CINXE.COM

<!doctype html><html lang=en class=color-toggle-hidden color-theme=light><head><meta charset=utf-8><script type="text/javascript"> ;window.NREUM||(NREUM={});NREUM.init={distributed_tracing:{enabled:true},privacy:{cookies_enabled:true},ajax:{deny_list:["bam.nr-data.net"]}}; window.NREUM||(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var o=e[n]={exports:{}};t[n][0].call(o.exports,function(e){var o=t[n][1][e];return r(o||e)},o,o.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o++)r(n[o]);return r}({1:[function(t,e,n){function r(t){try{s.console&&console.log(t)}catch(e){}}var o,i=t("ee"),a=t(32),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-err",function(t,e,n){r(n.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("flags: "+a(s,function(t,e){return t}).join(", ")))},{}],2:[function(t,e,n){function r(t,e,n,r,s){try{l?l-=1:o(s||new UncaughtException(t,e,n),!0)}catch(f){try{i("ierr",[f,c.now(),!0])}catch(d){}}return"function"==typeof u&&u.apply(this,a(arguments))}function UncaughtException(t,e,n){this.message=t||"Uncaught error with no additional information",this.sourceURL=e,this.line=n}function o(t,e){var n=e?null:c.now();i("err",[t,n])}var i=t("handle"),a=t(33),s=t("ee"),c=t("loader"),f=t("gos"),u=window.onerror,d=!1,p="nr@seenError";if(!c.disabled){var l=0;c.features.err=!0,t(1),window.onerror=r;try{throw new Error}catch(h){"stack"in h&&(t(14),t(13),"addEventListener"in window&&t(7),c.xhrWrappable&&t(15),d=!0)}s.on("fn-start",function(t,e,n){d&&(l+=1)}),s.on("fn-err",function(t,e,n){d&&!n[p]&&(f(n,p,function(){return!0}),this.thrown=!0,o(n))}),s.on("fn-end",function(){d&&!this.thrown&&l>0&&(l-=1)}),s.on("internal-error",function(t){i("ierr",[t,c.now(),!0])})}},{}],3:[function(t,e,n){var r=t("loader");r.disabled||(r.features.ins=!0)},{}],4:[function(t,e,n){function r(){U++,L=g.hash,this[u]=y.now()}function o(){U--,g.hash!==L&&i(0,!0);var t=y.now();this[h]=~~this[h]+t-this[u],this[d]=t}function i(t,e){E.emit("newURL",[""+g,e])}function a(t,e){t.on(e,function(){this[e]=y.now()})}var s="-start",c="-end",f="-body",u="fn"+s,d="fn"+c,p="cb"+s,l="cb"+c,h="jsTime",m="fetch",v="addEventListener",w=window,g=w.location,y=t("loader");if(w[v]&&y.xhrWrappable&&!y.disabled){var x=t(11),b=t(12),E=t(9),R=t(7),O=t(14),T=t(8),P=t(15),S=t(10),M=t("ee"),N=M.get("tracer"),C=t(23);t(17),y.features.spa=!0;var L,U=0;M.on(u,r),b.on(p,r),S.on(p,r),M.on(d,o),b.on(l,o),S.on(l,o),M.buffer([u,d,"xhr-resolved"]),R.buffer([u]),O.buffer(["setTimeout"+c,"clearTimeout"+s,u]),P.buffer([u,"new-xhr","send-xhr"+s]),T.buffer([m+s,m+"-done",m+f+s,m+f+c]),E.buffer(["newURL"]),x.buffer([u]),b.buffer(["propagate",p,l,"executor-err","resolve"+s]),N.buffer([u,"no-"+u]),S.buffer(["new-jsonp","cb-start","jsonp-error","jsonp-end"]),a(T,m+s),a(T,m+"-done"),a(S,"new-jsonp"),a(S,"jsonp-end"),a(S,"cb-start"),E.on("pushState-end",i),E.on("replaceState-end",i),w[v]("hashchange",i,C(!0)),w[v]("load",i,C(!0)),w[v]("popstate",function(){i(0,U>1)},C(!0))}},{}],5:[function(t,e,n){function r(){var t=new PerformanceObserver(function(t,e){var n=t.getEntries();s(v,[n])});try{t.observe({entryTypes:["resource"]})}catch(e){}}function o(t){if(s(v,[window.performance.getEntriesByType(w)]),window.performance["c"+p])try{window.performance[h](m,o,!1)}catch(t){}else try{window.performance[h]("webkit"+m,o,!1)}catch(t){}}function i(t){}if(window.performance&&window.performance.timing&&window.performance.getEntriesByType){var a=t("ee"),s=t("handle"),c=t(14),f=t(13),u=t(6),d=t(23),p="learResourceTimings",l="addEventListener",h="removeEventListener",m="resourcetimingbufferfull",v="bstResource",w="resource",g="-start",y="-end",x="fn"+g,b="fn"+y,E="bstTimer",R="pushState",O=t("loader");if(!O.disabled){O.features.stn=!0,t(9),"addEventListener"in window&&t(7);var T=NREUM.o.EV;a.on(x,function(t,e){var n=t[0];n instanceof T&&(this.bstStart=O.now())}),a.on(b,function(t,e){var n=t[0];n instanceof T&&s("bst",[n,e,this.bstStart,O.now()])}),c.on(x,function(t,e,n){this.bstStart=O.now(),this.bstType=n}),c.on(b,function(t,e){s(E,[e,this.bstStart,O.now(),this.bstType])}),f.on(x,function(){this.bstStart=O.now()}),f.on(b,function(t,e){s(E,[e,this.bstStart,O.now(),"requestAnimationFrame"])}),a.on(R+g,function(t){this.time=O.now(),this.startPath=location.pathname+location.hash}),a.on(R+y,function(t){s("bstHist",[location.pathname+location.hash,this.startPath,this.time])}),u()?(s(v,[window.performance.getEntriesByType("resource")]),r()):l in window.performance&&(window.performance["c"+p]?window.performance[l](m,o,d(!1)):window.performance[l]("webkit"+m,o,d(!1))),document[l]("scroll",i,d(!1)),document[l]("keypress",i,d(!1)),document[l]("click",i,d(!1))}}},{}],6:[function(t,e,n){e.exports=function(){return"PerformanceObserver"in window&&"function"==typeof window.PerformanceObserver}},{}],7:[function(t,e,n){function r(t){for(var e=t;e&&!e.hasOwnProperty(u);)e=Object.getPrototypeOf(e);e&&o(e)}function o(t){s.inPlace(t,[u,d],"-",i)}function i(t,e){return t[1]}var a=t("ee").get("events"),s=t("wrap-function")(a,!0),c=t("gos"),f=XMLHttpRequest,u="addEventListener",d="removeEventListener";e.exports=a,"getPrototypeOf"in Object?(r(document),r(window),r(f.prototype)):f.prototype.hasOwnProperty(u)&&(o(window),o(f.prototype)),a.on(u+"-start",function(t,e){var n=t[1];if(null!==n&&("function"==typeof n||"object"==typeof n)){var r=c(n,"nr@wrapped",function(){function t(){if("function"==typeof n.handleEvent)return n.handleEvent.apply(n,arguments)}var e={object:t,"function":n}[typeof n];return e?s(e,"fn-",null,e.name||"anonymous"):n});this.wrapped=t[1]=r}}),a.on(d+"-start",function(t){t[1]=this.wrapped||t[1]})},{}],8:[function(t,e,n){function r(t,e,n){var r=t[e];"function"==typeof r&&(t[e]=function(){var t=i(arguments),e={};o.emit(n+"before-start",[t],e);var a;e[m]&&e[m].dt&&(a=e[m].dt);var s=r.apply(this,t);return o.emit(n+"start",[t,a],s),s.then(function(t){return o.emit(n+"end",[null,t],s),t},function(t){throw o.emit(n+"end",[t],s),t})})}var o=t("ee").get("fetch"),i=t(33),a=t(32);e.exports=o;var s=window,c="fetch-",f=c+"body-",u=["arrayBuffer","blob","json","text","formData"],d=s.Request,p=s.Response,l=s.fetch,h="prototype",m="nr@context";d&&p&&l&&(a(u,function(t,e){r(d[h],e,f),r(p[h],e,f)}),r(s,"fetch",c),o.on(c+"end",function(t,e){var n=this;if(e){var r=e.headers.get("content-length");null!==r&&(n.rxSize=r),o.emit(c+"done",[null,e],n)}else o.emit(c+"done",[t],n)}))},{}],9:[function(t,e,n){var r=t("ee").get("history"),o=t("wrap-function")(r);e.exports=r;var i=window.history&&window.history.constructor&&window.history.constructor.prototype,a=window.history;i&&i.pushState&&i.replaceState&&(a=i),o.inPlace(a,["pushState","replaceState"],"-")},{}],10:[function(t,e,n){function r(t){function e(){f.emit("jsonp-end",[],l),t.removeEventListener("load",e,c(!1)),t.removeEventListener("error",n,c(!1))}function n(){f.emit("jsonp-error",[],l),f.emit("jsonp-end",[],l),t.removeEventListener("load",e,c(!1)),t.removeEventListener("error",n,c(!1))}var r=t&&"string"==typeof t.nodeName&&"script"===t.nodeName.toLowerCase();if(r){var o="function"==typeof t.addEventListener;if(o){var a=i(t.src);if(a){var d=s(a),p="function"==typeof d.parent[d.key];if(p){var l={};u.inPlace(d.parent,[d.key],"cb-",l),t.addEventListener("load",e,c(!1)),t.addEventListener("error",n,c(!1)),f.emit("new-jsonp",[t.src],l)}}}}}function o(){return"addEventListener"in window}function i(t){var e=t.match(d);return e?e[1]:null}function a(t,e){var n=t.match(l),r=n[1],o=n[3];return o?a(o,e[r]):e[r]}function s(t){var e=t.match(p);return e&&e.length>=3?{key:e[2],parent:a(e[1],window)}:{key:t,parent:window}}var c=t(23),f=t("ee").get("jsonp"),u=t("wrap-function")(f);if(e.exports=f,o()){var d=/[?&](?:callback|cb)=([^&#]+)/,p=/(.*)\.([^.]+)/,l=/^(\w+)(\.|$)(.*)$/,h=["appendChild","insertBefore","replaceChild"];Node&&Node.prototype&&Node.prototype.appendChild?u.inPlace(Node.prototype,h,"dom-"):(u.inPlace(HTMLElement.prototype,h,"dom-"),u.inPlace(HTMLHeadElement.prototype,h,"dom-"),u.inPlace(HTMLBodyElement.prototype,h,"dom-")),f.on("dom-start",function(t){r(t[0])})}},{}],11:[function(t,e,n){var r=t("ee").get("mutation"),o=t("wrap-function")(r),i=NREUM.o.MO;e.exports=r,i&&(window.MutationObserver=function(t){return this instanceof i?new i(o(t,"fn-")):i.apply(this,arguments)},MutationObserver.prototype=i.prototype)},{}],12:[function(t,e,n){function r(t){var e=i.context(),n=s(t,"executor-",e,null,!1),r=new f(n);return i.context(r).getCtx=function(){return e},r}var o=t("wrap-function"),i=t("ee").get("promise"),a=t("ee").getOrSetContext,s=o(i),c=t(32),f=NREUM.o.PR;e.exports=i,f&&(window.Promise=r,["all","race"].forEach(function(t){var e=f[t];f[t]=function(n){function r(t){return function(){i.emit("propagate",[null,!o],a,!1,!1),o=o||!t}}var o=!1;c(n,function(e,n){Promise.resolve(n).then(r("all"===t),r(!1))});var a=e.apply(f,arguments),s=f.resolve(a);return s}}),["resolve","reject"].forEach(function(t){var e=f[t];f[t]=function(t){var n=e.apply(f,arguments);return t!==n&&i.emit("propagate",[t,!0],n,!1,!1),n}}),f.prototype["catch"]=function(t){return this.then(null,t)},f.prototype=Object.create(f.prototype,{constructor:{value:r}}),c(Object.getOwnPropertyNames(f),function(t,e){try{r[e]=f[e]}catch(n){}}),o.wrapInPlace(f.prototype,"then",function(t){return function(){var e=this,n=o.argsToArray.apply(this,arguments),r=a(e);r.promise=e,n[0]=s(n[0],"cb-",r,null,!1),n[1]=s(n[1],"cb-",r,null,!1);var c=t.apply(this,n);return r.nextPromise=c,i.emit("propagate",[e,!0],c,!1,!1),c}}),i.on("executor-start",function(t){t[0]=s(t[0],"resolve-",this,null,!1),t[1]=s(t[1],"resolve-",this,null,!1)}),i.on("executor-err",function(t,e,n){t[1](n)}),i.on("cb-end",function(t,e,n){i.emit("propagate",[n,!0],this.nextPromise,!1,!1)}),i.on("propagate",function(t,e,n){this.getCtx&&!e||(this.getCtx=function(){if(t instanceof Promise)var e=i.context(t);return e&&e.getCtx?e.getCtx():this})}),r.toString=function(){return""+f})},{}],13:[function(t,e,n){var r=t("ee").get("raf"),o=t("wrap-function")(r),i="equestAnimationFrame";e.exports=r,o.inPlace(window,["r"+i,"mozR"+i,"webkitR"+i,"msR"+i],"raf-"),r.on("raf-start",function(t){t[0]=o(t[0],"fn-")})},{}],14:[function(t,e,n){function r(t,e,n){t[0]=a(t[0],"fn-",null,n)}function o(t,e,n){this.method=n,this.timerDuration=isNaN(t[1])?0:+t[1],t[0]=a(t[0],"fn-",this,n)}var i=t("ee").get("timer"),a=t("wrap-function")(i),s="setTimeout",c="setInterval",f="clearTimeout",u="-start",d="-";e.exports=i,a.inPlace(window,[s,"setImmediate"],s+d),a.inPlace(window,[c],c+d),a.inPlace(window,[f,"clearImmediate"],f+d),i.on(c+u,r),i.on(s+u,o)},{}],15:[function(t,e,n){function