Caution

This provider is still in the experimental stage and may change in the future.

Kubectl Provider¶

Fetches values from Kubernetes using the kubectl command.

Source type: kubernetes:kubectl

Important

To use this provider, ensure that the kubectl command is installed and configured. Additionally, the user must have the required permissions to access the requested resources.

Configuration layout¶

toml

[[sources]]
type = "kubernetes:kubectl"
name = "kube"

[[secrets]]
name = "FOO"
source = "kube"
ref = "default/demo-secret"
key = "foo"

yaml

sources:
  - type: kubernetes:kubectl
    name: kube

secrets:
  - name: FOO
    source: kube
    ref: default/demo-secret
    key: foo

json

{
  "sources": [
    {
      "type": "kubernetes:kubectl",
      "name": "kube"
    }
  ],
  "secrets": [
    {
      "name": "FOO",
      "source": "kube",
      "ref": "default/demo-secret",
      "key": "foo"
    }
  ]
}

pyproject.toml

[[tool.secrets-env.sources]]
type = "kubernetes:kubectl"
name = "kube"

[[tool.secrets-env.secrets]]
name = "FOO"
source = "kube"
ref = "default/demo-secret"
key = "foo"

Source section¶

Tip

All source configuration are optional.

The provider will invoke the kubectl command and leverage the default configuration if not provided.

`bin`¶

Specifies the path to the kubectl binary. If not provided, the provider will search for it in the $PATH.

`config`¶

Defines the path to the kubeconfig file. If omitted, the default kubeconfig will be utilized. Alternatively, this can be configured using the KUBECONFIG environment variable.

`context`¶

Specifies the Kubernetes context to use. If not provided, the current context will be used.

Secrets section¶

The configurations within the secrets section determine the object and the field to be read.

Note

A field name followed by a bookmark icon () indicates that it is a required parameter.

`ref` ¶

Namespace and object name in the format of namespace/object-name.

`key` ¶

Key to read from the object.

`kind`¶

Specifies the kind of object to read. This field must be one of the following values, case-insensitive:

Secret (default): Read confidential values from a Secret object.
ConfigMap: Read value from a ConfigMap object.

Simplified layout¶

This provider accepts strings in the format namespace/secret-name#key as the simplified representation.

On using the simplified layout, the provider only reads the secrets.

toml simplified

[sources]
type = "kubernetes:kubectl"

[secrets]
USERNAME = "default/demo-secret#username"
PASSWORD = { ref = "default/demo-secret", key = "password" }

yaml simplified

source:
  type: kubernetes:kubectl

secrets:
  USERNAME: default/demo-secret#username
  PASSWORD:
    ref: default/demo-secret
    key: password

Kubectl Provider¶

Configuration layout¶

Source section¶

bin¶

config¶

context¶

Secrets section¶

ref ¶

key ¶

kind¶

Simplified layout¶

`bin`¶

`config`¶

`context`¶

`ref` ¶

`key` ¶

`kind`¶