apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: externalsecrets.kubernetes-client.io spec: group: kubernetes-client.io version: v1 scope: Namespaced names: shortNames: - es kind: ExternalSecret plural: externalsecrets singular: externalsecret additionalPrinterColumns: - JSONPath: .status.lastSync name: Last Sync type: date - JSONPath: .status.status name: status type: string - JSONPath: .metadata.creationTimestamp name: Age type: date validation: openAPIV3Schema: properties: spec: type: object properties: template: description: Template which will be deep merged without mutating any existing fields. into generated secret, can be used to set for example annotations or type on the generated secret type: object backendType: type: string enum: - secretsManager - systemManager - vault - azureKeyVault - gcpSecretsManager vaultRole: type: string vaultMountPoint: type: string keyVaultName: type: string key: type: string dataFrom: type: array items: type: string data: type: array items: type: object properties: key: description: Secret key in backend type: string name: description: Name set for this key in the generated secret type: string property: description: Property to extract if secret in backend is a JSON object isBinary: description: >- You must set this to true if configuring an item for a binary file stored in Azure KeyVault. Azure automatically base64 encodes binary files and setting this to true ensures External Secrets does not base64 encode the base64 encoded binary files. type: boolean required: - name - key roleArn: type: string oneOf: - properties: backendType: enum: - secretsManager - systemManager - properties: backendType: enum: - vault required: - vaultRole - vaultMountPoint - properties: backendType: enum: - azureKeyVault required: - keyVaultName - properties: backendType: enum: - gcpSecretsManager anyOf: - required: - data - required: - dataFrom subresources: status: {}