r(t,e){d.inPlace(e,["onreadystatechange"],"fn-",s)}function o(){var t=this,e=u.context(t);t.readyState>3&&!e.resolved&&(e.resolved=!0,u.emit("xhr-resolved",[],t)),d.inPlace(t,y,"fn-",s)}function i(t){x.push(t),m&&(E?E.then(a):w?w(a):(R=-R,O.data=R))}function a(){for(var t=0;t<x.length;t++)r([],x[t]);x.length&&(x=[])}function s(t,e){return e}function c(t,e){for(var n in t)e[n]=t[n];return e}t(7);var f=t("ee"),u=f.get("xhr"),d=t("wrap-function")(u),p=t(23),l=NREUM.o,h=l.XHR,m=l.MO,v=l.PR,w=l.SI,g="readystatechange",y=["onload","onerror","onabort","onloadstart","onloadend","onprogress","ontimeout"],x=[];e.exports=u;var b=window.XMLHttpRequest=function(t){var e=new h(t);try{u.emit("new-xhr",[e],e),e.addEventListener(g,o,p(!1))}catch(n){try{u.emit("internal-error",[n])}catch(r){}}return e};if(c(h,b),b.prototype=h.prototype,d.inPlace(b.prototype,["open","send"],"-xhr-",s),u.on("send-xhr-start",function(t,e){r(t,e),i(e)}),u.on("open-xhr-start",r),m){var E=v&&v.resolve();if(!w&&!v){var R=1,O=document.createTextNode(R);new m(a).observe(O,{characterData:!0})}}else f.on("fn-end",function(t){t[0]&&t[0].type===g||a()})},{}],16:[function(t,e,n){function r(t){if(!s(t))return null;var e=window.NREUM;if(!e.loader_config)return null;var n=(e.loader_config.accountID||"").toString()||null,r=(e.loader_config.agentID||"").toString()||null,f=(e.loader_config.trustKey||"").toString()||null;if(!n||!r)return null;var h=l.generateSpanId(),m=l.generateTraceId(),v=Date.now(),w={spanId:h,traceId:m,timestamp:v};return(t.sameOrigin||c(t)&&p())&&(w.traceContextParentHeader=o(h,m),w.traceContextStateHeader=i(h,v,n,r,f)),(t.sameOrigin&&!u()||!t.sameOrigin&&c(t)&&d())&&(w.newrelicHeader=a(h,m,v,n,r,f)),w}function o(t,e){return"00-"+e+"-"+t+"-01"}function i(t,e,n,r,o){var i=0,a="",s=1,c="",f="";return o+"@nr="+i+"-"+s+"-"+n+"-"+r+"-"+t+"-"+a+"-"+c+"-"+f+"-"+e}function a(t,e,n,r,o,i){var a="btoa"in window&&"function"==typeof window.btoa;if(!a)return null;var s={v:[0,1],d:{ty:"Browser",ac:r,ap:o,id:t,tr:e,ti:n}};return i&&r!==i&&(s.d.tk=i),btoa(JSON.stringify(s))}function s(t){return f()&&c(t)}function c(t){var e=!1,n={};if("init"in NREUM&&"distributed_tracing"in NREUM.init&&(n=NREUM.init.distributed_tracing),t.sameOrigin)e=!0;else if(n.allowed_origins instanceof Array)for(var r=0;r<n.allowed_origins.length;r++){var o=h(n.allowed_origins[r]);if(t.hostname===o.hostname&&t.protocol===o.protocol&&t.port===o.port){e=!0;break}}return e}function f(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.enabled}function u(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.exclude_newrelic_header}function d(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&NREUM.init.distributed_tracing.cors_use_newrelic_header!==!1}function p(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.cors_use_tracecontext_headers}var l=t(29),h=t(18);e.exports={generateTracePayload:r,shouldGenerateTrace:s}},{}],17:[function(t,e,n){function r(t){var e=this.params,n=this.metrics;if(!this.ended){this.ended=!0;for(var r=0;r<p;r++)t.removeEventListener(d[r],this.listener,!1);e.aborted||(n.duration=a.now()-this.startTime,this.loadCaptureCalled||4!==t.readyState?null==e.status&&(e.status=0):i(this,t),n.cbTime=this.cbTime,s("xhr",[e,n,this.startTime,this.endTime,"xhr"],this))}}function o(t,e){var n=c(e),r=t.params;r.hostname=n.hostname,r.port=n.port,r.protocol=n.protocol,r.host=n.hostname+":"+n.port,r.pathname=n.pathname,t.parsedOrigin=n,t.sameOrigin=n.sameOrigin}function i(t,e){t.params.status=e.status;var n=v(e,t.lastSize);if(n&&(t.metrics.rxSize=n),t.sameOrigin){var r=e.getResponseHeader("X-NewRelic-App-Data");r&&(t.params.cat=r.split(", ").pop())}t.loadCaptureCalled=!0}var a=t("loader");if(a.xhrWrappable&&!a.disabled){var s=t("handle"),c=t(18),f=t(16).generateTracePayload,u=t("ee"),d=["load","error","abort","timeout"],p=d.length,l=t("id"),h=t(24),m=t(22),v=t(19),w=t(23),g=NREUM.o.REQ,y=window.XMLHttpRequest;a.features.xhr=!0,t(15),t(8),u.on("new-xhr",function(t){var e=this;e.totalCbs=0,e.called=0,e.cbTime=0,e.end=r,e.ended=!1,e.xhrGuids={},e.lastSize=null,e.loadCaptureCalled=!1,e.params=this.params||{},e.metrics=this.metrics||{},t.addEventListener("load",function(n){i(e,t)},w(!1)),h&&(h>34||h<10)||t.addEventListener("progress",function(t){e.lastSize=t.loaded},w(!1))}),u.on("open-xhr-start",function(t){this.params={method:t[0]},o(this,t[1]),this.metrics={}}),u.on("open-xhr-end",function(t,e){"loader_config"in NREUM&&"xpid"in NREUM.loader_config&&this.sameOrigin&&e.setRequestHeader("X-NewRelic-ID",NREUM.loader_config.xpid);var n=f(this.parsedOrigin);if(n){var r=!1;n.newrelicHeader&&(e.setRequestHeader("newrelic",n.newrelicHeader),r=!0),n.traceContextParentHeader&&(e.setRequestHeader("traceparent",n.traceContextParentHeader),n.traceContextStateHeader&&e.setRequestHeader("tracestate",n.traceContextStateHeader),r=!0),r&&(this.dt=n)}}),u.on("send-xhr-start",function(t,e){var n=this.metrics,r=t[0],o=this;if(n&&r){var i=m(r);i&&(n.txSize=i)}this.startTime=a.now(),this.listener=function(t){try{"abort"!==t.type||o.loadCaptureCalled||(o.params.aborted=!0),("load"!==t.type||o.called===o.totalCbs&&(o.onloadCalled||"function"!=typeof e.onload))&&o.end(e)}catch(n){try{u.emit("internal-error",[n])}catch(r){}}};for(var s=0;s<p;s++)e.addEventListener(d[s],this.listener,w(!1))}),u.on("xhr-cb-time",function(t,e,n){this.cbTime+=t,e?this.onloadCalled=!0:this.called+=1,this.called!==this.totalCbs||!this.onloadCalled&&"function"==typeof n.onload||this.end(n)}),u.on("xhr-load-added",function(t,e){var n=""+l(t)+!!e;this.xhrGuids&&!this.xhrGuids[n]&&(this.xhrGuids[n]=!0,this.totalCbs+=1)}),u.on("xhr-load-removed",function(t,e){var n=""+l(t)+!!e;this.xhrGuids&&this.xhrGuids[n]&&(delete this.xhrGuids[n],this.totalCbs-=1)}),u.on("xhr-resolved",function(){this.endTime=a.now()}),u.on("addEventListener-end",function(t,e){e instanceof y&&"load"===t[0]&&u.emit("xhr-load-added",[t[1],t[2]],e)}),u.on("removeEventListener-end",function(t,e){e instanceof y&&"load"===t[0]&&u.emit("xhr-load-removed",[t[1],t[2]],e)}),u.on("fn-start",function(t,e,n){e instanceof y&&("onload"===n&&(this.onload=!0),("load"===(t[0]&&t[0].type)||this.onload)&&(this.xhrCbStart=a.now()))}),u.on("fn-end",function(t,e){this.xhrCbStart&&u.emit("xhr-cb-time",[a.now()-this.xhrCbStart,this.onload,e],e)}),u.on("fetch-before-start",function(t){function e(t,e){var n=!1;return e.newrelicHeader&&(t.set("newrelic",e.newrelicHeader),n=!0),e.traceContextParentHeader&&(t.set("traceparent",e.traceContextParentHeader),e.traceContextStateHeader&&t.set("tracestate",e.traceContextStateHeader),n=!0),n}var n,r=t[1]||{};"string"==typeof t[0]?n=t[0]:t[0]&&t[0].url?n=t[0].url:window.URL&&t[0]&&t[0]instanceof URL&&(n=t[0].href),n&&(this.parsedOrigin=c(n),this.sameOrigin=this.parsedOrigin.sameOrigin);var o=f(this.parsedOrigin);if(o&&(o.newrelicHeader||o.traceContextParentHeader))if("string"==typeof t[0]||window.URL&&t[0]&&t[0]instanceof URL){var i={};for(var a in r)i[a]=r[a];i.headers=new Headers(r.headers||{}),e(i.headers,o)&&(this.dt=o),t.length>1?t[1]=i:t.push(i)}else t[0]&&t[0].headers&&e(t[0].headers,o)&&(this.dt=o)}),u.on("fetch-start",function(t,e){this.params={},this.metrics={},this.startTime=a.now(),this.dt=e,t.length>=1&&(this.target=t[0]),t.length>=2&&(this.opts=t[1]);var n,r=this.opts||{},i=this.target;"string"==typeof i?n=i:"object"==typeof i&&i instanceof g?n=i.url:window.URL&&"object"==typeof i&&i instanceof URL&&(n=i.href),o(this,n);var s=(""+(i&&i instanceof g&&i.method||r.method||"GET")).toUpperCase();this.params.method=s,this.txSize=m(r.body)||0}),u.on("fetch-done",function(t,e){this.endTime=a.now(),this.params||(this.params={}),this.params.status=e?e.status:0;var n;"string"==typeof this.rxSize&&this.rxSize.length>0&&(n=+this.rxSize);var r={txSize:this.txSize,rxSize:n,duration:a.now()-this.startTime};s("xhr",[this.params,r,this.startTime,this.endTime,"fetch"],this)})}},{}],18:[function(t,e,n){var r={};e.exports=function(t){if(t in r)return r[t];var e=document.createElement("a"),n=window.location,o={};e.href=t,o.port=e.port;var i=e.href.split("://");!o.port&&i[1]&&(o.port=i[1].split("/")[0].split("@").pop().split(":")[1]),o.port&&"0"!==o.port||(o.port="https"===i[0]?"443":"80"),o.hostname=e.hostname||n.hostname,o.pathname=e.pathname,o.protocol=i[0],"/"!==o.pathname.charAt(0)&&(o.pathname="/"+o.pathname);var a=!e.protocol||":"===e.protocol||e.protocol===n.protocol,s=e.hostname===document.domain&&e.port===n.port;return o.sameOrigin=a&&(!e.hostname||s),"/"===o.pathname&&(r[t]=o),o}},{}],19:[function(t,e,n){function r(t,e){var n=t.responseType;return"json"===n&&null!==e?e:"arraybuffer"===n||"blob"===n||"json"===n?o(t.response):"text"===n||""===n||void 0===n?o(t.responseText):void 0}var o=t(22);e.exports=r},{}],20:[function(t,e,n){function r(){}function o(t,e,n,r){return function(){return u.recordSupportability("API/"+e+"/called"),i(t+e,[f.now()].concat(s(arguments)),n?null:this,r),n?void 0:this}}var i=t("handle"),a=t(32),s=t(33),c=t("ee").get("tracer"),f=t("loader"),u=t(25),d=NREUM;"undefined"==typeof window.newrelic&&(newrelic=d);var p=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit","addRelease"],l="api-",h=l+"ixn-";a(p,function(t,e){d[e]=o(l,e,!0,"api")}),d.addPageAction=o(l,"addPageAction",!0),d.setCurrentRouteName=o(l,"routeName",!0),e.exports=newrelic,d.interaction=function(){return(new r).get()};var m=r.prototype={createTracer:function(t,e){var n={},r=this,o="function"==typeof e;return i(h+"tracer",[f.now(),t,n],r),function(){if(c.emit((o?"":"no-")+"fn-start",[f.now(),r,o],n),o)try{return e.apply(this,arguments)}catch(t){throw c.emit("fn-err",[arguments,this,t],n),t}finally{c.emit("fn-end",[f.now()],n)}}}};a("actionText,setName,setAttribute,save,ignore,onEnd,getContext,end,get".split(","),function(t,e){m[e]=o(h,e)}),newrelic.noticeError=function(t,e){"string"==typeof t&&(t=new Error(t)),u.recordSupportability("API/noticeError/called"),i("err",[t,f.now(),!1,e])}},{}],21:[function(t,e,n){function r(t){if(NREUM.init){for(var e=NREUM.init,n=t.split("."),r=0;r<n.length-1;r++)if(e=e[n[r]],"object"!=typeof e)return;return e=e[n[n.length-1]]}}e.exports={getConfiguration:r}},{}],22:[function(t,e,n){e.exports=function(t){if("string"==typeof t&&t.length)return t.length;if("object"==typeof t){if("undefined"!=typeof ArrayBuffer&&t instanceof ArrayBuffer&&t.byteLength)return t.byteLength;if("undefined"!=typeof Blob&&t instanceof Blob&&t.size)return t.size;if(!("undefined"!