Skip to content

Onboardbase

Onboardbase External Secrets Provider

Onboardbase Secret Management

Sync secrets from Onboardbase to Kubernetes using the External Secrets Operator.

Authentication

Get an Onboardbase API Key.

Create the Onboardbase API by opening the organization tab under your account settings:

Onboardabse API Key

And view them under the team name in your Account settings

Onboardabse API Key

Create an Onboardbase API secret with your API Key and Passcode value:

HISTIGNORE='*kubectl*' \
  kubectl create secret generic onboardbase-auth-secret \
  --from-literal=API_KEY=*****VZYKYJNMMEMK***** \
  --from-literal=PASSCODE=api-key-passcode

Then to create a generic SecretStore:

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: onboardbase-external-secret-store
spec:
  provider:
    onboardbase:
      project: project-name # can be altered from here
      environment: development # can be altered from here
      auth:
        apiKey:
          name: onboardbase-auth-secret
          key: onboardbase-api-key 
        passcode:
          name: onboardbase-auth-secret
          key: onboardbase-passcode

Use Cases

The below operations are possible with the Onboardbase provider:

  1. Fetch
  2. Fetch all
  3. Filter

Let's explore each use case using a fictional auth-api Onboardbase project.

1. Fetch

To sync one or more individual secrets:

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: service-name-secrets
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: onboardbase-external-secret-store
    kind: SecretStore
  target:
    name: service-name-secrets
  data:
  - secretKey: DATABASE_URI
    remoteRef: 
      key: DATABASE_URI

2. Fetch all

To sync every secret from a config:

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: service-name-secrets
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: onboardbase-external-secret-store
    kind: SecretStore
  target:
    name: service-name-secrets
  dataFrom:
    - find:
        name:
          regexp: .*

3. Filter

To filter secrets by path (path prefix), name (regular expression) or a combination of both:

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: service-name-secrets
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: onboardbase-external-secret-store
    kind: SecretStore
  target:
    name: service-name-secrets
  dataFrom:
    - find:
        path: DATABASE_