Secret is the Schema for the Secrets API
Type
CRD
Group
secretsmanager.aws.crossplane.io
Version
apiVersion: secretsmanager.aws.crossplane.io/v1beta1
kind: Secret
SecretSpec defines the desired state of Secret
SecretParameters defines the desired state of Secret
BinarySecretRef points to the Kubernetes Secret whose data will be encoded as binary data to AWS. If key parameter is given, only the value of that key will be used. Otherwise, all data in the Secret will be marshalled into JSON and sent to AWS. Either StringSecretRef or BinarySecretRef must be set, but not both.
KMSKeyIDRef is a reference to an kms/v1alpha1.Key used to set the KMSKeyID field.
Policies for referencing.
KMSKeyIDSelector selects references to kms/v1alpha1.Key used to set the KMSKeyID.
Policies for selection.
StringSecretRef points to the Kubernetes Secret whose data will be sent as string to AWS. If key parameter is given, only the value of that key will be used. Otherwise, all data in the Secret will be marshalled into JSON and sent to AWS. Either StringSecretRef or BinarySecretRef must be set, but not both.
A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:
[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an Access Denied error. For more information, see Control access to secrets using tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and Limit access to identities with tags that match secrets' tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
For information about how to format a JSON parameter for the various command line tool environments, see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
The following restrictions apply to tags:
Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
SecretStatus defines the observed state of Secret.
SecretObservation defines the observed state of Secret
A list of the replicas of this secret and their status:
Failed, which indicates that the replica was not created.
InProgress, which indicates that Secrets Manager is in the process of creating the replica.
InSync, which indicates that the replica was created.
Conditions of the resource.
example-secret
apiVersion: secretsmanager.aws.crossplane.io/v1beta1
kind: Secret
metadata:
name: example-secret
spec:
forProvider:
description: test
forceDeleteWithoutRecovery: true
region: us-east-1
stringSecretRef:
key: password
name: example-secret-manager
namespace: crossplane-system
tags:
- key: secret
value: secret
providerConfigRef:
name: example
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.