Identifying Secrets

You can identify the secrets using either the secret ID or the secret name. If you use a secret name as your remoteRef.key, the name field must not contain spaces or control characters. If the system finds multiple secrets, it will return only the first one.

Retrieving a specific version of a secret is not yet supported.

All Secret Templates containing a slug name are now supported, simplifying the secure storage and retrieval of secrets within Kubernetes.

All Secret Server secrets are JSON objects. Therefore, you must specify the remoteRef.property in your ExternalSecret configuration. You can access nested values or arrays using this gjson syntax.

The example below shows the parameters of the remoteRef.property.

Copy

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
    name: secret-server-external-secret
spec:
    refreshInterval: 15s
    secretStoreRef:
        kind: SecretStore
        name: secret-server-store
    data:
      - secretKey: SecretServerValue #<SECRET_VALUE_RETURNED_HERE>
        remoteRef:
          key: "52622" #<SECRET_ID>
          property: "<slug-name>" #<GJSON_PROPERTY> * an empty property will return the entire secret