All Keys, One Secret
To get multiple key-values from an external secret, not having to worry about how many, or what these keys are, we have to use the dataFrom field of the ExternalSecret resource, instead of the data field. We will give an example here with the gcp provider (should work with other providers in the same way).
Please follow the authentication and SecretStore steps of the Google Cloud Secrets Manager guide to setup access to your google cloud account first.
Then create a secret in Google Cloud Secret Manager that contains a JSON string with multiple key values like this:
Let's call this secret all-keys-example-secret on Google Cloud.
Creating dataFrom external secret
Now, when creating our ExternalSecret resource, instead of using the data field, we use the dataFrom field:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: example
spec:
refreshInterval: 1h # rate SecretManager pulls GCPSM
secretStoreRef:
kind: SecretStore
name: example # name of the SecretStore (or kind specified)
target:
name: secret-to-be-created # name of the k8s Secret to be created
creationPolicy: Owner
dataFrom:
- extract:
key: all-keys-example-secret # name of the GCPSM secret
To check both values we can run:
kubectl get secret secret-to-be-created -n <namespace> -o jsonpath='{.data.username}' | base64 -d
kubectl get secret secret-to-be-created -n <namespace> -o jsonpath='{.data.surname}' | base64 -d