External Secrets Operator VM Server

eso-vm-server is a small API server that runs on a Virtual Machine to enable it as a Target for External Secrets Operator. It allows for scanning the VM for secrets and for receiving secret updates.

Installation

To use the eso-vm-server, you need to run the binary on your Virtual Machine. You can build it from source or use a pre-compiled binary if available.

Building from Source

  1. Clone the repository: 
    git clone <repository-url> # Replace with the actual repository URL
cd vm_server
  2. Build the binary: 
    go build -o eso-vm-server main.go

Running the Server

Once you have the binary, you can run it with the following command: 
./eso-vm-server --port 8080

TLS Configuration

For a secure setup, it is highly recommended to run the server with mTLS. You can do this by providing the necessary TLS flags: 
./eso-vm-server \
  --port 1323 \
  --ca-file /path/to/ca.crt \
  --cert-file /path/to/server.crt \
  --key-file /path/to/server.key

API Endpoints

The eso-vm-server exposes the following API endpoints:
  • POST /api/v1/scan: Initiates a scan on the Virtual Machine.
  • GET /api/v1/scan/:id: Retrieves the status of a specific scan.
  • POST /api/v1/secrets/:id/version: Creates or updates a secret on the Virtual Machine.