Skip to content

CLI

The table below describes the list of actions that can be performed on Secret Provider Classes using the RCTL CLI Utility.

Resource Create Get Update Delete
Secret Store YES YES YES YES

A declarative approach (YAML files) to lifecycle management of Secret Manager is strongly recommended that are version controlled in your Git repository.

Step 1: Add CSI Driver through Blueprint

An illustrative example of the blueprint spec YAML file to add CSI driver as Managed System add-ons with customization options

apiVersion: infra.k8smgmt.io/v3
kind: Blueprint
metadata:
  name: after-upg
  project: defaultproject
spec:
  base:
    name: minimal
    version: 1.16.0
  defaultAddons:
    csiSecretStoreConfig:
      enableSecretRotation: true
      providers:
        aws: true
      rotationPollInterval: 4m
      syncSecrets: true
    enableCsiSecretStore: true
    enableIngress: true
    enableLogging: false
    enableMonitoring: true
    enableVM: false
  drift:
    enabled: false
  opaPolicy: {}
  placement: {}
  sharing:
    enabled: false
  version: new-one-with

Use the below command to create the Blueprint

./rctl create blueprint <blueprint-name>

Step 2: Secret Provider Class

Create Secret Provider Class

Once the CSI Driver is successfully added through the blueprint, use the below command to create a secret provider class for AWS and this creates secret provider class in both UI and Git Repo

./rctl create secretproviderclass -f <file.yaml>

An illustrative example of the secret store spec YAML file is shown below

apiVersion: integrations.k8smgmt.io/v3
kind: SecretProviderClass
metadata:
  name: test
  project: defaultproject
spec:
  parameters:
    objects: |
      - jmesPath:
        - objectAlias: apiq
          path: apiq
        objectName: testq
        objectType: secretsmanager
  provider: AWS
  secretObject:
  - data:
    - key: key1
      objectName: name1
    secretName: secret-name
    type: Opaque

Update Secret Provider Class

Use the below command to update the changes performed in the secret provider class yaml file and this update gets reflected in both UI and Git Repo

./rctl update secretproviderclass -f <file_name.yaml>

List Secret Provider Classes

Use the below command to get the list of secret provider classes and its details

./rctl get spc
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| SECRETPROVIDERCLASS NAME | PROVIDER | ARTIFACT TYPE | ARTIFACT FILES                                                                                 | REPOSITORY    |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| two                      | AWS      | Yaml          | paths:{name:"file://artifacts/two/aws-sample.yaml"}                                            |               |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-secret        | AWS      |               |                                                                                                      |               |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| demo-secret-wizard    | AWS      |               |                                                                                                   |               |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-dtho                | AWS      | Yaml          | paths:{name:"file://artifacts/test-dtho/aws-sample.yaml"}                                      |               |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-spc                 | AWS      |               |                                                                                                |               |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| new-spc-yaml             | AWS      | Yaml          | paths:{name:"file://artifacts/new-spc-yaml/provider-class-new-spc-wizard.yml"}                 |               |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+

To view a specific secret provider class details, use the below command

./rctl get spc spc-yaml-demo
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
| SECRETPROVIDERCLASS NAME | PROVIDER | ARTIFACT TYPE | ARTIFACT FILES                                                                             | REPOSITORY |
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
| spc-yaml-demo  | AWS      | Yaml    | paths:{name:"file://artifacts/spc-yaml-demo/provider-class-new-spc-wizard.yml"}                            |            |
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+

Delete Secret Provider Class

Use the below command to delete a secret store

./rctl delete secretproviderclass <spc_name>

(or)

./rctl delete secretproviderclass -f <filename.yaml>