TDEConfig v1.7.0 custom resource definition

Select a documentation version:

Spec schema

TdeConfigSpec defines the desired state of TDEConfig.

kekUrlRef:
  key: string
  name: string
  optional: boolean
kmsProvider:
  vault:
    authMount: string
    authType: string
    jwt:
      pathRef:
        key: string
        name: string
        optional: boolean
      role: string
tls:
  certSecret:
    name: string

Field

Type
Required or optional

 

Description
kekUrlRef
object
Required 		KekUrlRef is a reference to the Key Encryption Key (KEK) URL stored in a ConfigMap.
kekUrlRef.key
string
Required 		The key to select.
kekUrlRef.name
string
Optional 		Name of the referent. For more information, see Names.
kekUrlRef.optional
boolean
Optional 		Specify whether the ConfigMap or its key must be defined.
kmsProvider
object
Required 		KmsProvider specifies the Key Manager Server (e.g. Vault) to host encryption keys.
kmsProvider.vault
object
Required 		Vault specifies the Hashicorp Vault provider.
kmsProvider.vault.authMount
string
Required 		Path on the Vault server where the authentication engine is mounted.
kmsProvider.vault.authType
string
Required 		Authentication method. The only accepted value is jwt.
kmsProvider.vault.jwt
object
Required 		JWT specifies the JWT authentication method.
kmsProvider.vault.jwt.pathRef
object
Required 		PathRef is a reference to the path to the JWT token on the host stored in a ConfigMap.
kmsProvider.vault.jwt.pathRef.key
string
Required 		The key to select.
kmsProvider.vault.jwt.pathRef.name
string
Optional 		Name of the referent. For more information, see Names.
kmsProvider.vault.jwt.pathRef.optional
boolean
Optional 		Specify whether the ConfigMap or its key must be defined.
kmsProvider.vault.jwt.role
string
Optional 		Role is the role for JWT authentication.
tls
object
Optional 		Certificate Secret for encrypted communication between AlloyDB and Key Management Server (e.g. Vault).
tls.certSecret
object
Optional 		CertSecret references the certificate secret within the same namespace. The secret must contain entries ca.crt (CA certificate), tls.key (private key), and tls.crt (leaf certificate).
tls.certSecret.name
string
Optional 		Name of the referent. For more information, see Names.