Skip to content

Scaleway

Scaleway Secret Manager

External Secrets Operator integrates with Scaleway's Secret Manager.

Creating a SecretStore

You need an api key (access key + secret key) to authenticate with the secret manager. Both access and secret keys can be specified either directly in the config, or by referencing a kubernetes secret.

apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
  name: secret-store
spec:
  provider:
    scaleway:
      region: <REGION>
      projectId: <PROJECT_UUID>
      accessKey:
        value: <ACCESS_KEY>
      secretKey:
        secretRef:
          name: <NAME_OF_KUBE_SECRET>
          key: <KEY_IN_KUBE_SECRET>

Referencing Secrets

Secrets can be referenced by name, id or path, using the prefixes "name:", "id:" and "path:" respectively.

A PushSecret resource can only use a name reference.

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
    name: secret
spec:
    refreshInterval: 1h
    secretStoreRef:
        kind: SecretStore
        name: secret-store
    data:
      - secretKey: <KEY_IN_KUBE_SECRET>
        remoteRef:
          key: id:<SECRET_UUID>
          version: latest_enabled

JSON Secret Values

Scaleway Secret Manager supports storing JSON objects as secrets. You can access values using gjson syntax:

Consider the following JSON object that is stored in a Scaleway secret:

{
  "first": "Tom", 
  "last": "Anderson"
}

This is an example on how you would look up keys in the above JSON object:

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: extract-data
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: SecretStore
    name: secret-store
  target:
    name: secret-data
    creationPolicy: Owner
  data:
  - secretKey: first_name
    remoteRef:
      key: id:<SECRET_UUID>
      property: first # Tom
  - secretKey: last_name
    remoteRef:
      key: id:<SECRET_UUID>
      property: last # Anderson