Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: update features #710

Merged
merged 1 commit into from
Nov 5, 2021
Merged

docs: update features #710

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,17 @@
[![Go Report Card](https://goreportcard.com/badge/Azure/secrets-store-csi-driver-provider-azure)](https://goreportcard.com/report/Azure/secrets-store-csi-driver-provider-azure)
![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/Azure/secrets-store-csi-driver-provider-azure)

Azure Key Vault provider for [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
Azure Key Vault provider for [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.

## Features

- Mounts secrets/keys/certs on pod start using a CSI volume
- Mounts secrets/keys/certs to pod using a CSI Inline volume
- Supports mounting multiple secrets store objects as a single volume
- Supports pod identity to restrict access with specific identities
- Supports multiple secrets stores as providers. Multiple providers can run in the same cluster simultaneously.
- Supports pod portability with the SecretProviderClass CRD
- Supports windows containers (Kubernetes version v1.18+)
- Supports sync with Kubernetes Secrets (Secrets Store CSI Driver v0.0.10+)
- Supports multiple secrets stores providers in the same cluster.
- Supports Linux and Windows containers
- Supports sync with Kubernetes Secrets
- Supports auto rotation of secrets

## Demo

Expand Down
20 changes: 10 additions & 10 deletions website/content/en/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,23 @@ menu:
weight: 20
---

Azure Key Vault provider for [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
Azure Key Vault provider for [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.

## Project Status

| Azure Key Vault Provider | Compatible Kubernetes | `secrets-store.csi.x-k8s.io` Versions |
| ----------------------------------------------------------------------------------------- | --------------------- | ------------------------------------- |
| [v1.0.0](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.0.0) | 1.19+ | `v1`, `v1alpha1` |
| [v0.2.0](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v0.2.0) | 1.19+ | `v1alpha1` |
| Azure Key Vault Provider | Compatible Kubernetes | `secrets-store.csi.x-k8s.io` Versions |
| ---------------------------------------------------------------------------------------------- | --------------------- | ------------------------------------- |
| [v1.0.0](https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/v1.0.0) | 1.19+ | `v1`, `v1alpha1` |
| [v0.2.0](https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/v0.2.0) | 1.19+ | `v1alpha1` |

For Secrets Store CSI Driver project status and supported versions, check the doc [here](https://secrets-store-csi-driver.sigs.k8s.io/#project-status)

## Features

- Mounts secrets/keys/certs on pod start using a CSI volume
- Mounts secrets/keys/certs to pod using a CSI Inline volume
- Supports mounting multiple secrets store objects as a single volume
- Supports pod identity to restrict access with specific identities
- Supports multiple secrets stores as providers. Multiple providers can run in the same cluster simultaneously.
- Supports pod portability with the SecretProviderClass CRD
- Supports windows containers (Kubernetes version v1.18+)
- Supports sync with Kubernetes Secrets (Secrets Store CSI Driver v0.0.10+)
- Supports auto rotation of secrets (Secrets Store CSI Driver v0.0.16+)
- Supports Linux and Windows containers
- Supports sync with Kubernetes Secrets
- Supports auto rotation of secrets
2 changes: 1 addition & 1 deletion website/content/en/demos/standard-walkthrough/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ Create an Azure Keyvault instance:
Add a secret to your Keyvault:

```bash
az keyvault secret set --vault-name ${KEYVAULT_NAME} --name secret1 --value "Hello!"
az keyvault secret set --vault-name ${KEYVAULT_NAME} --name secret1 --value "Hello\!"
aramase marked this conversation as resolved.
Show resolved Hide resolved
```