=typeof FormData&&t instanceof FormData))try{return JSON.stringify(t).length}catch(e){return}}}},{}],23:[function(t,e,n){var r=!1;try{var o=Object.defineProperty({},"passive",{get:function(){r=!0}});window.addEventListener("testPassive",null,o),window.removeEventListener("testPassive",null,o)}catch(i){}e.exports=function(t){return r?{passive:!0,capture:!!t}:!!t}},{}],24:[function(t,e,n){var r=0,o=navigator.userAgent.match(/Firefox[\/\s](\d+\.\d+)/);o&&(r=+o[1]),e.exports=r},{}],25:[function(t,e,n){function r(t,e){var n=[a,t,{name:t},e];return i("storeMetric",n,null,"api"),n}function o(t,e){var n=[s,t,{name:t},e];return i("storeEventMetrics",n,null,"api"),n}var i=t("handle"),a="sm",s="cm";e.exports={constants:{SUPPORTABILITY_METRIC:a,CUSTOM_METRIC:s},recordSupportability:r,recordCustom:o}},{}],26:[function(t,e,n){function r(){return s.exists&&performance.now?Math.round(performance.now()):(i=Math.max((new Date).getTime(),i))-a}function o(){return i}var i=(new Date).getTime(),a=i,s=t(34);e.exports=r,e.exports.offset=a,e.exports.getLastTimestamp=o},{}],27:[function(t,e,n){function r(t){return!(!t||!t.protocol||"file:"===t.protocol)}e.exports=r},{}],28:[function(t,e,n){function r(t,e){var n=t.getEntries();n.forEach(function(t){"first-paint"===t.name?p("timing",["fp",Math.floor(t.startTime)]):"first-contentful-paint"===t.name&&p("timing",["fcp",Math.floor(t.startTime)])})}function o(t,e){var n=t.getEntries();if(n.length>0){var r=n[n.length-1];if(c&&c<r.startTime)return;p("lcp",[r])}}function i(t){t.getEntries().forEach(function(t){t.hadRecentInput||p("cls",[t])})}function a(t){if(t instanceof v&&!g){var e=Math.round(t.timeStamp),n={type:t.type};e<=l.now()?n.fid=l.now()-e:e>l.offset&&e<=Date.now()?(e-=l.offset,n.fid=l.now()-e):e=l.now(),g=!0,p("timing",["fi",e,n])}}function s(t){"hidden"===t&&(c=l.now(),p("pageHide",[c]))}if(!("init"in NREUM&&"page_view_timing"in NREUM.init&&"enabled"in NREUM.init.page_view_timing&&NREUM.init.page_view_timing.enabled===!1)){var c,f,u,d,p=t("handle"),l=t("loader"),h=t(31),m=t(23),v=NREUM.o.EV;if("PerformanceObserver"in window&&"function"==typeof window.PerformanceObserver){f=new PerformanceObserver(r);try{f.observe({entryTypes:["paint"]})}catch(w){}u=new PerformanceObserver(o);try{u.observe({entryTypes:["largest-contentful-paint"]})}catch(w){}d=new PerformanceObserver(i);try{d.observe({type:"layout-shift",buffered:!0})}catch(w){}}if("addEventListener"in document){var g=!1,y=["click","keydown","mousedown","pointerdown","touchstart"];y.forEach(function(t){document.addEventListener(t,a,m(!1))})}h(s)}},{}],29:[function(t,e,n){function r(){function t(){return e?15&e[n++]:16*Math.random()|0}var e=null,n=0,r=window.crypto||window.msCrypto;r&&r.getRandomValues&&(e=r.getRandomValues(new Uint8Array(31)));for(var o,i="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",a="",s=0;s<i.length;s++)o=i[s],"x"===o?a+=t().toString(16):"y"===o?(o=3&t()|8,a+=o.toString(16)):a+=o;return a}function o(){return a(16)}function i(){return a(32)}function a(t){function e(){return n?15&n[r++]:16*Math.random()|0}var n=null,r=0,o=window.crypto||window.msCrypto;o&&o.getRandomValues&&Uint8Array&&(n=o.getRandomValues(new Uint8Array(31)));for(var i=[],a=0;a<t;a++)i.push(e().toString(16));return i.join("")}e.exports={generateUuid:r,generateSpanId:o,generateTraceId:i}},{}],30:[function(t,e,n){function r(t,e){if(!o)return!1;if(t!==o)return!1;if(!e)return!0;if(!i)return!1;for(var n=i.split("."),r=e.split("."),a=0;a<r.length;a++)if(r[a]!==n[a])return!1;return!0}var o=null,i=null,a=/Version\/(\S+)\s+Safari/;if(navigator.userAgent){var s=navigator.userAgent,c=s.match(a);c&&s.indexOf("Chrome")===-1&&s.indexOf("Chromium")===-1&&(o="Safari",i=c[1])}e.exports={agent:o,version:i,match:r}},{}],31:[function(t,e,n){function r(t){function e(){t(s&&document[s]?document[s]:document[i]?"hidden":"visible")}"addEventListener"in document&&a&&document.addEventListener(a,e,o(!1))}var o=t(23);e.exports=r;var i,a,s;"undefined"!=typeof document.hidden?(i="hidden",a="visibilitychange",s="visibilityState"):"undefined"!=typeof document.msHidden?(i="msHidden",a="msvisibilitychange"):"undefined"!=typeof document.webkitHidden&&(i="webkitHidden",a="webkitvisibilitychange",s="webkitVisibilityState")},{}],32:[function(t,e,n){function r(t,e){var n=[],r="",i=0;for(r in t)o.call(t,r)&&(n[i]=e(r,t[r]),i+=1);return n}var o=Object.prototype.hasOwnProperty;e.exports=r},{}],33:[function(t,e,n){function r(t,e,n){e||(e=0),"undefined"==typeof n&&(n=t?t.length:0);for(var r=-1,o=n-e||0,i=Array(o<0?0:o);++r<o;)i[r]=t[e+r];return i}e.exports=r},{}],34:[function(t,e,n){e.exports={exists:"undefined"!=typeof window.performance&&window.performance.timing&&"undefined"!=typeof window.performance.timing.navigationStart}},{}],ee:[function(t,e,n){function r(){}function o(t){function e(t){return t&&t instanceof r?t:t?f(t,c,a):a()}function n(n,r,o,i,a){if(a!==!1&&(a=!0),!l.aborted||i){t&&a&&t(n,r,o);for(var s=e(o),c=m(n),f=c.length,u=0;u<f;u++)c[u].apply(s,r);var p=d[y[n]];return p&&p.push([x,n,r,s]),s}}function i(t,e){g[t]=m(t).concat(e)}function h(t,e){var n=g[t];if(n)for(var r=0;r<n.length;r++)n[r]===e&&n.splice(r,1)}function m(t){return g[t]||[]}function v(t){return p[t]=p[t]||o(n)}function w(t,e){l.aborted||u(t,function(t,n){e=e||"feature",y[n]=e,e in d||(d[e]=[])})}var g={},y={},x={on:i,addEventListener:i,removeEventListener:h,emit:n,get:v,listeners:m,context:e,buffer:w,abort:s,aborted:!1};return x}function i(t){return f(t,c,a)}function a(){return new r}function s(){(d.api||d.feature)&&(l.aborted=!0,d=l.backlog={})}var c="nr@context",f=t("gos"),u=t(32),d={},p={},l=e.exports=o();e.exports.getOrSetContext=i,l.backlog=d},{}],gos:[function(t,e,n){function r(t,e,n){if(o.call(t,e))return t[e];var r=n();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(t,e,{value:r,writable:!0,enumerable:!1}),r}catch(i){}return t[e]=r,r}var o=Object.prototype.hasOwnProperty;e.exports=r},{}],handle:[function(t,e,n){function r(t,e,n,r){o.buffer([t],r),o.emit(t,e,n)}var o=t("ee").get("handle");e.exports=r,r.ee=o},{}],id:[function(t,e,n){function r(t){var e=typeof t;return!t||"object"!==e&&"function"!==e?-1:t===window?0:a(t,i,function(){return o++})}var o=1,i="nr@id",a=t("gos");e.exports=r},{}],loader:[function(t,e,n){function r(){if(!P++){var t=T.info=NREUM.info,e=v.getElementsByTagName("script")[0];if(setTimeout(f.abort,3e4),!(t&&t.licenseKey&&t.applicationID&&e))return f.abort();c(R,function(e,n){t[e]||(t[e]=n)});var n=a();s("mark",["onload",n+T.offset],null,"api"),s("timing",["load",n]);var r=v.createElement("script");0===t.agent.indexOf("http://")||0===t.agent.indexOf("https://")?r.src=t.agent:r.src=h+"://"+t.agent,e.parentNode.insertBefore(r,e)}}function o(){"complete"===v.readyState&&i()}function i(){s("mark",["domContent",a()+T.offset],null,"api")}var a=t(26),s=t("handle"),c=t(32),f=t("ee"),u=t(30),d=t(27),p=t(21),l=t(23),h=p.getConfiguration("ssl")===!1?"http":"https",m=window,v=m.document,w="addEventListener",g="attachEvent",y=m.XMLHttpRequest,x=y&&y.prototype,b=!d(m.location);NREUM.o={ST:setTimeout,SI:m.setImmediate,CT:clearTimeout,XHR:y,REQ:m.Request,EV:m.Event,PR:m.Promise,MO:m.MutationObserver};var E=""+location,R={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-spa-1212.min.js"},O=y&&x&&x[w]&&!/CriOS/.test(navigator.userAgent),T=e.exports={offset:a.getLastTimestamp(),now:a,origin:E,features:{},xhrWrappable:O,userAgent:u,disabled:b};if(!b){t(20),t(28),v[w]?(v[w]("DOMContentLoaded",i,l(!1)),m[w]("load",r,l(!1))):(v[g]("onreadystatechange",o),m[g]("onload",r)),s("mark",["firstbyte",a.getLastTimestamp()],null,"api");var P=0}},{}],"wrap-function":[function(t,e,n){function r(t,e){function n(e,n,r,c,f){function nrWrapper(){var i,a,u,p;try{a=this,i=d(arguments),u="function"==typeof r?r(i,a):r||{}}catch(l){o([l,"",[i,a,c],u],t)}s(n+"start",[i,a,c],u,f);try{return p=e.apply(a,i)}catch(h){throw s(n+"err",[i,a,h],u,f),h}finally{s(n+"end",[i,a,p],u,f)}}return a(e)?e:(n||(n=""),nrWrapper[p]=e,i(e,nrWrapper,t),nrWrapper)}function r(t,e,r,o,i){r||(r="");var s,c,f,u="-"===r.charAt(0);for(f=0;f<e.length;f++)c=e[f],s=t[c],a(s)||(t[c]=n(s,u?c+r:r,o,c,i))}function s(n,r,i,a){if(!h||e){var s=h;h=!0;try{t.emit(n,r,i,e,a)}catch(c){o([c,n,r,i],t)}h=s}}return t||(t=u),n.inPlace=r,n.flag=p,n}function o(t,e){e||(e=u);try{e.emit("internal-error",t)}catch(n){}}function i(t,e,n){if(Object.defineProperty&&Object.keys)try{var r=Object.keys(t);return r.forEach(function(n){Object.defineProperty(e,n,{get:function(){return t[n]},set:function(e){return t[n]=e,e}})}),e}catch(i){o([i],n)}for(var a in t)l.call(t,a)&&(e[a]=t[a]);return e}function a(t){return!(t&&t instanceof Function&&t.apply&&!t[p])}function s(t,e){var n=e(t);return n[p]=t,i(t,n,u),n}function c(t,e,n){var r=t[e];t[e]=s(r,n)}function f(){for(var t=arguments.length,e=new Array(t),n=0;n<t;++n)e[n]=arguments[n];return e}var u=t("ee"),d=t(33),p="nr@original",l=Object.prototype.hasOwnProperty,h=!1;e.exports=r,e.exports.wrapFunction=s,e.exports.wrapInPlace=c,e.exports.argsToArray=f},{}]},{},["loader",2,17,5,3,4]); ;NREUM.loader_config={accountID:"3768898",trustKey:"3768898",agentID:"1134285132",licenseKey:"NRJS-2bc9f9fb1efc463f27c",applicationID:"1134285132"} ;NREUM.info={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",licenseKey:"NRJS-2bc9f9fb1efc463f27c",applicationID:"1134285132",sa:1} newrelic.addRelease("", "Remove-ControllerConfig-r-production-4dd74f6-17d951-17d94f"); </script><meta name=viewport content="width=device-width,initial-scale=1"><meta name=author content="Crossplane Community"><meta name=color-scheme content="light dark"><meta name=docsearch:language content="en"><meta name=generator content="Hugo 0.119.0"><link rel=preload href=/fonts/Avenir-Roman.woff2 as=font type=font/woff2 crossorigin><meta property="og:image" content="/img/crossplane-logo-og.webp"><meta property="twitter:card" content="/img/crossplane-logo-og.webp"><meta property="og:image:width" content="600"><meta property="og:image:height" content="199"><meta property="og:image:alt" content="Crossplane name and popsicle logo"><meta property="twitter:image:alt" content="Crossplane name and popsicle logo"><meta property="og:type" content="website"><meta name=twitter:site content="@crossplane_io"><meta property="og:site_name" content="Crossplane Documentation"><meta name=description content="Crossplane lets you build a control plane with Kubernetes-style declarative and API-driven configuration and management for anything."><meta property="og:url" content="https://docs.crossplane.io/v1.18/guides/vault-as-secret-store/"><meta name=docsearch:modified content="November 5, 2024"><meta name=docsearch:version content="1.18"><title>Vault as an External Secret Store · Crossplane v1.18</title><link rel=canonical href=https://docs.crossplane.io/latest/guides/vault-as-secret-store/><script>(()=>{var e=window.matchMedia("(prefers-color-scheme: dark)").matches,t=localStorage.getItem("darkSwitch")!