Webhook
The Webhook generator is very similar to SecretStore generator, and provides a way to use external systems to generate sensitive information.
Output Keys and Values
Webhook calls are expected to produce valid JSON objects. All keys within that JSON object will be exported as keys to the kubernetes Secret.
Example Manifest
apiVersion: generators.external-secrets.io/v1alpha1
kind: Webhook
metadata:
name: webhook
spec:
url: "http://httpbin.org/get?parameter={{ .auth.param }}"
result:
jsonPath: "$.args"
headers:
Content-Type: application/json
Authorization: Basic {{ print .auth.username ":" .auth.password | b64enc }}
secrets:
- name: auth
secretRef:
name: webhook-credentials
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-credentials
labels:
external-secrets.io/type: webhook #Needed to allow webhook to use this secret
data:
username: dGVzdA== # "test"
password: dGVzdA== # "test"
param: dGVzdA== # "test"
Example ExternalSecret
that references the Webhook generator using an internal Secret
:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "webhook"
spec:
refreshInterval: "30m"
target:
name: webhook-secret
dataFrom:
- sourceRef:
generatorRef:
apiVersion: generators.external-secrets.io/v1alpha1
kind: Webhook
name: "webhook"
This will generate a kubernetes secret with the following values:
parameter: test