CLI
Important
This is available as a beta feature.
The table below describes the list of actions that can be performed on Secret Provider Classes using the RCTL CLI Utility.
| Resource | Create | Get | Update | Delete |
|---|---|---|---|---|
| Secret Store | YES | YES | YES | YES |
A declarative approach (YAML files) to lifecycle management of Secret Manager is strongly recommended that are version controlled in your Git repository.
Step 1: Add CSI Driver through Blueprint¶
An illustrative example of the blueprint spec YAML file to add CSI driver as Managed System add-ons with customization options
apiVersion: infra.k8smgmt.io/v3
kind: Blueprint
metadata:
name: demo-bp-csiaws
project: defaultproject
spec:
base:
name: minimal
version: 1.13.0
defaultAddons:
csiSecretStoreConfig:
enableSecretRotation: true
providers:
aws: true
enableCsiSecretStore: true
enableIngress: false
enableLogging: false
enableMonitoring: false
enableVM: false
drift:
enabled: false
opaPolicy: {}
placement: {}
psp:
enabled: true
scope: Cluster
sharing:
enabled: false
version: v2
Use the below command to create the Blueprint
./rctl create blueprint <blueprint-name>
Step 2: Secret Provider Class¶
Create Secret Provider Class¶
Once the CSI Driver is successfully added through the blueprint, use the below command to create a secret provider class for AWS and this creates secret provider class in both UI and Git Repo
./rctl create secretproviderclass -f <file.yaml>
An illustrative example of the secret store spec YAML file is shown below
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
creationTimestamp: null
name: new-spc-yaml
spec:
parameters:
objects: |
- jmesPath:
- objectAlias: githubtoken
path: githubtoken
- objectAlias: key
path: key
objectName: demo/testsecret
objectType: secretsmanager
provider: aws
status: {}
Update Secret Provider Class¶
Use the below command to update the changes performed in the secret provider class yaml file and this update gets reflected in both UI and Git Repo
./rctl update secretproviderclass -f <file_name.yaml>
List Secret Provider Classes¶
Use the below command to get the list of secret provider classes and its details
./rctl get spc
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| SECRETPROVIDERCLASS NAME | PROVIDER | ARTIFACT TYPE | ARTIFACT FILES | REPOSITORY |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| two | AWS | Yaml | paths:{name:"file://artifacts/two/aws-sample.yaml"} | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-secret | AWS | | | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| demo-secret-wizard | AWS | | | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-dtho | AWS | Yaml | paths:{name:"file://artifacts/test-dtho/aws-sample.yaml"} | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| test-spc | AWS | | | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
| new-spc-yaml | AWS | Yaml | paths:{name:"file://artifacts/new-spc-yaml/provider-class-new-spc-wizard.yml"} | |
+--------------------------+----------+---------------+------------------------------------------------------------------------------------------------+---------------+
To view a specific secret provider class details, use the below command
./rctl get spc spc-yaml-demo
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
| SECRETPROVIDERCLASS NAME | PROVIDER | ARTIFACT TYPE | ARTIFACT FILES | REPOSITORY |
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
| spc-yaml-demo | AWS | Yaml | paths:{name:"file://artifacts/spc-yaml-demo/provider-class-new-spc-wizard.yml"} | |
+--------------------------+----------+---------------+--------------------------------------------------------------------------------------------+------------+
Delete Secret Provider Class¶
Use the below command to delete a secret store
./rctl delete secretproviderclass <spc_name>
(or)
./rctl delete secretproviderclass -f <filename.yaml>
Step 3: Create Secret Store¶
Use the below command to create a secret store to pull the secrets from AWS Secret Manager and this creates a secret store in both UI and Git Repo
./rctl create secretstore -f <filename.yaml>
Refer Secret Store for more operation details