← Back to index Esc
Kind
BeyondtrustWorkloadCredentialsDynamicSecret
Group
generators.external-secrets.io
Version
v1alpha1
apiVersion: generators.external-secrets.io/v1alpha1 kind: BeyondtrustWorkloadCredentialsDynamicSecret metadata: name: example
Tip: use .spec.controller for path-only search
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
BeyondtrustWorkloadCredentialsDynamicSecretSpec defines the desired spec for BeyondtrustWorkloadCredentials dynamic generator. This generator enables obtaining temporary, short-lived credentials from BeyondTrust Workload Credentials. For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
controller string
Controller selects the controller that should handle this generator. Leave empty to use the default controller.
provider object required
Provider contains the BeyondtrustWorkloadCredentials provider configuration including authentication, server connection details, and the folder path to the dynamic secret definition. The folderPath should point to a dynamic secret definition that has been created in BeyondTrust Workload Credentials (e.g., "production/aws-temp"). For setup details, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
auth object required
Auth configures how the Operator authenticates with the BeyondTrust Workload Credentials API. Currently supports API key authentication via Kubernetes secret reference. For authentication setup, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#authentication
apikey object required
APIKey configures API token authentication for BeyondTrust Workload Credentials. The token is retrieved from a Kubernetes secret and used as a Bearer token for API requests.
token object required
Token references the Kubernetes secret containing the BeyondTrust Workload Credentials API token. The secret should contain the API key used to authenticate with BeyondTrust Workload Credentials. Create an API token in your BeyondTrust Workload Credentials console and store it in a Kubernetes secret. For details on creating API tokens, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#authentication
key string
A key in the referenced Secret. Some instances of this field may be defaulted, in others it may be required.
pattern: ^[-._a-zA-Z0-9]+$
minLength: 1
maxLength: 253
name string
The name of the Secret resource being referred to.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
namespace string
The namespace of the Secret resource being referred to. Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
caBundle string
CABundle is a base64-encoded CA certificate used to validate the BeyondTrust Workload Credentials API TLS certificate. Use this when your BeyondTrust instance uses a self-signed certificate or internal CA. If not set, the system's trusted root certificates are used.
format: byte
caProvider object
CAProvider points to a Secret or ConfigMap containing a PEM-encoded CA certificate. This is used to validate the BeyondTrust Workload Credentials API TLS certificate. Use this as an alternative to CABundle when you want to reference an existing Kubernetes resource.
key string
The key where the CA certificate can be found in the Secret or ConfigMap.
pattern: ^[-._a-zA-Z0-9]+$
minLength: 1
maxLength: 253
name string required
The name of the object located at the provider type.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
namespace string
The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
type string required
The type of provider to use such as "Secret", or "ConfigMap".
enum: Secret, ConfigMap
folderPath string
FolderPath specifies the default folder path for secret retrieval. Secrets will be fetched from this folder unless overridden in the ExternalSecret spec. Example: "production/database" or "dev/api-keys" Leave empty to retrieve secrets from the root folder. For folder organization, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#folders
server object required
Server configures the BeyondTrust Workload Credentials server connection details. Includes the API URL and Site ID for your BeyondTrust instance. For API reference, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
apiUrl string required
APIURL is the base URL of your BeyondTrust Workload Credentials API server. This should be the full URL to your BeyondTrust instance. Example: https://api.beyondtrust.io/siie For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#base-url
siteId string required
SiteID is your BeyondTrust Workload Credentials site identifier (UUID format). This identifier is unique to your BeyondTrust Workload Credentials instance. You can find your Site ID in the BeyondTrust Workload Credentials admin console. Example: a1b2c3d4-e5f6-4890-abcd-ef1234567890 For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
retrySettings object
RetrySettings configures exponential backoff for failed API requests. If not specified, uses the default retry settings.
maxRetries integer
format: int32
retryInterval string

No matches. Try .spec.controller for an exact path

Copied!