==null&&localStorage.getItem("darkSwitch")==="dark",n=localStorage.getItem("darkSwitch")!==null&&localStorage.getItem("darkSwitch")==="light";n&&(e=!1),t||e?document.documentElement.setAttribute("color-theme","dark"):document.documentElement.setAttribute("color-theme","light")})()</script><link rel=stylesheet href=https://cdn.jsdelivr.net/npm/@docsearch/css@3 media=print onload='this.media="all"'><link rel=preconnect href=https://9UXKYX61NK-dsn.algolia.net crossorigin data-proofer-ignore><link href="https://docs.crossplane.io/scss/docs.0346bfd4a8aeace526724de64ddada78a0e5122b3b0c83b1021770d6ddef1160.css" rel=stylesheet><link rel=apple-touch-icon sizes=180x180 href=/apple-touch-icon.png><link rel=icon type=image/png sizes=32x32 href=/favicon-32x32.png><link rel=icon type=image/png sizes=192x192 href=/android-chrome-192x192.png><link rel=icon type=image/png sizes=16x16 href=/favicon-16x16.png><link rel=manifest href=/site.webmanifest><link rel=mask-icon href=/safari-pinned-tab.svg color=#f87c44><meta name=apple-mobile-web-app-title content="Crossplane Docs"><meta name=application-name content="Crossplane Docs"><meta name=msapplication-TileColor content="#333f5b"><meta name=theme-color content="#ffffff"><meta property="og:title" content="Crossplane Docs · v1.18 · Vault as an External Secret Store"><meta property="og:description" content="This guide walks through the steps required to configure Crossplane and its Providers to use Vault as an External Secret Store (ESS) with ESS Plugin Vault. Warning External Secret Stores are an alpha …"></head><body><svg xmlns="http://www.w3.org/2000/svg" style="display:none"><symbol id="check2" viewBox="0 0 16 16"><path d="M13.854 3.646a.5.5.0 010 .708l-7 7a.5.5.0 01-.708.0l-3.5-3.5a.5.5.0 11.708-.708L6.5 10.293l6.646-6.647a.5.5.0 01.708.0z"/></symbol><symbol id="x" viewBox="0 0 16 16"><path d="M2.146 2.854a.5.5.0 11.708-.708L8 7.293l5.146-5.147a.5.5.0 01.708.708L8.707 8l5.147 5.146a.5.5.0 01-.708.708L8 8.707l-5.146 5.147a.5.5.0 01-.708-.708L7.293 8 2.146 2.854z"/></symbol><symbol id="chevron-expand" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M3.646 9.146a.5.5.0 01.708.0L8 12.793l3.646-3.647a.5.5.0 01.708.708l-4 4a.5.5.0 01-.708.0l-4-4a.5.5.0 010-.708zm0-2.292a.5.5.0 00.708.0L8 3.207l3.646 3.647a.5.5.0 00.708-.708l-4-4a.5.5.0 00-.708.0l-4 4a.5.5.0 000 .708z"/></symbol><symbol id="clipboard" viewBox="0 0 16 16"><path d="M4 1.5H3a2 2 0 00-2 2V14a2 2 0 002 2h10a2 2 0 002-2V3.5a2 2 0 00-2-2h-1v1h1a1 1 0 011 1V14a1 1 0 01-1 1H3a1 1 0 01-1-1V3.5a1 1 0 011-1h1v-1z"/><path d="M9.5 1a.5.5.0 01.5.5v1a.5.5.0 01-.5.5h-3A.5.5.0 016 2.5v-1a.5.5.0 01.5-.5h3zm-3-1A1.5 1.5.0 005 1.5v1A1.5 1.5.0 006.5 4h3A1.5 1.5.0 0011 2.5v-1A1.5 1.5.0 009.5.0h-3z"/></symbol><symbol id="plus" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 2a.5.5.0 01.5.5v5h5a.5.5.0 010 1h-5v5a.5.5.0 01-1 0v-5h-5a.5.5.0 010-1h5v-5A.5.5.0 018 2z"/></symbol><symbol id="three-dots" viewBox="0 0 16 16"><path d="M3 9.5a1.5 1.5.0 110-3 1.5 1.5.0 010 3zm5 0a1.5 1.5.0 110-3 1.5 1.5.0 010 3zm5 0a1.5 1.5.0 110-3 1.5 1.5.0 010 3z"/></symbol><symbol id="info" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="m8.93 6.588-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545.0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275.0-.375-.193-.304-.533L8.93 6.588zM9 4.5a1 1 0 11-2 0 1 1 0 012 0z"/></symbol><symbol id="check" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="M10.97 4.97a.235.235.0 00-.02.022L7.477 9.417 5.384 7.323a.75.75.0 00-1.06 1.06L6.97 11.03a.75.75.0 001.079-.02l3.992-4.99A.75.75.0 0010.97 4.97z"/></symbol><symbol id="exclamation" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="M7.002 11a1 1 0 112 0 1 1 0 01-2 0zM7.1 4.995a.905.905.0 111.8.0l-.35 3.507a.552.552.0 01-1.1.0L7.1 4.995z"/></symbol><symbol id="x-circle" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="M4.646 4.646a.5.5.0 01.708.0L8 7.293l2.646-2.647a.5.5.0 01.708.708L8.707 8l2.647 2.646a.5.5.0 01-.708.708L8 8.707l-2.646 2.647a.5.5.0 01-.708-.708L7.293 8 4.646 5.354a.5.5.0 010-.708z"/></symbol><symbol id="fire" viewBox="0 0 16 16"><path d="M8 16c3.314.0 6-2 6-5.5.0-1.5-.5-4-2.5-6 .25 1.5-1.25 2-1.25 2C11 4 9 .5 6 0c.357 2 .5 4-2 6-1.25 1-2 2.729-2 4.5C2 14 4.686 16 8 16zm0-1c-1.657.0-3-1-3-2.75.0-.75.25-2 1.25-3C6.125 10 7 10.5 7 10.5c-.375-1.25.5-3.25 2-3.5-.179 1-.25 2 1 3 .625.5 1 1.364 1 2.25C11 14 9.657 15 8 15z"/></symbol><symbol id="search" viewBox="0 0 16 16"><path d="M11.742 10.344a6.5 6.5.0 10-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 001.415-1.414l-3.85-3.85a1.007 1.007.0 00-.115-.1zM12 6.5a5.5 5.5.0 11-11 0 5.5 5.5.0 0111 0z"/></symbol><symbol id="clipboard-check" viewBox="0 0 16 16"><path d="M6.5.0A1.5 1.5.0 005 1.5v1A1.5 1.5.0 006.5 4h3A1.5 1.5.0 0011 2.5v-1A1.5 1.5.0 009.5.0h-3zm3 1a.5.5.0 01.5.5v1a.5.5.0 01-.5.5h-3A.5.5.0 016 2.5v-1a.5.5.0 01.5-.5h3z"/><path d="M4 1.5H3a2 2 0 00-2 2V14a2 2 0 002 2h10a2 2 0 002-2V3.5a2 2 0 00-2-2h-1v1A2.5 2.5.0 019.5 5h-3A2.5 2.5.0 014 2.5v-1zm6.854 7.354-3 3a.5.5.0 01-.708.0l-1.5-1.5a.5.5.0 01.708-.708L7.5 10.793l2.646-2.647a.5.5.0 01.708.708z"/></symbol><symbol id="pencil-square" viewBox="0 0 16 16"><path d="M15.502 1.94a.5.5.0 010 .706L14.459 3.69l-2-2L13.502.646a.5.5.0 01.707.0l1.293 1.293zm-1.75 2.456-2-2L4.939 9.21a.5.5.0 00-.121.196l-.805 2.414a.25.25.0 00.316.316l2.414-.805a.5.5.0 00.196-.12l6.813-6.814z"/><path fill-rule="evenodd" d="M1 13.5A1.5 1.5.0 002.5 15h11a1.5 1.5.0 001.5-1.5v-6a.5.5.0 00-1 0v6a.5.5.0 01-.5.5h-11a.5.5.0 01-.5-.5v-11a.5.5.0 01.5-.5H9a.5.5.0 000-1H2.5A1.5 1.5.0 001 2.5v11z"/></symbol><symbol id="github" viewBox="0 0 16 16"><path d="M8 0C3.58.0.0 3.58.0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38.0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95.0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12.0.0.67-.21 2.2.82.64-.18 1.32-.27 2-.27s1.36.09 2 .27c1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15.0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48.0 1.07-.01 1.93-.01 2.2.0.21.15.46.55.38A8.012 8.012.0 0016 8c0-4.42-3.58-8-8-8z"/></symbol><symbol id="box-arrow-up-right" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8.636 3.5a.5.5.0 00-.5-.5H1.5A1.5 1.5.0 000 4.5v10A1.5 1.5.0 001.5 16h10a1.5 1.5.0 001.5-1.5V7.864a.5.5.0 00-1 0V14.5a.5.5.0 01-.5.5h-10a.5.5.0 01-.5-.5v-10a.5.5.0 01.5-.5h6.636a.5.5.0 00.5-.5z"/><path fill-rule="evenodd" d="M16 .5a.5.5.0 00-.5-.5h-5a.5.5.0 000 1h3.793L6.146 9.146a.5.5.0 10.708.708L15 1.707V5.5a.5.5.0 001 0v-5z"/></symbol></svg><header class="navbar docs-navbar navbar-expand-lg py-0 align-items-center"><div class=docs-left-toggle><button class=navbar-toggler type=button data-bs-toggle=offcanvas data-bs-target=#bdSidebar aria-controls=bdSidebar aria-label="Toggle docs content"><svg xmlns="http://www.w3.org/2000/svg" width="1.5rem" height="1.5rem" fill="currentcolor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M2.5 11.5A.5.5.0 013 11h10a.5.5.0 010 1H3a.5.5.0 01-.5-.5zm0-4A.5.5.0 013 7h10a.5.5.0 010 1H3a.5.5.0 01-.5-.5zm0-4A.5.5.0 013 3h10a.5.5.0 010 1H3a.5.5.0 01-.5-.5z"/></svg> Browse</button></div><div class="docs-right-toggle order-3"><button class=navbar-toggler type=button data-bs-toggle=offcanvas data-bs-target=#offcanvas aria-controls=offcanvas aria-label="Toggle Crossplane navigation"><svg class="bi white" aria-hidden="true"><use xlink:href="#three-dots"/></svg></button></div><div class=navbar-brand><a href=https://www.crossplane.io aria-label=Crossplane><img src=/img/crossplane-logo.svg alt="Crossplane logo" srcset="/img/crossplane-logo.svg 1x, /img/crossplane-logo.svg 2x" width=152px decoding=async data-nimg=future loading=lazy></a></div><div class="w-100 offcanvas-lg offcanvas-end" tabindex=-1 id=offcanvas aria-labelledby=offcanvasLabel><div class="offcanvas-body p-0"><div class="offcanvas-header p-0"><div class=navbar-brand><a href=https://www.crossplane.io aria-label=Crossplane><img src=/img/crossplane-logo.svg alt="Crossplane logo" srcset="/img/crossplane-logo.svg 1x, /img/crossplane-logo.svg 2x" width=152px decoding=async data-nimg=future loading=lazy></a></div><button type=button class="btn-close btn-close-white" data-bs-dismiss=offcanvas aria-label=Close data-bs-target=#offcanvas></button></div><div class="navbar-center-links collapse navbar-collapse justify-content-evenly show"><ul class="navbar-nav align-items-center"><li class=nav-item><a class=navbar-link href=https://www.crossplane.io/why-control-planes>Why Control Planes?</a></li><li class=nav-item><a class=navbar-link aria-current=page href=https://docs.crossplane.io/>Documentation</a></li><li class=nav-item><a class=navbar-link href=https://www.crossplane.io/community>Community</a></li><li class=nav-item><a class=navbar-link href=https://blog.crossplane.io/>Blog</a></li></ul></div><div class="navbar-icons flex-shrink-1 show"><ul class=navbar-nav><li class="nav-item col-xs p-2"><a class=navbar-link href=https://github.com/crossplane title="Crossplane Github Repository" target=_blank rel=noopener><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentcolor" class="icon-github" viewBox="0 0 16 16"><path d="M8 0C3.58.0.0 3.58.0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38.0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95.0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12.0.0.67-.21 2.2.82.64-.18 1.32-.27 2-.27s1.36.09 2 .27c1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15.0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48.0 1.07-.01 1.93-.01 2.2.0.21.15.46.55.38A8.012 8.012.0 0016 8c0-4.42-3.58-8-8-8z"/></svg>Crossplane GitHub</a></li><li class="nav-item col-xs p-2"><div id=slack><a class=navbar-link href=https://slack.crossplane.io title="Join the Crossplane Slack" target=_blank rel=noopener><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentcolor" class="icon-slack" viewBox="0 0 16 16"><path d="M3.362 10.11c0 .926-.756 1.681-1.681 1.681S0 11.036.0 10.111C0 9.186.756 8.43 1.68 8.43h1.682v1.68zm.846.0c0-.924.756-1.68 1.681-1.68s1.681.756 1.681 1.68v4.21c0 .924-.756 1.68-1.68 1.68a1.685 1.685.0 01-1.682-1.68v-4.21zM5.89 3.362c-.926.0-1.682-.756-1.682-1.681S4.964.0 5.89.0s1.68.756 1.68 1.68v1.682H5.89zm0 .846c.924.0 1.68.756 1.68 1.681S6.814 7.57 5.89 7.57H1.68C.757 7.57.0 6.814.0 5.89c0-.926.756-1.682 1.68-1.682h4.21zm6.749 1.682c0-.926.755-1.682 1.68-1.682.925.0 1.681.756 1.681 1.681s-.756 1.681-1.68 