Virtual Machine Target

This guide explains how to configure a Virtual Machine as a target for your secrets.

Prerequisites

In order to use the VirtualMachine Target, you must install and run the eso-vm-server on the Virtual Machine you want to add.

Configuration

To push a secret to a Virtual Machine, you need to create a PushSecret or a Workflow resource. Here is an example that pushes a secret to a specific location on the VM:
You can only Push a Secret to a VM after that Secret has been already Scanned. The Scanning process is done by External Secrets Enterprise via a scan.external-secrets.io/Job Resource. For more information, please see Scanning and Findings.
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: vm-secret-push
spec:
  refreshInterval: "1h"
  secretStoreRefs:
    - name: your-secret-store # Replace with your SecretStore name
      kind: SecretStore
  selector:
    secret:
      name: my-secret # The Kubernetes secret to push
  data:
    - match:
        secretKey: "api-key"
        remoteRef:
          remoteKey: "/etc/secrets/api-key"
This configuration will take the value of the api-key from the my-secret Kubernetes secret and write it to the file /etc/secrets/api-key on the Virtual Machine that is associated with the specified SecretStore.