Spec schema
TdeConfigSpec defines the desired state of TDEConfig.
kekUrlRef:
key: string
name: string
optional: boolean
kmsProvider:
vault:
authMount: string
authType: string
jwt:
pathRef:
key: string
name: string
optional: boolean
role: string
Field TypeRequired or optional |
Description |
|---|---|
kekUrlRef
| |
objectRequired | KekUrlRef is a reference to the Key Encryption Key (KEK) URL stored in a ConfigMap. |
kekUrlRef.key
| |
stringRequired | The key to select. |
kekUrlRef.name
| |
stringOptional | Name of the referent. |
kekUrlRef.optional
| |
booleanOptional | Specify whether the ConfigMap or its key must be defined. |
kmsProvider
| |
objectRequired | KmsProvider specifies the KMS provider. |
kmsProvider.vault
| |
objectRequired | Vault specifies the Hashicorp Vault provider. |
kmsProvider.vault.authMount
| |
stringRequired | Path on the Vault server where the authentication engine is mounted. |
kmsProvider.vault.authType
| |
stringRequired | Authentication method. Allowed values: "jwt". |
kmsProvider.vault.jwt
| |
objectRequired | JWT specifies the JWT authentication method. |
kmsProvider.vault.jwt.pathRef
| |
objectRequired | PathRef is a reference to the path to the JWT token on the host stored in a ConfigMap. |
kmsProvider.vault.jwt.pathRef.key
| |
stringRequired | The key to select. |
kmsProvider.vault.jwt.pathRef.name
| |
stringOptional | Name of the referent. |
kmsProvider.vault.jwt.pathRef.optional
| |
booleanOptional | Specify whether the ConfigMap or its key must be defined. |
kmsProvider.vault.jwt.role
| |
stringOptional | Role is the role for JWT authentication. |