1.681h-1.681V5.89zm-.848.0c0 .924-.755 1.68-1.68 1.68A1.685 1.685.0 018.43 5.89V1.68C8.43.757 9.186.0 10.11.0c.926.0 1.681.756 1.681 1.68v4.21zm-1.681 6.748c.926.0 1.682.756 1.682 1.681S11.036 16 10.11 16s-1.681-.756-1.681-1.68v-1.682h1.68zm0-.847c-.924.0-1.68-.755-1.68-1.68.0-.925.756-1.681 1.68-1.681h4.21c.924.0 1.68.756 1.68 1.68.0.926-.756 1.681-1.68 1.681h-4.21z"/></svg>Crossplane Slack</a></div></li><li class="nav-item col-x p-2"><div class="vr d-lg-flex mx-lg-2 text-white"></div></li><li class="nav-item col-xs p-2"><div class="form-check form-switch color-switcher"><input class="d-flex form-check-input" type=checkbox id=darkSwitch> <label class="d-flex navbar-link form-check-label" for=darkSwitch>Dark Mode</label></div></li></ul></div></div></div></header><div class="bd-layout docs-container" data-bs-spy=scroll data-bs-target=#TableOfContents data-bs-threshold=0,1 data-bs-root-margin="0% 0% -75%"><aside class=bd-sidebar><div class="offcanvas-lg offcanvas-start bd-sidebar-container" tabindex=-1 id=bdSidebar aria-labelledby=bdSidebarOffcanvasLabel><div class="offcanvas-header pb-4 border-bottom"><div class="d-flex offcanvas-title fw-bold" id=bdNavbarOffcanvasLabel>Crossplane Documentation - v1.18</div><div class=d-flex><button type=button class="btn-close bi align-self-center p-0" data-bs-dismiss=offcanvas aria-label=Close data-bs-target=#bdSidebar></button></div></div><div class=offcanvas-body><div class="container-fluid p-0"><div class="search-container d-flex row pt-3 ps-4 docsearch opacity-50" data-bs-target=#bdSidebar data-bs-dismiss=offcanvas aria-label="Docs navigation"><div class=p-0 id=docSearch></div></div><nav class="bd-links-nav w-100" aria-label="Docs navigation"><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/>Overview</a></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/getting-started/>Getting Started</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Getting Started Section"> <label for=collapse-83678735 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-83678735 aria-expanded=false aria-label="Close or Expand Getting Started Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-83678735><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/getting-started/introduction/>Crossplane Introduction</a></div></div><div class="container flex-row collapse" id=collapse-83678735><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/getting-started/provider-aws/>AWS Quickstart</a></div></div><div class="container flex-row collapse" id=collapse-83678735><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/getting-started/provider-azure/>Azure Quickstart</a></div></div><div class="container flex-row collapse" id=collapse-83678735><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/getting-started/provider-gcp/>GCP Quickstart</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/software/>Install, Upgrade and Uninstall</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Install, Upgrade and Uninstall Section"> <label for=collapse-2ea344ac class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-2ea344ac aria-expanded=false aria-label="Close or Expand Install, Upgrade and Uninstall Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-2ea344ac><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/software/install/>Install Crossplane</a></div></div><div class="container flex-row collapse" id=collapse-2ea344ac><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/software/upgrade/>Upgrade Crossplane</a></div></div><div class="container flex-row collapse" id=collapse-2ea344ac><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/software/uninstall/>Uninstall Crossplane</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/concepts/>Concepts</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Concepts Section"> <label for=collapse-4c9a67bb class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-4c9a67bb aria-expanded=false aria-label="Close or Expand Concepts Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/pods/>Crossplane Pods</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/providers/>Providers</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/managed-resources/>Managed Resources</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/compositions/>Compositions</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/composition-revisions/>Composition Revisions</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/composite-resource-definitions/>Composite Resource Definitions</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/composite-resources/>Composite Resources</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/claims/>Claims</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/environment-configs/>Environment Configurations</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/usages/>Usages</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/connection-details/>Connection Details</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/packages/>Configuration Packages</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/server-side-apply/>Server-Side Apply</a></div></div><div class="container flex-row collapse" id=collapse-4c9a67bb><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/concepts/image-configs/>Image Configs</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100 active-parent"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/guides/>Guides</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" checked aria-label="Close or Expand Guides Section"> <label for=collapse-0092279e class=sidebar-label data-bs-toggle=collapse data-bs-target=#collapse-0092279e aria-expanded=false aria-label="Close or Expand Guides Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/disaster-recovery/>Disaster Recovery with Crossplane</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/metrics/>Metrics</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/function-patch-and-transform/>Function Patch and Transform</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/write-a-composition-function-in-go/>Write a Composition Function in Go</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/write-a-composition-function-in-python/>Write a Composition Function in Python</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/import-existing-resources/>Import Existing Resources</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex active" href=https://docs.crossplane.io/v1.18/guides/vault-as-secret-store/>Vault as an External Secret Store</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/vault-injection/>Vault Credential Injection</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/multi-tenant/>Multi-Tenant Crossplane</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/crossplane-with-argo-cd/>Configuring Crossplane with Argo CD</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/self-signed-ca-certs/>Self-Signed CA Certs</a></div></div><div class="container flex-row collapse show" id=collapse-0092279e><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/guides/troubleshoot-crossplane/>Troubleshoot Crossplane</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/cli/>CLI Reference</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand CLI Reference Section"> <label for=collapse-ffd26267 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-ffd26267 aria-expanded=false aria-label="Close or Expand CLI Reference Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-ffd26267><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/cli/command-reference/>Command Reference</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/api/>API Reference</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand API Reference Section"> <label for=collapse-6144acbe class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-6144acbe aria-expanded=false aria-label="Close or Expand API Reference Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/v1.18/learn/>Learn More</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Learn More Section"> <label for=collapse-a721e305 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-a721e305 aria-expanded=false aria-label="Close or Expand Learn More Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-a721e305><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/learn/release-cycle/>Release Cycle</a></div></div><div class="container flex-row collapse" id=collapse-a721e305><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/v1.18/learn/feature-lifecycle/>Feature Lifecycle</a></div></div></div><div class="section-container container pe-0 pt-1"><div class=nav-container><a href=https://docs.crossplane.io/contribute/ class="d-inline-flex align-items-center">Contributing Guide</a></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href="https://github.com/orgs/crossplane/projects/20/views/9?pane=info" target=_blank>Crossplane Roadmap</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><a href="https://github.com/orgs/crossplane/projects/20/views/9?pane=info"><svg class="flex bi"><use xlink:href="#box-arrow-up-right"/></svg></a></div></div></div></nav></div></div></aside><main class="bd-main order-1"><div class="bd-intro pt-2 ps-lg-2"><div class="d-md-flex flex-md-row-reverse align-items-center justify-content-between"><div class="mb-3 mb-md-0 d-flex"><div class="dropdown float-end bd-dropdown"><a class="btn btn-outline-secondary dropdown-toggle bd-dropdown-item text-reset" href=# role=button id=dropdownMenuLink data-bs-toggle=dropdown aria-haspopup=true aria-expanded=false>v1.18<div class="badge rounded-pill latest">Latest</div></a><div class="dropdown-menu bd-border-color bd-dropdown" aria-labelledby=dropdownMenuLink><a class="dropdown-item bd-dropdown-item" href=https://docs.crossplane.io/master/guides/vault-as-secret-store/>master</a> <a class="dropdown-item bd-dropdown-item active" aria-current=true href=https://docs.crossplane.io/v1.18/guides/vault-as-secret-store/>v1.18<div class="badge rounded-pill latest">Latest</div></a><a class="dropdown-item bd-dropdown-item" href=https://docs.crossplane.io/v1.17/guides/vault-as-secret-store/>v1.17</a> <a class="dropdown-item bd-dropdown-item" href=https://docs.crossplane.io/v1.16/guides/vault-as-secret-store/>v1.16</a></div></div></div><h1 class="bd-title mb-0" id=content>Vault as an External Secret Store</h1></div></div><div class="bd-toc mt-3 mb-5 my-lg-0 ps-xl-3 mb-lg-5"><button class="btn btn-link p-md-0 mb-2 mb-md-0 text-decoration-none bd-toc-toggle d-md-none" type=button data-bs-toggle=collapse