Linkedsecrets support "PLAIN" format and "JSON" format.
This format must use “=” to separate key/value. White spaces and white lines are allowed and will be skipped during payload parse. PLAIN secret creation can be done in Azure Console or using Azure CLI.
Example:
Create resource group:
az group create --name "kubernetes" --location "EastUS"
Create keyvault:
az keyvault create --name "lnsvault" --resource-group "kubernetes" --location "EastUS"
Create file [mysecret.txt] with PLAIN text:
username = admin
password=teste123
host = myhost01
Create a secret with file [mysecret.txt] :
az keyvault secret set --vault-name "lnsvault" --name "mysecret" --file "./mysecret.txt"
JSON secret creation can be done in Azure Console or using Azure CLI.
az group create --name "kubernetes" --location "EastUS"
Create keyvault:
az keyvault create --name "lnsvault" --resource-group "kubernetes" --location "EastUS"
Create file [mysecret.txt] with json text:
{
"username" : "admin",
"password" : "teste123",
"host" : "myhost01"
}
Create a secret with encoded file [mysecret.txt]:
az keyvault secret set --vault-name "lnsvault" --name "mysecret" --file "./mysecret.txt"
Follow bellow all spec fields supported by Linkedsecrets when using Azure Keyvault Secrets:
apiVersion: security.kubeideas.io/v1
kind: LinkedSecret
metadata:
name: <LINKEDSECRET-NAME>
spec:
rolloutRestartDeploy: <DEPLOYMENT-NAME>
keepSecretOnDelete: <true | false>
provider: Azure
providerSecretFormat: <JSON | PLAIN>
providerOptions:
keyvault: <AZURE-KEYVAULT-NAME>
secret: <AZURE-SECRET-NAME>
version: <AWZURE-SECRET-VERSION-ID>
secretName: <KUBERNETES-SECRET-NAME-CREATED-AND-MAINTAINED-BY-LINKEDSECRETS>
schedule: <"@every 10m" | ANY-OTHER-SYNCHRONIZATION-INTERVAL>
suspended: <true | false>
[IMPORTANT] Secret latest version will be used if field version is omitted.
Click Here and get them.