bakito
April 12, 2023, 6:53pm
1
Q1. What is the problem that you are trying to solve?
Q2 - Who is impacted?
Q3 - Why is it important and/or urgent?
Q4 - What is your proposed solution? (optional)
A solution is discussed also here: New provider integration for passbolt · Issue #2188 · external-secrets/external-secrets · GitHub
Q5. Community support
3 Likes
diego
April 13, 2023, 12:44pm
2
This is interesting we’ll dig into it to define the scope to make a PR in the external secrets repo!
1 Like
For PassBolt developers: there is an abandoned alpha of " passbolt-secret-controller", GitHub - thegrumpylion/passbolt-secrets: Kebernetes secrets from Passbolt , last updated 3 years ago.
Has there been any update on this? It would be a nice thing to have. I think the best way would be to implement a provider for passbolt in external-secrets
diego
February 5, 2024, 9:56am
5
Hey @tuxillo ,
We really want to get this project going but unfortunately we don’t have the bandwidth right now, we’ll keep you posted as soon as we start working on it.
upvoting totally would like to see this feature.
diego
April 17, 2024, 2:40pm
7
Hello!
Thank you all for your interest in this feature. I’m sad to say that It is unlikely that this integration gets implemented this year as our bandwitdth will be even more reduced as the year advances. However, I have bumped into this project that might be interesting to some of the community members GitHub - urbanmedia/passbolt-operator: A Kubernetes Operator that allows you to synchronize your Passbolt credentials with Kubernetes Secrets
I added some basic support for ExternalSecrets.
external-secrets:main ← thorbenbelow:main
opened 02:51PM - 03 Apr 24 UTC
## Problem Statement
Add basic provider implementation for [Passbolt](https:/… /www.passbolt.com/).
## Related Issue
Fixes:
- https://github.com/external-secrets/external-secrets/issues/3074
- https://github.com/external-secrets/external-secrets/issues/2188
## Proposed Changes
Added support for following APIs:
- [x] SecretStore
- [x] ClusterSecretStore
- [x] ExternalSecret with `remoteRef.key`
- [x] ExternalSecret with `dataFrom.find.name.regexp`
### SecretStore and ClusterSecretStore
The passbolt provider requires auth in the form of a password and a private key as well as a hostname to connect to.
```yaml
provider:
passbolt:
host: https://passbolt.passbolt.svc.cluster.local
auth:
passwordSecretRef:
key: password
name: passbolt-credentials
privateKeySecretRef:
key: privateKey
name: passbolt-credentials
```
### External Secret
By default secrets include `name`, `username`, `uri`, `password` and `description` and are in json format.
```
'{"name":"passbolt-secret","username":"some-username","password":"supersecretpassword","uri":"passbolt.com","description":"some description"}'
```
Using the `property` key this can be reduced to only display one single property.
The key for secrets synced with `dataFrom.find.name.regexp` is the respective Passbolt resource ID.
## Checklist
- [x] I have read the [contribution guidelines](https://external-secrets.io/latest/contributing/process/#submitting-a-pull-request)
- [x] All commits are signed with `git commit --signoff`
- [x] My changes have reasonable test coverage
- [x] All tests pass with `make test`
- [x] I ensured my PR is ready for review with `make reviewable`
2 Likes
Wow @thorbenbelow great
Thank you for this
Are you currently using it ?
it is awesome 
