Skip to content

Secret Groups

The following operations can be performed on secret groups managed by the controller in projects inside your organization.

Resource Create Get Update Delete
Secret Groups YES YES YES YES

Create Secret Groups

Use the below command to create a new Secret Groups in the current Project using the RCTL command

 ./rctl create secretgroup -f <secretgroup-file.yaml>

(or)

 ./rctl update secretgroup -f <secretgroup-file.yaml>

An illustrative example of the secret groups YAML file is given below

apiVersion: gitops.k8smgmt.io/v3
kind: SecretGroup
metadata:
  name: new-secret-group
  project: defaultproject
spec:
  secrets:
  - filePath: aws/credentials
    secret: aws-credential
  - filePath: oci/credentials
    secret: oci-credential

Infrastructure Provisioners YAML

To refer the secret group objects in Infrastructure Provisioners, an illustrative example YAML file is given below

apiVersion: gitops.k8smgmt.io/v3
kind: InfraProvisioner
metadata:
  name: aws-ip
  project: demo
spec:
  config:
    secretGroups:
    - aws-creds
    version: 0.14.9
  folder:
    name: cred_terraform
  repository: test
  revision: main
  type: Terraform

Pipeline YAML

To refer the Infrastructure Provisioners through Pipeline, an illustrative example of the pipeline YAML file is given below

apiVersion: gitops.k8smgmt.io/v3
kind: Pipeline
metadata:
  name: aws-pipeline
  project: demo
spec:
  active: true
  sharing:
    enabled: false
  stages:
  - config:
      action:
        action: Plan
        refresh: true
        secretGroups:
        - aws-creds
      agents:
      - name: demo
      provisioner: aws-ip
      type: Terraform
    name: plan-stage
    type: InfraProvisioner
  triggers:
  - config:
      repo:
        provider: Github
        repository: test
        revision: main
    name: my-trigger
    type: Webhook

Get Secret Group(s)

Use this command to retrieve a list of all secret groups

./rctl get sg

Example of the output:

+-------------------+
| SECRET GROUP NAME |
+-------------------+
| testsecret        |
+-------------------+
| sg-1              |
+-------------------+
| test1             |
+-------------------+
| demo-1            |
+-------------------+

Use this command to retrieve a specific secret group

./rctl get sg <secretgroup-name>

Example of the output:

+-------------------+
| SECRET GROUP NAME |
+-------------------+
| testsecret        |
+-------------------+

Delete Secret Group

Use the below command to delete a Secret Group in the configured project.

./rctl delete sg <secretgroup-name>