SecretsStoreImport

Scope: Namespaced
Version: v1alpha1

Namespaced Kubernetes Custom resource for mapping between Vault-compatible storage and filename in container
  • spec
    object
    • spec.address
      string
      Address of Vault-compatible storage. If omitted value from ModuleConfig will be used.

      Pattern: ^https?://[.:0-9a-zA-Z-]+$

    • spec.audience
      string
      JWT audience
    • spec.authPath
      string
      Auth mount path in Vault-compatible storage. If omitted value from ModuleConfig will be used.

      Pattern: ^[-_.a-zA-Z0-9]+$

    • spec.caCert
      string
      Stronghold or Vault CA in PEM format. If omitted value from ModuleConfig will be used.

      Pattern: ^-----BEGIN CERTIFICATE----- (.+ ){5}

    • spec.files
      array of objects

      Required value

      • spec.files.name
        string
        Filename to create

        Pattern: ^[-_a-zA-Z0-9.]+$

      • spec.files.source
        object
        • spec.files.source.key
          string

          Required value

          Vault secretKey

          Pattern: ^[-a-zA-Z0-9_.]+$

        • spec.files.source.path
          string

          Required value

          Vault secretPath

          Pattern: ^[-a-zA-Z0-9_.\/]+$

    • spec.namespace
      string
      Namespace where secret is stored. If omitted value from ModuleConfig will be used.

      Pattern: ^[-_./a-zA-Z0-9]+$

    • spec.role
      string

      Required value

      Role in Vault-compatible storage

      Pattern: ^[-_\.a-zA-Z0-9]+$

    • spec.skipTLSVerify
      boolean
      Skip TLS verification
    • spec.type
      string

      Required value

      Only mode CSI supported

      Allowed values: CSI