Skip to content

external-secrets values.yaml📜

domain📜

Type: string

Default value
"bigbang.dev"

namespaceOverride📜

Type: string

Default value
"external-secrets"

rbac.create📜

Type: bool

Default value
true

rbac.servicebindings.create📜

Type: bool

Default value
true

rbac.aggregateToView📜

Type: bool

Default value
true

rbac.aggregateToEdit📜

Type: bool

Default value
true

serviceAccount.create📜

Type: bool

Default value
true

Description: Specifies whether a service account should be created.

serviceAccount.automount📜

Type: bool

Default value
true

Description: Automounts the service account token in all containers of the pod

serviceAccount.annotations📜

Type: object

Default value
{}

Description: Annotations to add to the service account.

serviceAccount.extraLabels📜

Type: object

Default value
{}

Description: Extra Labels to add to the service account.

serviceAccount.name📜

Type: string

Default value
""

Description: The name of the service account to use. If not set and create is true, a name is generated using the fullname template.

scopedNamespace📜

Type: string

Default value
""

scopedRBAC📜

Type: bool

Default value
false

istio.enabled📜

Type: bool

Default value
false

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

istio.injection📜

Type: string

Default value
"disabled"

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.ingressLabels.app📜

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

bbtests.enabled📜

Type: bool

Default value
false

bbtests.namespace📜

Type: string

Default value
"external-secrets"

bbtests.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base:2.1.0"

bbtests.secretstore.name📜

Type: string

Default value
"external-secrets-test-store"

bbtests.serviceaccount.name📜

Type: string

Default value
"external-secrets-script-sa"

bbtests.secrets.testsecret.value📜

Type: string

Default value
"this is a magic value"

waitJob.enabled📜

Type: bool

Default value
true

waitJob.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.32.7"

waitJob.permissions.apiGroups[0]📜

Type: string

Default value
"external-secrets.io"

waitJob.permissions.apiGroups[1]📜

Type: string

Default value
"generators.external-secrets.io"

waitJob.permissions.apiGroups[2]📜

Type: string

Default value
""

waitJob.permissions.resources[0]📜

Type: string

Default value
"acraccesstokens"

waitJob.permissions.resources[1]📜

Type: string

Default value
"clusterexternalsecrets"

waitJob.permissions.resources[2]📜

Type: string

Default value
"clustersecretstores"

waitJob.permissions.resources[3]📜

Type: string

Default value
"ecrauthorizationtokens"

waitJob.permissions.resources[4]📜

Type: string

Default value
"externalsecrets"

waitJob.permissions.resources[5]📜

Type: string

Default value
"fakes"

waitJob.permissions.resources[6]📜

Type: string

Default value
"gcraccesstokens"

waitJob.permissions.resources[7]📜

Type: string

Default value
"githubaccesstokens"

waitJob.permissions.resources[8]📜

Type: string

Default value
"passwords"

waitJob.permissions.resources[9]📜

Type: string

Default value
"pushsecrets"

waitJob.permissions.resources[10]📜

Type: string

Default value
"secretstores"

waitJob.permissions.resources[11]📜

Type: string

Default value
"vaultdynamicsecrets"

waitJob.permissions.resources[12]📜

Type: string

Default value
"webhooks"

waitJob.permissions.resources[13]📜

Type: string

Default value
"secrets"

waitJob.permissions.verbs[0]📜

Type: string

Default value
"create"

waitJob.permissions.verbs[1]📜

Type: string

Default value
"delete"

waitJob.permissions.verbs[2]📜

Type: string

Default value
"get"

waitJob.permissions.verbs[3]📜

Type: string

Default value
"list"

waitJob.permissions.verbs[4]📜

Type: string

Default value
"watch"

env.EXTERNAL_SECRETS_NAMESPACE📜

Type: string

Default value
"external-secrets"

clusterSecretStoreConfiguration.enabled📜

Type: bool

Default value
false

clusterSecretStoreConfiguration.clusterSecretStoreList[0].name📜

Type: string

Default value
""

clusterSecretStoreConfiguration.clusterSecretStoreList[0].namespace📜

Type: string

Default value
""

clusterSecretStoreConfiguration.clusterSecretStoreList[0].labels📜

Type: string

Default value
""

clusterSecretStoreConfiguration.clusterSecretStoreList[0].annotations📜

Type: string

Default value
""

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source📜

Type: object

Default value
auth:
  accessKeyID: ''
  accessKeyName: ''
  authType: ''
  secretAccessKey: ''
provider: aws
region: us-gov-west-1
service: SecretsManager

Description: define types of authentication: ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.provider📜

Type: string

Default value
"aws"

Description: AWS secrets manager only - other services can be added later ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.service📜

Type: string

Default value
"SecretsManager"

Description: Specify type of service, i.e., SecretsManager (default) ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.region📜

Type: string

Default value
"us-gov-west-1"

Description: Specify AWS region, i.e. us-gov-west-1 (default) ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.auth.authType📜

Type: string

Default value
""

Description: Specify authType is required: identity, accesskey or serviceaccount ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.auth.accessKeyName📜

Type: string

Default value
""

Description: Name of the accessKeyID and secretAccessKey pair ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.auth.accessKeyID📜

Type: string

Default value
""

Description: Specify AWS Access Key ID file ##

clusterSecretStoreConfiguration.clusterSecretStoreList[0].source.auth.secretAccessKey📜

Type: string

Default value
""

Description: Specify AWS Secret Access Key file ##

externalSecretsConfiguration.enabled📜

Type: bool

Default value
false

externalSecretsConfiguration.secretList[0].name📜

Type: string

Default value
""

externalSecretsConfiguration.secretList[0].namespace📜

Type: string

Default value
""

externalSecretsConfiguration.secretList[0].refreshInterval📜

Type: string

Default value
"1m"

externalSecretsConfiguration.secretList[0].secrets.targetName📜

Type: string

Default value
""

externalSecretsConfiguration.secretList[0].secrets.targetPolicy📜

Type: string

Default value
"Owner"

Description: target.creationPolicy default is Owner

externalSecretsConfiguration.secretList[0].secrets.secretKeyName📜

Type: object

Default value
key: ''
metadataPolicy: ''
property: ''
version: ''

Description: This name allows reference by other objects.

externalSecretsConfiguration.secretList[0].secrets.secretKeyName.key📜

Type: string

Default value
""

Description: Specify key here

externalSecretsConfiguration.secretList[0].secrets.secretKeyName.version📜

Type: string

Default value
""

Description: Key version

externalSecretsConfiguration.secretList[0].secrets.secretKeyName.property📜

Type: string

Default value
""

Description: Specify the property of the secret, i.e. username, password

externalSecretsConfiguration.secretList[0].secrets.secretKeyName.metadataPolicy📜

Type: string

Default value
""

Description: Optional” metadataPolicy for ExternalSecret, i.e. Fetch

upstream.nameOverride📜

Type: string

Default value
"external-secrets"

upstream.fullnameOverride📜

Type: string

Default value
"external-secrets"

upstream.installCRDs📜

Type: bool

Default value
false

upstream.deploymentAnnotations📜

Type: object

Default value
{}

upstream.webhook.create📜

Type: bool

Default value
false

upstream.rbac.create📜

Type: bool

Default value
false

upstream.certController.create📜

Type: bool

Default value
false

upstream.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.securityContext.enabled📜

Type: bool

Default value
true

upstream.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.securityContext.runAsGroup📜

Type: int

Default value
1000

upstream.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

upstream.resources.requests.memory📜

Type: string

Default value
"256Mi"

upstream.resources.requests.cpu📜

Type: string

Default value
"100m"

upstream.resources.limits.cpu📜

Type: string

Default value
"100m"

upstream.resources.limits.memory📜

Type: string

Default value
"256Mi"

upstream.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/external-secrets/external-secrets"

upstream.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.image.tag📜

Type: string

Default value
"v0.19.0"

Description: The image tag to use. The default is the chart appVersion.

upstream.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"