data-bs-target=#tocContents aria-expanded=false aria-controls=tocContents> On this page<svg class="bi d-md-none ms-2" aria-hidden="true"><use xlink:href="#chevron-expand"/></svg></button> On this page<hr class="d-none d-md-block my-2"><div class="collapse bd-toc-collapse" id=tocContents><nav id=TableOfContents><ul class=nav><li class=nav-item><a class=nav-link href=#prerequisites>Prerequisites</a></li><li class=nav-item><a class=nav-link href=#install-vault>Install Vault</a><ul class=nav><li class=nav-item><a class=nav-link href=#add-the-vault-helm-chart>Add the Vault Helm chart</a></li><li class=nav-item><a class=nav-link href=#unseal-vault>Unseal Vault</a></li></ul></li><li class=nav-item><a class=nav-link href=#configure-vault-kubernetes-authentication>Configure Vault Kubernetes authentication</a><ul class=nav><li class=nav-item><a class=nav-link href=#get-the-vault-root-token>Get the Vault root token</a></li><li class=nav-item><a class=nav-link href=#enable-kubernetes-authentication>Enable Kubernetes authentication</a></li></ul></li><li class=nav-item><a class=nav-link href=#configure-vault-for-crossplane-integration>Configure Vault for Crossplane integration</a><ul class=nav><li class=nav-item><a class=nav-link href=#enable-the-vault-kv-secrets-engine>Enable the Vault kv secrets engine</a></li><li class=nav-item><a class=nav-link href=#create-a-vault-policy-for-crossplane>Create a Vault policy for Crossplane</a></li></ul></li><li class=nav-item><a class=nav-link href=#install-crossplane>Install Crossplane</a></li><li class=nav-item><a class=nav-link href=#install-the-crossplane-vault-plugin>Install the Crossplane Vault plugin</a></li><li class=nav-item><a class=nav-link href=#configure-crossplane>Configure Crossplane</a><ul class=nav><li class=nav-item><a class=nav-link href=#enable-external-secret-stores-in-the-provider>Enable external secret stores in the Provider</a></li><li class=nav-item><a class=nav-link href=#connect-the-crossplane-plugin-to-vault>Connect the Crossplane plugin to Vault</a></li><li class=nav-item><a class=nav-link href=#create-a-crossplane-storeconfig>Create a Crossplane StoreConfig</a></li><li class=nav-item><a class=nav-link href=#create-a-provider-storeconfig>Create a Provider StoreConfig</a></li></ul></li><li class=nav-item><a class=nav-link href=#create-provider-resources>Create Provider resources</a><ul class=nav><li class=nav-item><a class=nav-link href=#create-a-compositeresourcedefinition>Create a CompositeResourceDefinition</a></li><li class=nav-item><a class=nav-link href=#create-a-composition>Create a Composition</a></li><li class=nav-item><a class=nav-link href=#create-a-claim>Create a Claim</a></li></ul></li><li class=nav-item><a class=nav-link href=#verify-the-resources>Verify the resources</a></li><li class=nav-item><a class=nav-link href=#verify-vault-secrets>Verify Vault secrets</a><ul class=nav><li class=nav-item><a class=nav-link href=#remove-the-resources>Remove the resources</a></li></ul></li></ul></li></ul></nav><nav class=pt-3><div class=pb-2><svg class="bi" width="1em" height="1em"><use xlink:href="#pencil-square"/></svg><a target=_blank href="https://github.com/crossplane/docs/issues/new?title=[Web%20Bug]%20-%20Vault%20as%20an%20External%20Secret%20Store&body=%3c!--%20What%27s%20the%20problem?%20--%3e%0a%0a%0aURL:%20https://docs.crossplane.io/v1.18/guides/vault-as-secret-store/">Report a problem</a></div><div><svg class="bi" width="1em" height="1em"><use xlink:href="#github"/></svg><a href=https://github.com/crossplane/docs/tree/master/content/v1.18/guides/vault-as-secret-store.md>View page source</a></div></div></nav></div><div class="bd-content ps-lg-2 DocSearch-content">This guide walks through the steps required to configure Crossplane and its Providers to use <a href=https://www.vaultproject.io/>Vault</a> as an <a href=https://github.com/crossplane/crossplane/blob/main/design/design-doc-external-secret-stores.md>External Secret Store</a> (<code>ESS</code>) with <a href=https://github.com/crossplane-contrib/ess-plugin-vault>ESS Plugin Vault</a>.<div class="admonition warning d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="warning:"><use xlink:href="#fire"/></svg>Warning</div><div class=admonition-content>External Secret Stores are an alpha feature.They’re not recommended for production use. Crossplane disables External Secret Stores by default.</div></div>Crossplane uses sensitive information including Provider credentials, inputs to managed resources and connection details.The <a href=https://docs.crossplane.io/v1.18/guides/vault-injection/>Vault credential injection guide</a> details using Vault and Crossplane for Provider credentials.Crossplane doesn’t support for using Vault for managed resources input. <a href=https://github.com/crossplane/crossplane/issues/2985>Crossplane issue #2985</a> tracks support for this feature.Supporting connection details with Vault requires a Crossplane external secret store.<h2 id=prerequisites>Prerequisites <a class=anchor-link id=prerequisites href=#prerequisites aria-label="Link to this section: Prerequisites"></a></h2>This guide requires <a href=https://helm.sh>Helm</a> version 3.11 or later.<h2 id=install-vault>Install Vault <a class=anchor-link id=install-vault href=#install-vault aria-label="Link to this section: Install Vault"></a></h2><div class="admonition note d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="note:"><use xlink:href="#info"/></svg>Note</div><div class=admonition-content>Detailed instructions on <a href=https://developer.hashicorp.com/vault/docs/platform/k8s/helm>installing Vault</a> are available from the Vault documentation.</div></div><h3 id=add-the-vault-helm-chart>Add the Vault Helm chart <a class=anchor-link id=add-the-vault-helm-chart href=#add-the-vault-helm-chart aria-label="Link to this section: Add the Vault Helm chart"></a></h3>Add the Helm repository for <code>hashicorp</code>.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-0-1>1</a>helm repo add hashicorp https://helm.releases.hashicorp.com --force-update </code></pre></div>Install Vault using Helm.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-1-1>1</a>helm -n vault-system upgrade --install vault hashicorp/vault --create-namespace </code></pre></div><h3 id=unseal-vault>Unseal Vault <a class=anchor-link id=unseal-vault href=#unseal-vault aria-label="Link to this section: Unseal Vault"></a></h3>If Vault is <a href=https://developer.hashicorp.com/vault/docs/concepts/seal>sealed</a> unseal Vault using the unseal keys.Get the Vault keys.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-2-1>1</a>kubectl -n vault-system exec vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format=json > cluster-keys.json <a class=lnlinks href=#hl-2-2>2</a>VAULT_UNSEAL_KEY=$(cat cluster-keys.json | jq -r ".unseal_keys_b64[]") </code></pre></div>Unseal the vault using the keys.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-3-1> 1</a>kubectl -n vault-system exec vault-0 -- vault operator unseal $VAULT_UNSEAL_KEY <a class=lnlinks href=#hl-3-2> 2</a>Key Value <a class=lnlinks href=#hl-3-3> 3</a>--- ----- <a class=lnlinks href=#hl-3-4> 4</a>Seal Type shamir <a class=lnlinks href=#hl-3-5> 5</a>Initialized true <a class=lnlinks href=#hl-3-6> 6</a>Sealed false <a class=lnlinks href=#hl-3-7> 7</a>Total Shares 1 <a class=lnlinks href=#hl-3-8> 8</a>Threshold 1 <a class=lnlinks href=#hl-3-9> 9</a>Version 1.13.1 <a class=lnlinks href=#hl-3-10>10</a>Build Date 2023-03-23T12:51:35Z <a class=lnlinks href=#hl-3-11>11</a>Storage Type file <a class=lnlinks href=#hl-3-12>12</a>Cluster Name vault-cluster-df884357 <a class=lnlinks href=#hl-3-13>13</a>Cluster ID b3145d26-2c1a-a7f2-a364-81753033c0d9 <a class=lnlinks href=#hl-3-14>14</a>HA Enabled false </code></pre></div><h2 id=configure-vault-kubernetes-authentication>Configure Vault Kubernetes authentication <a class=anchor-link id=configure-vault-kubernetes-authentication href=#configure-vault-kubernetes-authentication aria-label="Link to this section: Configure Vault Kubernetes authentication"></a></h2>Enable the <a href=https://www.vaultproject.io/docs/auth/kubernetes>Kubernetes auth method</a> for Vault to authenticate requests based on Kubernetes service accounts.<h3 id=get-the-vault-root-token>Get the Vault root token <a class=anchor-link id=get-the-vault-root-token href=#get-the-vault-root-token aria-label="Link to this section: Get the Vault root token"></a></h3>The Vault root token is inside the JSON file created when <a href=#unseal-vault>unsealing Vault</a>.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-4-1>1</a>cat cluster-keys.json | jq -r ".root_token" </code></pre></div><h3 id=enable-kubernetes-authentication>Enable Kubernetes authentication <a class=anchor-link id=enable-kubernetes-authentication href=#enable-kubernetes-authentication aria-label="Link to this section: Enable Kubernetes authentication"></a></h3>Connect to a shell in the Vault pod.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-5-1>1</a>kubectl -n vault-system exec -it vault-0 -- /bin/sh <a class=lnlinks href=#hl-5-2>2</a>/ $ </code></pre></div>From the Vault shell, login to Vault using the root token.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-6-1> 1</a>vault login # use the root token from above <a class=lnlinks href=#hl-6-2> 2</a>Token (will be hidden): <a class=lnlinks href=#hl-6-3> 3</a>Success! You are now authenticated. The token information displayed below <a class=lnlinks href=#hl-6-4> 4</a>is already stored in the token helper. You do NOT need to run "vault login" <a class=lnlinks href=#hl-6-5> 5</a>again. Future Vault requests will automatically use this token. <a class=lnlinks href=#hl-6-6> 6</a> <a class=lnlinks href=#hl-6-7> 7</a>Key Value <a class=lnlinks href=#hl-6-8> 8</a>--- ----- <a class=lnlinks href=#hl-6-9> 9</a>token hvs.TSN4SssfMBM0HAtwGrxgARgn <a class=lnlinks href=#hl-6-10>10</a>token_accessor qodxHrINVlRXKyrGeeDkxnih <a class=lnlinks href=#hl-6-11>11</a>token_duration ∞ <a class=lnlinks href=#hl-6-12>12</a>token_renewable false <a class=lnlinks href=#hl-6-13>13</a>token_policies ["root"] <a class=lnlinks href=#hl-6-14>14</a>identity_policies [] <a class=lnlinks href=#hl-6-15>15</a>policies ["root"] </code></pre></div>Enable the Kubernetes authentication method in Vault.