This module allows to configure an SecretStore resource for an ESO secret store with namespace scope, in the desired namespace and with the desired configurations.
For more information about SecretStore resource and about ESO please refer to the ESO documentation available here
This module supports SecretStore two authentication configurations to pull/push secrets with the configured Secrets Manager instance:
- apikey authentication
- trusted profile authentication
For more information about Trusted Profiles refer to the IBM Cloud documentation available here
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| helm | >= 2.8.0 |
| kubernetes | >= 2.16.1, <3.0.0 |
No modules.
| Name | Type |
|---|---|
| helm_release.external_secret_store_apikey | resource |
| helm_release.external_secret_store_tp | resource |
| kubernetes_secret.eso_secretsstore_secret | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| eso_authentication | Authentication method, Possible values are api_key or/and trusted_profile. | string |
"trusted_profile" |
no |
| region | Region where Secrets Manager is deployed. It will be used to build the regional URL to the service | string |
n/a | yes |
| service_endpoints | The service endpoint type to communicate with the provided secrets manager instance. Possible values are public or private. This also will set the iam endpoint for containerAuth when enabling Trusted Profile/CR based authentication. |
string |
"public" |
no |
| sstore_helm_rls_name | Name of helm release for external secret | string |
"external-secret-store" |
no |
| sstore_namespace | Namespace to create the SecretStore. The namespace must exist as it is not created by this module | string |
n/a | yes |
| sstore_secret_apikey | APIkey to be stored into sstore_secret_name to authenticate on Secrets Manager instance | string |
null |
no |
| sstore_secret_name | Secret name to be used/referenced in the ESO secretstore to pull from Secrets Manager | string |
"ibm-secret" |
no |
| sstore_secrets_manager_guid | Secrets manager instance GUID for secretstore where secrets will be stored or fetched from | string |
n/a | yes |
| sstore_store_name | Name of the SecretStore to create | string |
n/a | yes |
| sstore_trusted_profile_name | The name of the trusted profile to use for the secretstore. This allows ESO to use CRI based authentication to access secrets manager. The trusted profile must be created in advance | string |
null |
no |
| Name | Description |
|---|---|
| helm_release_secret_store | SecretStore helm release. Returning the helm release for trusted profile or apikey authentication according to the authentication type |