{ "description": "A StoreConfig configures how Crossplane controllers should store connection\ndetails in an external secret store.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "A StoreConfigSpec defines the desired state of a StoreConfig.", "properties": { "defaultScope": { "description": "DefaultScope used for scoping secrets for \"cluster-scoped\" resources.\nIf store type is \"Kubernetes\", this would mean the default namespace to\nstore connection secrets for cluster scoped resources.\nIn case of \"Vault\", this would be used as the default parent path.\nTypically, should be set as Crossplane installation namespace.", "type": "string" }, "kubernetes": { "description": "Kubernetes configures a Kubernetes secret store.\nIf the \"type\" is \"Kubernetes\" but no config provided, in cluster config\nwill be used.", "properties": { "auth": { "description": "Credentials used to connect to the Kubernetes API.", "properties": { "env": { "description": "Env is a reference to an environment variable that contains credentials\nthat must be used to connect to the provider.", "properties": { "name": { "description": "Name is the name of an environment variable.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "fs": { "description": "Fs is a reference to a filesystem location that contains credentials that\nmust be used to connect to the provider.", "properties": { "path": { "description": "Path is a filesystem path.", "type": "string" } }, "required": [ "path" ], "type": "object", "additionalProperties": false }, "secretRef": { "description": "A SecretRef is a reference to a secret key that contains the credentials\nthat must be used to connect to the provider.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "source": { "description": "Source of the credentials.", "enum": [ "None", "Secret", "Environment", "Filesystem" ], "type": "string" } }, "required": [ "source" ], "type": "object", "additionalProperties": false } }, "required": [ "auth" ], "type": "object", "additionalProperties": false }, "plugin": { "description": "Plugin configures External secret store as a plugin.", "properties": { "configRef": { "description": "ConfigRef contains store config reference info.", "properties": { "apiVersion": { "description": "APIVersion of the referenced config.", "type": "string" }, "kind": { "description": "Kind of the referenced config.", "type": "string" }, "name": { "description": "Name of the referenced config.", "type": "string" } }, "required": [ "apiVersion", "kind", "name" ], "type": "object", "additionalProperties": false }, "endpoint": { "description": "Endpoint is the endpoint of the gRPC server.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": { "default": "Kubernetes", "description": "Type configures which secret store to be used. Only the configuration\nblock for this store will be used and others will be ignored if provided.\nDefault is Kubernetes.", "enum": [ "Kubernetes", "Vault", "Plugin" ], "type": "string" } }, "required": [ "defaultScope" ], "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }