Skip to content

Webhook

The Webhook generator is very similar to SecretStore generator, and provides a way to use external systems to generate sensitive information.

Output Keys and Values

Webhook calls are expected to produce valid JSON objects. All keys within that JSON object will be exported as keys to the kubernetes Secret.

Example Manifest

apiVersion: generators.external-secrets.io/v1alpha1
kind: Webhook
metadata:
  name: webhook
spec:
  url: "http://httpbin.org/get?parameter={{ .auth.param }}"
  result:
    jsonPath: "$.args"
  headers:
    Content-Type: application/json
    Authorization: Basic {{ print .auth.username ":" .auth.password | b64enc }}
  secrets:
  - name: auth
    secretRef:
      name: webhook-credentials
---
apiVersion: v1
kind: Secret
metadata:
  name: webhook-credentials
  labels:
    external-secrets.io/type: webhook #Needed to allow webhook to use this secret
data:
  username: dGVzdA== # "test"
  password: dGVzdA== # "test"
  param: dGVzdA== # "test"

Example ExternalSecret that references the Webhook generator using an internal Secret:

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "webhook"
spec:
  refreshInterval: "30m"
  target:
    name: webhook-secret
  dataFrom:
  - sourceRef:
      generatorRef:
        apiVersion: generators.external-secrets.io/v1alpha1
        kind: Webhook
        name: "webhook"

This will generate a kubernetes secret with the following values:

parameter: test