### 3. Create an identity on Azure and set access policies
Expand Down
34 changes: 17 additions & 17 deletions website/content/en/getting-started/usage/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,23 +60,23 @@ To provide identity to access key vault, refer to the following [section](#provi

```

| Name | Required | Description | Default Value |
| ---------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| provider | yes | specify name of the provider | "" |
| usePodIdentity | no | set to true for using aad-pod-identity to access keyvault | "false" |
| useVMManagedIdentity | no | [__*available for version > 0.0.4*__] specify access mode to enable use of User-assigned managed identity | "false" |
| userAssignedIdentityID | no | [__*available for version > 0.0.4*__] the user assigned identity ID is required for User-assigned Managed Identity mode | "" |
| keyvaultName | yes | name of a Key Vault instance | "" |
| cloudName | no | [__*available for version > 0.0.4*__] name of the azure cloud based on azure go sdk (AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud, AzureStackCloud) | "" |
| cloudEnvFileName | no | [__*available for version > 0.0.7*__] path to the file to be used while populating the Azure Environment (required if target cloud is AzureStackCloud). More details [here](#other-azure-clouds). | "" |
| objects | yes | a string of arrays of strings | "" |
| objectName | yes | name of a Key Vault object | "" |
| objectAlias | no | [__*available for version > 0.0.4*__] specify the filename of the object when written to disk - defaults to objectName if not provided | "" |
| objectType | yes | type of a Key Vault object: secret, key or cert.<br>For Key Vault certificates, refer to [doc](../../configurations/getting-certs-and-keys) for the object type to use.</br> | "" |
| objectVersion | no | version of a Key Vault object, if not provided, will use latest | "" |
| objectFormat | no | [__*available for version > 0.0.7*__] the format of the Azure Key Vault object, supported types are pem and pfx. `objectFormat: pfx` is only supported with `objectType: secret` and PKCS12 or ECC certificates | "pem" |
| objectEncoding | no | [__*available for version > 0.0.8*__] the encoding of the Azure Key Vault secret object, supported types are `utf-8`, `hex` and `base64`. This option is supported only with `objectType: secret` | "utf-8" |
| tenantId | yes | tenant ID containing key vault instance | "" |
| Name | Required | Description | Default Value |
| ---------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| provider | yes | specify name of the provider | "" |
| usePodIdentity | no | set to true for using aad-pod-identity to access keyvault | "false" |
| useVMManagedIdentity | no | [__*available for version > 0.0.4*__] specify access mode to enable use of User-assigned managed identity | "false" |
| userAssignedIdentityID | no | [__*available for version > 0.0.4*__] the user assigned identity ID is required for User-assigned Managed Identity mode | "" |
| keyvaultName | yes | name of a Key Vault instance | "" |
| cloudName | no | [__*available for version > 0.0.4*__] name of the azure cloud based on azure go sdk (AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud, AzureStackCloud) | "" |
| cloudEnvFileName | no | [__*available for version > 0.0.7*__] path to the file to be used while populating the Azure Environment (required if target cloud is AzureStackCloud). More details [here](../../configurations/custom-environments). | "" |
| objects | yes | a string of arrays of strings | "" |
| objectName | yes | name of a Key Vault object | "" |
| objectAlias | no | [__*available for version > 0.0.4*__] specify the filename of the object when written to disk - defaults to objectName if not provided | "" |
| objectType | yes | type of a Key Vault object: secret, key or cert.<br>For Key Vault certificates, refer to [doc](../../configurations/getting-certs-and-keys) for the object type to use.</br> | "" |
| objectVersion | no | version of a Key Vault object, if not provided, will use latest | "" |
| objectFormat | no | [__*available for version > 0.0.7*__] the format of the Azure Key Vault object, supported types are pem and pfx. `objectFormat: pfx` is only supported with `objectType: secret` and PKCS12 or ECC certificates | "pem" |
| objectEncoding | no | [__*available for version > 0.0.8*__] the encoding of the Azure Key Vault secret object, supported types are `utf-8`, `hex` and `base64`. This option is supported only with `objectType: secret` | "utf-8" |
| tenantId | yes | tenant ID containing key vault instance | "" |

#### Provide Identity to Access Key Vault

Expand Down