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-7-1>1</a>vault auth enable kubernetes <a class=lnlinks href=#hl-7-2>2</a>Success! Enabled kubernetes auth method at: kubernetes/ </code></pre></div>Configure Vault to communicate with Kubernetes and exit the Vault shell<div class=highlight copy-lines=1-4><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-8-1>1</a>vault write auth/kubernetes/config \ <a class=lnlinks href=#hl-8-2>2</a> token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ <a class=lnlinks href=#hl-8-3>3</a> kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \ <a class=lnlinks href=#hl-8-4>4</a> kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt <a class=lnlinks href=#hl-8-5>5</a>Success! Data written to: auth/kubernetes/config <a class=lnlinks href=#hl-8-6>6</a>/ $ exit </code></pre></div><h2 id=configure-vault-for-crossplane-integration>Configure Vault for Crossplane integration <a class=anchor-link id=configure-vault-for-crossplane-integration href=#configure-vault-for-crossplane-integration aria-label="Link to this section: Configure Vault for Crossplane integration"></a></h2>Crossplane relies on the Vault key-value secrets engine to store information and Vault requires a permissions policy for the Crossplane service account.<h3 id=enable-the-vault-kv-secrets-engine>Enable the Vault kv secrets engine <a class=anchor-link id=enable-the-vault-kv-secrets-engine href=#enable-the-vault-kv-secrets-engine aria-label="Link to this section: Enable the Vault kv secrets engine"></a></h3>Enable the <a href=https://developer.hashicorp.com/vault/docs/secrets/kv>Vault KV Secrets Engine</a>.<div class="admonition important d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="important:"><use xlink:href="#exclamation"/></svg>Important</div><div class=admonition-content>Vault has two versions of the <a href=https://developer.hashicorp.com/vault/docs/secrets/kv>KV Secrets Engine</a>. This example uses version 2.</div></div><div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-9-1>1</a>kubectl -n vault-system exec -it vault-0 -- vault secrets enable -path=secret kv-v2 <a class=lnlinks href=#hl-9-2>2</a>Success! Enabled the kv-v2 secrets engine at: secret/ </code></pre></div><h3 id=create-a-vault-policy-for-crossplane>Create a Vault policy for Crossplane <a class=anchor-link id=create-a-vault-policy-for-crossplane href=#create-a-vault-policy-for-crossplane aria-label="Link to this section: Create a Vault policy for Crossplane"></a></h3>Create the Vault policy to allow Crossplane to read and write data from Vault.<div class=highlight copy-lines=1-8><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-10-1>1</a>kubectl -n vault-system exec -i vault-0 -- vault policy write crossplane - <<EOF <a class=lnlinks href=#hl-10-2>2</a>path "secret/data/*" { <a class=lnlinks href=#hl-10-3>3</a> capabilities = ["create", "read", "update", "delete"] <a class=lnlinks href=#hl-10-4>4</a>} <a class=lnlinks href=#hl-10-5>5</a>path "secret/metadata/*" { <a class=lnlinks href=#hl-10-6>6</a> capabilities = ["create", "read", "update", "delete"] <a class=lnlinks href=#hl-10-7>7</a>} <a class=lnlinks href=#hl-10-8>8</a>EOF <a class=lnlinks href=#hl-10-9>9</a>Success! Uploaded policy: crossplane </code></pre></div>Apply the policy to Vault.<div class=highlight copy-lines=1-5><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-11-1>1</a>kubectl -n vault-system exec -it vault-0 -- vault write auth/kubernetes/role/crossplane \ <a class=lnlinks href=#hl-11-2>2</a> bound_service_account_names="*" \ <a class=lnlinks href=#hl-11-3>3</a> bound_service_account_namespaces=crossplane-system \ <a class=lnlinks href=#hl-11-4>4</a> policies=crossplane \ <a class=lnlinks href=#hl-11-5>5</a> ttl=24h <a class=lnlinks href=#hl-11-6>6</a>Success! Data written to: auth/kubernetes/role/crossplane </code></pre></div><h2 id=install-crossplane>Install Crossplane <a class=anchor-link id=install-crossplane href=#install-crossplane aria-label="Link to this section: Install Crossplane"></a></h2><div class="admonition important d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="important:"><use xlink:href="#exclamation"/></svg>Important</div><div class=admonition-content>Crossplane v1.12 introduced the plugin support. Make sure your version of Crossplane supports plugins.</div></div>Install the Crossplane with the External Secrets Stores feature enabled.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-12-1>1</a>helm upgrade --install crossplane crossplane-stable/crossplane --namespace crossplane-system --create-namespace --set args='{--enable-external-secret-stores}' </code></pre></div><h2 id=install-the-crossplane-vault-plugin>Install the Crossplane Vault plugin <a class=anchor-link id=install-the-crossplane-vault-plugin href=#install-the-crossplane-vault-plugin aria-label="Link to this section: Install the Crossplane Vault plugin"></a></h2>The Crossplane Vault plugin isn’t part of the default Crossplane install. The plugin installs as a unique Pod that uses the <a href=https://www.vaultproject.io/docs/platform/k8s/injector>Vault Agent Sidecar Injection</a> to connect the Vault secret store to Crossplane.First, configure annotations for the Vault plugin pod.<div class=highlight><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-13-1>1</a>cat > values.yaml <<EOF <a class=lnlinks href=#hl-13-2>2</a>podAnnotations: <a class=lnlinks href=#hl-13-3>3</a> vault.hashicorp.com/agent-inject: "true" <a class=lnlinks href=#hl-13-4>4</a> vault.hashicorp.com/agent-inject-token: "true" <a class=lnlinks href=#hl-13-5>5</a> vault.hashicorp.com/role: crossplane <a class=lnlinks href=#hl-13-6>6</a> vault.hashicorp.com/agent-run-as-user: "65532" <a class=lnlinks href=#hl-13-7>7</a>EOF </code></pre></div>Next, install the Crossplane ESS Plugin pod to the <code>crossplane-system</code> namespace and apply the Vault annotations.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-14-1>1</a>helm upgrade --install ess-plugin-vault oci://xpkg.upbound.io/crossplane-contrib/ess-plugin-vault --namespace crossplane-system -f values.yaml </code></pre></div><h2 id=configure-crossplane>Configure Crossplane <a class=anchor-link id=configure-crossplane href=#configure-crossplane aria-label="Link to this section: Configure Crossplane"></a></h2>Using the Vault plugin requires configuration to connect to the Vault service. The plugin also requires Providers to enable external secret stores.With the plugin and providers configured, Crossplane requires two <code>StoreConfig</code> objects to describe how Crossplane and the Providers communicate with vault.<h3 id=enable-external-secret-stores-in-the-provider>Enable external secret stores in the Provider <a class=anchor-link id=enable-external-secret-stores-in-the-provider href=#enable-external-secret-stores-in-the-provider aria-label="Link to this section: Enable external secret stores in the Provider"></a></h3><div class="admonition note d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="note:"><use xlink:href="#info"/></svg>Note</div><div class=admonition-content>This example uses Provider GCP, but the <code><highlight-term id=1731573034746140447 data-label=ControllerConfig data-line=2>ControllerConfig</highlight-term></code> is the same for all Providers.</div></div>Create a <code>ControllerConfig</code> object to enable external secret stores.<div class=highlight label=ControllerConfig><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-15-1>1</a>echo "apiVersion: pkg.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-15-2>2</a>kind: ControllerConfig <a class=lnlinks href=#hl-15-3>3</a>metadata: <a class=lnlinks href=#hl-15-4>4</a> name: vault-config <a class=lnlinks href=#hl-15-5>5</a>spec: <a class=lnlinks href=#hl-15-6>6</a> args: <a class=lnlinks href=#hl-15-7>7</a> - --enable-external-secret-stores" | kubectl apply -f - </code></pre></div>Install the Provider and apply the ControllerConfig.<div class=highlight><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-16-1>1</a>echo "apiVersion: pkg.crossplane.io/v1 <a class=lnlinks href=#hl-16-2>2</a>kind: Provider <a class=lnlinks href=#hl-16-3>3</a>metadata: <a class=lnlinks href=#hl-16-4>4</a> name: provider-gcp <a class=lnlinks href=#hl-16-5>5</a>spec: <a class=lnlinks href=#hl-16-6>6</a> package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5 <a class=lnlinks href=#hl-16-7>7</a> controllerConfigRef: <a class=lnlinks href=#hl-16-8>8</a> name: vault-config" | kubectl apply -f - </code></pre></div><h3 id=connect-the-crossplane-plugin-to-vault>Connect the Crossplane plugin to Vault <a class=anchor-link id=connect-the-crossplane-plugin-to-vault href=#connect-the-crossplane-plugin-to-vault aria-label="Link to this section: Connect the Crossplane plugin to Vault"></a></h3>Create a <code><highlight-term id=1731573034746253600 data-label=VaultConfig data-line=2>VaultConfig</highlight-term></code> resource for the plugin to connect to the Vault service:<div class=highlight label=VaultConfig><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-17-1> 1</a>echo "apiVersion: secrets.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-17-2> 2</a>kind: VaultConfig <a class=lnlinks href=#hl-17-3> 3</a>metadata: <a class=lnlinks href=#hl-17-4> 4</a> name: vault-internal <a class=lnlinks href=#hl-17-5> 5</a>spec: <a class=lnlinks href=#hl-17-6> 6</a> server: http://vault.vault-system:8200 <a class=lnlinks href=#hl-17-7> 7</a> mountPath: secret/ <a class=lnlinks href=#hl-17-8> 8</a> version: v2 <a class=lnlinks href=#hl-17-9> 9</a> auth: <a class=lnlinks href=#hl-17-10>10</a> method: Token <a class=lnlinks href=#hl-17-11>11</a> token: <a class=lnlinks href=#hl-17-12>12</a> source: Filesystem <a class=lnlinks href=#hl-17-13>13</a> fs: <a class=lnlinks href=#hl-17-14>14</a> path: /vault/secrets/token" | kubectl apply -f - </code></pre></div><h3 id=create-a-crossplane-storeconfig>Create a Crossplane StoreConfig <a class=anchor-link id=create-a-crossplane-storeconfig href=#create-a-crossplane-storeconfig aria-label="Link to this section: Create a Crossplane StoreConfig"></a></h3>Create a <code><highlight-term id=1731573034746279912 data-label=xp-storeconfig data-line=2>StoreConfig</highlight-term></code> object from the <code><highlight-term id=1731573034746305367 data-label=xp-storeconfig data-line=1>secrets.crossplane.io</highlight-term></code> group. Crossplane uses the StoreConfig to connect to the Vault plugin service.The <code><highlight-term id=1731573034746331021 data-label=xp-storeconfig data-line=10>configRef</highlight-term></code> connects the StoreConfig to the specific Vault plugin configuration.<div class=highlight label=xp-storeconfig><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-18-1> 1</a>echo "apiVersion: secrets.