CLI
The table below describes the list of actions that can be performed on Secret Provider Classes using the RCTL CLI Utility.
| Resource | Create | Get | Update | Delete |
|---|---|---|---|---|
| Secret Store | YES | YES | YES | YES |
A declarative approach (YAML files) to lifecycle management of Secret Manager is strongly recommended that are version controlled in your Git repository.
Step 1: Add CSI Driver through Blueprint¶
An illustrative example of the blueprint spec YAML file to add CSI driver as Managed System add-ons with customization options
apiVersion: infra.k8smgmt.io/v3
kind: Blueprint
metadata:
name: after-upg
project: defaultproject
spec:
base:
name: minimal
version: 1.16.0
defaultAddons:
csiSecretStoreConfig:
enableSecretRotation: true
providers:
aws: true
rotationPollInterval: 4m
syncSecrets: true
enableCsiSecretStore: true
enableIngress: true
enableLogging: false
enableMonitoring: true
enableVM: false
drift:
enabled: false
opaPolicy: {}
placement: {}
sharing:
enabled: false
version: new-one-with
Use the below command to create the Blueprint
./rctl create blueprint <blueprint-name>
Step 2: Secret Provider Class¶
Create Secret Provider Class¶
Once the CSI Driver is successfully added through the blueprint, use the below command to create a secret provider class for AWS and this creates secret provider class in both UI and Git Repo
./rctl create secretproviderclass -f <file.yaml>
An illustrative example of the secret store spec YAML file is shown below
apiVersion: integrations.k8smgmt.io/v3
kind: SecretProviderClass
metadata:
name: test
project: defaultproject
spec:
parameters:
objects: |
- jmesPath:
- objectAlias: apiq
path: apiq
objectName: testq
objectType: secretsmanager
provider: AWS
secretObject:
- data:
- key: key1
objectName: name1
secretName: secret-name
type: Opaque
sharing:
enabled: true
projects:
- name: demo-proj
Update Secret Provider Class¶
Use the below command to update the changes performed in the secret provider class yaml file and this update gets reflected in both UI and Git Repo
./rctl update secretproviderclass -f <file_name.yaml>
List Secret Provider Classes¶
Use the below command to get the list of secret provider classes and its details
./rctl get spc
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| SECRETPROVIDERCLASS NAME | PROVIDER | ARTIFACT TYPE | ARTIFACT FILES | REPOSITORY |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| two | AWS | Yaml | paths:{name:"file://artifacts/two/aws-sample.yaml"} | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-secret | AWS | | | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| demo-secret-wizard | AWS | | | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-dtho | AWS | Yaml | paths:{name:"file://artifacts/test-dtho/aws-sample.yaml"} | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-spc | AWS | | | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| new-spc-yaml | AWS | Yaml | paths:{name:"file://artifacts/new-spc-yaml/provider-class-new-spc-wizard.yml"} | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
To view a specific secret provider class details, use the below command
./rctl get spc spc-yaml-demo
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
| SECRETPROVIDERCLASS NAME | PROVIDER | ARTIFACT TYPE | ARTIFACT FILES | REPOSITORY |
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
| spc-yaml-demo | AWS | Yaml | paths:{name:"file://artifacts/spc-yaml-demo/provider-class-new-spc-wizard.yml"} | |
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
Delete Secret Provider Class¶
Use the below command to delete a secret store
./rctl delete secretproviderclass <spc_name>
(or)
./rctl delete secretproviderclass -f <filename.yaml>