BeyondtrustWorkloadCredentialsDynamicSecret

generators.external-secrets.io / v1alpha1

apiVersion: generators.external-secrets.io/v1alpha1 kind: BeyondtrustWorkloadCredentialsDynamicSecret metadata: name: example

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

BeyondtrustWorkloadCredentialsDynamicSecretSpec defines the desired spec for BeyondtrustWorkloadCredentials dynamic generator. This generator enables obtaining temporary, short-lived credentials from BeyondTrust Workload Credentials. For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api

controller string

Controller selects the controller that should handle this generator. Leave empty to use the default controller.

provider object required

Provider contains the BeyondtrustWorkloadCredentials provider configuration including authentication, server connection details, and the folder path to the dynamic secret definition. The folderPath should point to a dynamic secret definition that has been created in BeyondTrust Workload Credentials (e.g., "production/aws-temp"). For setup details, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api

auth object required

Auth configures how the Operator authenticates with the BeyondTrust Workload Credentials API. Currently supports API key authentication via Kubernetes secret reference. For authentication setup, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#authentication

apikey object required

APIKey configures API token authentication for BeyondTrust Workload Credentials. The token is retrieved from a Kubernetes secret and used as a Bearer token for API requests.

token object required

Token references the Kubernetes secret containing the BeyondTrust Workload Credentials API token. The secret should contain the API key used to authenticate with BeyondTrust Workload Credentials. Create an API token in your BeyondTrust Workload Credentials console and store it in a Kubernetes secret. For details on creating API tokens, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#authentication

key string

A key in the referenced Secret. Some instances of this field may be defaulted, in others it may be required.

pattern: ^[-._a-zA-Z0-9]+$

minLength: 1

maxLength: 253

name string

The name of the Secret resource being referred to.

pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

minLength: 1

maxLength: 253

namespace string

The namespace of the Secret resource being referred to. Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.

pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

minLength: 1

maxLength: 63

caBundle string

CABundle is a base64-encoded CA certificate used to validate the BeyondTrust Workload Credentials API TLS certificate. Use this when your BeyondTrust instance uses a self-signed certificate or internal CA. If not set, the system's trusted root certificates are used.

format: byte

caProvider object

CAProvider points to a Secret or ConfigMap containing a PEM-encoded CA certificate. This is used to validate the BeyondTrust Workload Credentials API TLS certificate. Use this as an alternative to CABundle when you want to reference an existing Kubernetes resource.

key string

The key where the CA certificate can be found in the Secret or ConfigMap.

pattern: ^[-._a-zA-Z0-9]+$

minLength: 1

maxLength: 253

name string required

The name of the object located at the provider type.

pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

minLength: 1

maxLength: 253

namespace string

The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.

pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

minLength: 1

maxLength: 63

type string required

The type of provider to use such as "Secret", or "ConfigMap".

enum: Secret, ConfigMap

folderPath string

FolderPath specifies the default folder path for secret retrieval. Secrets will be fetched from this folder unless overridden in the ExternalSecret spec. Example: "production/database" or "dev/api-keys" Leave empty to retrieve secrets from the root folder. For folder organization, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#folders

server object required

Server configures the BeyondTrust Workload Credentials server connection details. Includes the API URL and Site ID for your BeyondTrust instance. For API reference, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api

apiUrl string required

APIURL is the base URL of your BeyondTrust Workload Credentials API server. This should be the full URL to your BeyondTrust instance. Example: https://api.beyondtrust.io/siie For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#base-url

siteId string required

SiteID is your BeyondTrust Workload Credentials site identifier (UUID format). This identifier is unique to your BeyondTrust Workload Credentials instance. You can find your Site ID in the BeyondTrust Workload Credentials admin console. Example: a1b2c3d4-e5f6-4890-abcd-ef1234567890 For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api

retrySettings object

RetrySettings configures exponential backoff for failed API requests. If not specified, uses the default retry settings.

maxRetries integer

format: int32

retryInterval string

No matches. Try .spec.controller for an exact path