g. pull/push access for a repository.\nif not provided it will return a refresh token that has full scope.\nNote: you need to pin it down to the repository level, there is no wildcard available.\n\nexamples:\nrepository:my-repository:pull,push\nrepository:my-repository:pull\n\nsee docs for details: https://docs.docker.com/registry/spec/auth/scope/", "type": "string" }, "tenantId": { diff --git a/generators.external-secrets.io/uuid_v1alpha1.json b/generators.external-secrets.io/uuid_v1alpha1.json new file mode 100644 index 00000000..4461c15f --- /dev/null +++ b/generators.external-secrets.io/uuid_v1alpha1.json @@ -0,0 +1,21 @@ +{ + "description": "UUID generates a version 1 UUID (e56657e3-764f-11ef-a397-65231a88c216).", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "UUIDSpec controls the behavior of the uuid generator.", + "type": "object" + } + }, + "type": "object" +} diff --git a/generators.external-secrets.io/vaultdynamicsecret_v1alpha1.json b/generators.external-secrets.io/vaultdynamicsecret_v1alpha1.json index d4f11846..3c61001e 100644 --- a/generators.external-secrets.io/vaultdynamicsecret_v1alpha1.json +++ b/generators.external-secrets.io/vaultdynamicsecret_v1alpha1.json @@ -562,6 +562,13 @@ "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault\nleader instead of simply retrying within a loop. This can increase performance if\nthe option is enabled serverside.\nhttps://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", "type": "boolean" }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers to be added in Vault request", + "type": "object" + }, "namespace": { "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string"