Interact with the External Secrets Operator API in Tanzu Application Platform (commonly known as TAP). Create and view External Secrets Operator resources on a Kubernetes cluster. For more information, see the TAP documentation.
To access this command group, you must install the Tanzu CLI by following the instructions in Install the Tanzu CLI in the Tanzu Application Platform documentation.
CLI plugin: external-secrets | Target: Kubernetes | Primarily used for: App development | Release Notes
tanzu kubernetes external-secrets [command]
external-secrets, es, eso
cluster-stores Interacting with external-secrets.io ClusterStores
secrets Interacting with external-secrets.io secrets
stores Interacting with external-secrets.io stores
List external secrets cluster stores.
tanzu kubernetes external-secrets cluster-stores [command]
create
get
list Lists all external-secrets.io/v1beta1/Secrets
-h, --help help for cluster-stores
Creates a cluster-store external-secrets.io/v1beta1/ClusterSecretStore resource.
external-secrets cluster-stores create [flags]
To create a ClusterStore resource from a YAML or JSON file, run:
tanzu external-secrets cluster-stores create --filename my-file.yaml
To create a ClusterStore resource from YAML or JSON using stdin, run:
cat <<EOF | tanzu external-secrets cluster-stores create -f -
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
...
EOF
-f, --filepath string Yaml/Json file to create cluster store secret via external-secrets operator
-h, --help help for create
--kubeconfig string The path to the kubeconfig file, optional
--verbose int32 Number for the log level verbosity(0-9)
-y, --yes accept all prompts
Gets a specific external-secrets.io/v1beta1/ClusterSecretStore resource.
external-secrets cluster-stores get [flags]
To get a cluster-store, run:
tanzu external-secrets cluster-stores get $CLUSTER_STORE_NAME
To get a cluster-store in JSON output format, run:
tanzu external-secrets cluster-stores get $CLUSTER_STORE_NAME -o json
-h, --help help for get
--kubeconfig string The path to the kubeconfig file, optional
-o, --output string Output format (yaml|json|table), optional
--verbose int32 Number for the log level verbosity(0-9)
Lists all external-secrets.io/v1beta1/ClusterStores.
external-secrets cluster-stores list [flags]
To list all external secrets cluster stores, run:
tanzu external-secrets cluster-stores list
To list all external secrets cluster stores in JSON output format, run:
tanzu external-secrets cluster-stores list -o json
-h, --help help for list
--kubeconfig string The path to the kubeconfig file, optional
-o, --output string Output format (yaml|json|table), optional
--verbose int32 Number for the log level verbosity(0-9)
Interacts with external-secrets.io resources.
tanzu kubernetes external-secrets secrets [command]
secrets, secret, secrets
create Create external-secret external-secrets.io/v1beta1/ExternalSecret
list Lists all external-secrets.io/v1beta1/Secrets
sync Sync a secret
-h, --help help for secrets
Creates external-secret external-secrets.io/v1beta1/ExternalSecret.
tanzu kubernetes external-secrets secrets create [flags]
Create ExternalSecret resource from yaml/json file
tanzu external-secrets secret create --filename <file.yaml>
Create ExternalSecret resource from yaml/json stdin
cat <<EOF | tanzu external-secrets secret create -f -
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
...
EOF
-f, --filepath string Yaml/Json file to create secret via external-secrets operator
-h, --help help for create
--kubeconfig string The path to the kubeconfig file, optional
-n, --namespace string Target namespace for the external secret, optional
--verbose int32 Number for the log level verbosity(0-9)
-y, --yes accept all prompts
Lists all external-secrets.io/v1beta1/ExternalSecret and checks for the associated v1/Secret with the correct owner reference.
tanzu kubernetes external-secrets secrets list [flags]
# List external-secrets across all namespaces
tanzu external-secrets list -A
# List external-secrets from specified namespace
tanzu external-secrets secrets list -n test-ns
# List external-secrets in json output format
tanzu external-secrets secret list -n test-ns -o json
-A, --all-namespaces View secrets in all namespaces, optional
-h, --help help for list
--kubeconfig string The path to the kubeconfig file, optional
-n, --namespace string Target namespace for the external secret, optional
-o, --output string Output format (yaml|json|table), optional
--verbose int32 Number for the log level verbosity(0-9)
Forces the synchronization of an external-secrets.io/v1beta1 secret.
tanzu kubernetes external-secrets secrets sync [flags]
sync, synchronise, synchronize
# Trigger the sync of an external secret
tanzu external-secrets secrets sync <secret>
# Trigger the sync of an external secret in a namespace
tanzu external-secrets secrets sync <secret> -n dev
-h, --help help for sync
--kubeconfig string The path to the kubeconfig file, optional
-n, --namespace string Target namespace for the external secret, optional
--verbose int32 Number for the log level verbosity(0-9)
Lists external secrets stores.
tanzu kubernetes external-secrets stores [command]
stores, stores, store
create Create secret store external-secrets.io/v1beta1/SecretStore
list Lists all external-secrets.io/v1beta1/Secrets
-h, --help help for stores
Create secret store external-secrets.io/v1beta1/SecretStore.
tanzu kubernetes external-secrets stores create [flags]
Create SecretStore resource from yaml/json file
tanzu external-secrets stores create --filename <file.yaml>
Create SecretStore resource from yaml/json stdin
cat <<EOF | tanzu external-secrets stores create -f -
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
...
EOF
-f, --filepath string Yaml/Json file to create secret store via external-secrets operator
-h, --help help for create
--kubeconfig string The path to the kubeconfig file, optional
-n, --namespace string Target namespace for the secret store, optional
--verbose int32 Number for the log level verbosity(0-9)
-y, --yes accept all prompts
Lists all external-secrets.io/v1beta1/ExternalSecret and checks for the associated v1/Secret with the correct owner reference.
tanzu kubernetes external-secrets stores list [flags]
# List all external secrets stores
tanzu external-secrets stores list -A
# List external secrets stores in specified namespace
tanzu external-secrets stores list -n test-ns
# List all external secrets stores in json output format
tanzu external-secrets stores list -n test-ns -o json
-A, --all-namespaces View secrets in all namespaces, optional
-h, --help help for list
--kubeconfig string The path to the kubeconfig file, optional
-n, --namespace string Target namespace for the external secret, optional
-o, --output string Output format (yaml|json|table), optional
--verbose int32 Number for the log level verbosity(0-9)