ngrok
ngrok
External Secrets Operator integrates with ngrok to sync Kubernetes secrets with ngrok Secrets for Traffic Policy. Currently, only pushing secrets is supported.
Configuring ngrok Provider
Verify that ngrok
provider is listed in the Kind=SecretStore
. The properties vault
and auth
are required. The apiURL
is optional and defaults to https://api.ngrok.com
.
apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
name: ngrok
spec:
provider:
ngrok:
# apiURL: Default "https://api.ngrok.com", for enterprise ngrok instances uncomment and use your API URL.
auth:
apiKey:
secretRef:
name: ngrok-credentials
key: api-key
vault:
name: my-vault # Name of the ngrok vault to use for storing secrets
Pushing secrets to ngrok
To sync a Kubernetes secret with an external ngrok secret we need to create a PushSecret, this means a Kind=PushSecret
is needed.
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: ngrok-push-secret-example
spec:
deletionPolicy: Delete
refreshInterval: 10m # Refresh interval for which push secret will reconcile
secretStoreRefs: # A list of secret stores to push secrets to
- name: ngrok # Must match SecretStore on the cluster
kind: SecretStore
selector:
secret:
name: SECRET_NAME # Source Kubernetes secret to be pushed
data:
- match:
# The key in the Kubernetes secret to push. Leave empty to push all keys, JSON encoded.
# secretKey: ""
secretKey: MY_K8S_SECRET_KEY
remoteRef:
remoteKey: MY_NGROK_SECRET_NAME # The name of the secret in the ngrok vault:
PushSecret Metadata
Additionally, you can control the description and metadata of the secret in ngrok like so:
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: ngrok-push-secret-example
spec:
deletionPolicy: Delete
refreshInterval: 10m # Refresh interval for which push secret will reconcile
secretStoreRefs: # A list of secret stores to push secrets to
- name: ngrok # Must match SecretStore on the cluster
kind: SecretStore
selector:
secret:
name: SECRET_NAME # Source Kubernetes secret to be pushed
data:
- match:
# The key in the Kubernetes secret to push. Leave empty to push all keys, JSON encoded.
# secretKey: ""
secretKey: MY_K8S_SECRET_KEY
remoteRef:
remoteKey: MY_NGROK_SECRET_NAME # The name of the secret in the ngrok vault
metadata:
apiVersion: kubernetes.external-secrets.io/v1alpha1
kind: PushSecretMetadata
spec:
# See https://ngrok.com/docs/api/resources/secrets/#parameters
# We currently support customizing the description and metadata for the secret.
description: "This is a secret for the API credentials"
# Metadata for the secret in the ngrok vault. This will be merged with auto-generated metadata.
metadata:
environment: production
team: devops