Onboardbase
Onboardbase Secret Management
Sync secrets from Onboardbase to Kubernetes using the External Secrets Operator.
Authentication
Get an Onboardbase API Key.
Create the Onboardbase API by opening the organization tab under your account settings:
And view them under the team name in your Account settings
Create an Onboardbase API secret with your API Key and Passcode value:
HISTIGNORE='*kubectl*' \
kubectl create secret generic onboardbase-auth-secret \
--from-literal=API_KEY=*****VZYKYJNMMEMK***** \
--from-literal=PASSCODE=api-key-passcode
Then to create a generic SecretStore
:
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: onboardbase-external-secret-store
spec:
provider:
onboardbase:
project: project-name # can be altered from here
environment: development # can be altered from here
auth:
apiKey:
name: onboardbase-auth-secret
key: onboardbase-api-key
passcode:
name: onboardbase-auth-secret
key: onboardbase-passcode
Use Cases
The below operations are possible with the Onboardbase provider:
Let's explore each use case using a fictional auth-api
Onboardbase project.
1. Fetch
To sync one or more individual secrets:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: service-name-secrets
spec:
refreshInterval: 1h
secretStoreRef:
name: onboardbase-external-secret-store
kind: SecretStore
target:
name: service-name-secrets
data:
- secretKey: DATABASE_URI
remoteRef:
key: DATABASE_URI
2. Fetch all
To sync every secret from a config:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: service-name-secrets
spec:
refreshInterval: 1h
secretStoreRef:
name: onboardbase-external-secret-store
kind: SecretStore
target:
name: service-name-secrets
dataFrom:
- find:
name:
regexp: .*
3. Filter
To filter secrets by path
(path prefix), name
(regular expression) or a combination of both:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: service-name-secrets
spec:
refreshInterval: 1h
secretStoreRef:
name: onboardbase-external-secret-store
kind: SecretStore
target:
name: service-name-secrets
dataFrom:
- find:
path: DATABASE_