Skip to main content

Virtual Machine Target

This guide explains how to configure a Virtual Machine as a target for your secrets.

Prerequisites

In order to use the VirtualMachine Target, you must install and run the eso-vm-server on the Virtual Machine you want to add.

Configuration

To push a secret to a Virtual Machine, you need to create a PushSecret or a Workflow resource. Here is an example that pushes a secret to a specific location on the VM:
You can only Push a Secret to a VM after that Secret has been already Scanned. The Scanning process is done by External Secrets Enterprise Edition via a scan.external-secrets.io/Job Resource. For more information, please see Scanning and Findings.
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: vm-secret-push
spec:
  refreshInterval: "1h"
  secretStoreRefs:
    - name: your-target-vm # Replace with your SecretStore name
      kind: VirtualMachine
      apiVersion: target.external-secrets.io/v1alpha1
  selector:
    secret:
      name: my-secret # The Kubernetes secret to push
  data:
    - match:
        secretKey: "api-key"
        remoteRef:
          key: /etc/app/secrets/db.conf
          property: "10:90"