Verification

This topic provides steps to verify that the integration with Kubernetes ESO (External Secrets Operator) retrieves a secret from Secret Server or Secret Server on the Delinea Platform and injects the retrieved secret value into a Kubernetes Secret.

Retrieving a Secret

To retrieve a secret from Secret Server, run:

kubectl get externalsecret <ExternalConfiguration-name> -o yaml

<ExternalConfiguration-name> is the name of the ExternalSecret configuration (the value of the metadata.name field in the ExternalSecret configuration YAML file) that specifies the secret to fetch from Secret Server or from Secret Server on the Delinea Platform.

The returned secret value is injected into a Kubernetes Secret and is stored in data.SecretServerValue as a base-64 encoded string, for example:
Copy
```
apiVersion: v1
data: 
    SecretServerValue: <base64-encoded-value>
kind: Secret
metadata: 
    creationTimestamp: "2024-11-19T18:23:45Z" 
    name: SecretServerValue 
    namespace: default
type: Opaque
.
.
.
```
To decode the base-64 encoded value, run:

echo "<base64-encoded-value>" | base64 --decode | jq

For example, if the base-64 value in SecretServerValue is dGVzdC12YWx1ZQ==, run:

echo "dGVzdC12YWx1ZQ==" | base64 --decode

This returns the actual secret value (for example, test-value).

Retrieving the Secret Details

To retrieve the details of a secret from Secret Server or the Delinea Platform, run:

kubectl describe externalsecret <ExternalConfiguration-name>

<ExternalConfiguration-name> is the name of the ExternalSecret configuration (the value of the metadata.name field in the ExternalSecret configuration YAML file) that specifies the secret to fetch from Secret Server or from Secret Server on the Delinea Platform.