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-18-2> 2</a>kind: StoreConfig <a class=lnlinks href=#hl-18-3> 3</a>metadata: <a class=lnlinks href=#hl-18-4> 4</a> name: vault <a class=lnlinks href=#hl-18-5> 5</a>spec: <a class=lnlinks href=#hl-18-6> 6</a> type: Plugin <a class=lnlinks href=#hl-18-7> 7</a> defaultScope: crossplane-system <a class=lnlinks href=#hl-18-8> 8</a> plugin: <a class=lnlinks href=#hl-18-9> 9</a> endpoint: ess-plugin-vault.crossplane-system:4040 <a class=lnlinks href=#hl-18-10>10</a> configRef: <a class=lnlinks href=#hl-18-11>11</a> apiVersion: secrets.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-18-12>12</a> kind: VaultConfig <a class=lnlinks href=#hl-18-13>13</a> name: vault-internal" | kubectl apply -f - </code></pre></div><h3 id=create-a-provider-storeconfig>Create a Provider StoreConfig <a class=anchor-link id=create-a-provider-storeconfig href=#create-a-provider-storeconfig aria-label="Link to this section: Create a Provider StoreConfig"></a></h3>Create a <code><highlight-term id=1731573034746354576 data-label=gcp-storeconfig data-line=2>StoreConfig</highlight-term></code> object from the Provider’s API group, <code><highlight-term id=1731573034746377076 data-label=gcp-storeconfig data-line=1>gcp.crossplane.io</highlight-term></code>. The Provider uses this StoreConfig to communicate with Vault for Managed Resources.The <code><highlight-term id=1731573034746404329 data-label=gcp-storeconfig data-line=10>configRef</highlight-term></code> connects the StoreConfig to the specific Vault plugin configuration.<div class=highlight label=gcp-storeconfig><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-19-1> 1</a>echo "apiVersion: gcp.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-19-2> 2</a>kind: StoreConfig <a class=lnlinks href=#hl-19-3> 3</a>metadata: <a class=lnlinks href=#hl-19-4> 4</a> name: vault <a class=lnlinks href=#hl-19-5> 5</a>spec: <a class=lnlinks href=#hl-19-6> 6</a> type: Plugin <a class=lnlinks href=#hl-19-7> 7</a> defaultScope: crossplane-system <a class=lnlinks href=#hl-19-8> 8</a> plugin: <a class=lnlinks href=#hl-19-9> 9</a> endpoint: ess-plugin-vault.crossplane-system:4040 <a class=lnlinks href=#hl-19-10>10</a> configRef: <a class=lnlinks href=#hl-19-11>11</a> apiVersion: secrets.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-19-12>12</a> kind: VaultConfig <a class=lnlinks href=#hl-19-13>13</a> name: vault-internal" | kubectl apply -f - </code></pre></div><h2 id=create-provider-resources>Create Provider resources <a class=anchor-link id=create-provider-resources href=#create-provider-resources aria-label="Link to this section: Create Provider resources"></a></h2>Check that Crossplane installed the Provider and the Provider is healthy.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-20-1>1</a>kubectl get providers <a class=lnlinks href=#hl-20-2>2</a>NAME INSTALLED HEALTHY PACKAGE AGE <a class=lnlinks href=#hl-20-3>3</a>provider-gcp True True xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5 10m </code></pre></div><h3 id=create-a-compositeresourcedefinition>Create a CompositeResourceDefinition <a class=anchor-link id=create-a-compositeresourcedefinition href=#create-a-compositeresourcedefinition aria-label="Link to this section: Create a CompositeResourceDefinition"></a></h3>Create a <code>CompositeResourceDefinition</code> to define a custom API endpoint.<div class=highlight><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-21-1> 1</a>echo "apiVersion: apiextensions.crossplane.io/v1 <a class=lnlinks href=#hl-21-2> 2</a>kind: CompositeResourceDefinition <a class=lnlinks href=#hl-21-3> 3</a>metadata: <a class=lnlinks href=#hl-21-4> 4</a> name: compositeessinstances.ess.example.org <a class=lnlinks href=#hl-21-5> 5</a> annotations: <a class=lnlinks href=#hl-21-6> 6</a> feature: ess <a class=lnlinks href=#hl-21-7> 7</a>spec: <a class=lnlinks href=#hl-21-8> 8</a> group: ess.example.org <a class=lnlinks href=#hl-21-9> 9</a> names: <a class=lnlinks href=#hl-21-10>10</a> kind: CompositeESSInstance <a class=lnlinks href=#hl-21-11>11</a> plural: compositeessinstances <a class=lnlinks href=#hl-21-12>12</a> claimNames: <a class=lnlinks href=#hl-21-13>13</a> kind: ESSInstance <a class=lnlinks href=#hl-21-14>14</a> plural: essinstances <a class=lnlinks href=#hl-21-15>15</a> connectionSecretKeys: <a class=lnlinks href=#hl-21-16>16</a> - publicKey <a class=lnlinks href=#hl-21-17>17</a> - publicKeyType <a class=lnlinks href=#hl-21-18>18</a> versions: <a class=lnlinks href=#hl-21-19>19</a> - name: v1alpha1 <a class=lnlinks href=#hl-21-20>20</a> served: true <a class=lnlinks href=#hl-21-21>21</a> referenceable: true <a class=lnlinks href=#hl-21-22>22</a> schema: <a class=lnlinks href=#hl-21-23>23</a> openAPIV3Schema: <a class=lnlinks href=#hl-21-24>24</a> type: object <a class=lnlinks href=#hl-21-25>25</a> properties: <a class=lnlinks href=#hl-21-26>26</a> spec: <a class=lnlinks href=#hl-21-27>27</a> type: object <a class=lnlinks href=#hl-21-28>28</a> properties: <a class=lnlinks href=#hl-21-29>29</a> parameters: <a class=lnlinks href=#hl-21-30>30</a> type: object <a class=lnlinks href=#hl-21-31>31</a> properties: <a class=lnlinks href=#hl-21-32>32</a> serviceAccount: <a class=lnlinks href=#hl-21-33>33</a> type: string <a class=lnlinks href=#hl-21-34>34</a> required: <a class=lnlinks href=#hl-21-35>35</a> - serviceAccount <a class=lnlinks href=#hl-21-36>36</a> required: <a class=lnlinks href=#hl-21-37>37</a> - parameters" | kubectl apply -f - </code></pre></div><h3 id=create-a-composition>Create a Composition <a class=anchor-link id=create-a-composition href=#create-a-composition aria-label="Link to this section: Create a Composition"></a></h3>Create a <code>Composition</code> to create a Service Account and Service Account Key inside GCP.Creating a Service Account Key generates <code><highlight-term id=1731573034746451080 data-label=comp data-line=39>connectionDetails</highlight-term></code> that the Provider stores in Vault using the <code><highlight-term id=1731573034746481720 data-label=comp data-line=31>publishConnectionDetailsTo</highlight-term></code> details.<div class=highlight label=comp><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-22-1> 1</a>echo "apiVersion: apiextensions.crossplane.io/v1 <a class=lnlinks href=#hl-22-2> 2</a>kind: Composition <a class=lnlinks href=#hl-22-3> 3</a>metadata: <a class=lnlinks href=#hl-22-4> 4</a> name: essinstances.ess.example.org <a class=lnlinks href=#hl-22-5> 5</a> labels: <a class=lnlinks href=#hl-22-6> 6</a> feature: ess <a class=lnlinks href=#hl-22-7> 7</a>spec: <a class=lnlinks href=#hl-22-8> 8</a> publishConnectionDetailsWithStoreConfigRef: <a class=lnlinks href=#hl-22-9> 9</a> name: vault <a class=lnlinks href=#hl-22-10>10</a> compositeTypeRef: <a class=lnlinks href=#hl-22-11>11</a> apiVersion: ess.example.org/v1alpha1 <a class=lnlinks href=#hl-22-12>12</a> kind: CompositeESSInstance <a class=lnlinks href=#hl-22-13>13</a> mode: Pipeline <a class=lnlinks href=#hl-22-14>14</a> pipeline: <a class=lnlinks href=#hl-22-15>15</a> - step: patch-and-transform <a class=lnlinks href=#hl-22-16>16</a> functionRef: <a class=lnlinks href=#hl-22-17>17</a> name: function-patch-and-transform <a class=lnlinks href=#hl-22-18>18</a> input: <a class=lnlinks href=#hl-22-19>19</a> apiVersion: pt.fn.crossplane.io/v1beta1 <a class=lnlinks href=#hl-22-20>20</a> kind: Resources <a class=lnlinks href=#hl-22-21>21</a> resources: <a class=lnlinks href=#hl-22-22>22</a> - name: serviceaccount <a class=lnlinks href=#hl-22-23>23</a> base: <a class=lnlinks href=#hl-22-24>24</a> apiVersion: iam.gcp.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-22-25>25</a> kind: ServiceAccount <a class=lnlinks href=#hl-22-26>26</a> metadata: <a class=lnlinks href=#hl-22-27>27</a> name: ess-test-sa <a class=lnlinks href=#hl-22-28>28</a> spec: <a class=lnlinks href=#hl-22-29>29</a> forProvider: <a class=lnlinks href=#hl-22-30>30</a> displayName: a service account to test ess <a class=lnlinks href=#hl-22-31>31</a> - name: serviceaccountkey <a class=lnlinks href=#hl-22-32>32</a> base: <a class=lnlinks href=#hl-22-33>33</a> apiVersion: iam.gcp.crossplane.io/v1alpha1 <a class=lnlinks href=#hl-22-34>34</a> kind: ServiceAccountKey <a class=lnlinks href=#hl-22-35>35</a> spec: <a class=lnlinks href=#hl-22-36>36</a> forProvider: <a class=lnlinks href=#hl-22-37>37</a> serviceAccountSelector: <a class=lnlinks href=#hl-22-38>38</a> matchControllerRef: true <a class=lnlinks href=#hl-22-39>39</a> publishConnectionDetailsTo: <a class=lnlinks href=#hl-22-40>40</a> name: ess-mr-conn <a class=lnlinks href=#hl-22-41>41</a> metadata: <a class=lnlinks href=#hl-22-42>42</a> labels: <a class=lnlinks href=#hl-22-43>43</a> environment: development <a class=lnlinks href=#hl-22-44>44</a> team: backend <a class=lnlinks href=#hl-22-45>45</a> configRef: <a class=lnlinks href=#hl-22-46>46</a> name: vault <a class=lnlinks href=#hl-22-47>47</a> connectionDetails: <a class=lnlinks href=#hl-22-48>48</a> - name: publicKey <a class=lnlinks href=#hl-22-49>49</a> type: FromConnectionSecretKey <a class=lnlinks href=#hl-22-50>50</a> fromConnectionSecretKey: publicKey <a class=lnlinks href=#hl-22-51>51</a> - name: publicKey <a class=lnlinks href=#hl-22-52>52</a> type: FromConnectionSecretKey <a class=lnlinks href=#hl-22-53>53</a> fromConnectionSecretKey: publicKeyType" | kubectl apply -f - </code></pre></div><h3 id=create-a-claim>Create a Claim <a class=anchor-link id=create-a-claim href=#create-a-claim aria-label="Link to this section: Create a Claim"></a></h3>Now create a <code>Claim</code> to have Crossplane create the GCP resources and associated secrets.Like the Composition, the Claim uses <code><highlight-term id=1731573034746504997 data-label=claim data-line=12>publishConnectionDetailsTo</highlight-term></code> to connect to Vault and store the secrets.<div class=highlight label=claim><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><a class=lnlinks href=#hl-23-1> 1</a>echo "apiVersion: ess.example.org/v1alpha1 <a class=lnlinks href=#hl-23-2> 2</a>kind: ESSInstance <a class=lnlinks href=#hl-23-3> 3</a>metadata: <a class=lnlinks href=#hl-23-4> 4</a> name: my-ess <a class=lnlinks href=#hl-23-5> 5</a> namespace: default <a class=lnlinks href=#hl-23-6> 6</a>spec: <a class=lnlinks href=#hl-23-7> 7</a> parameters: <a class=lnlinks href=#hl-23-8> 8</a> serviceAccount: ess-test-sa <a class=lnlinks href=#hl-23-9> 9</a> compositionSelector: <a class=lnlinks href=#hl-23-10>10</a> matchLabels: <a class=lnlinks href=#hl-23-11>11</a> feature: ess <a class=lnlinks href=#hl-23-12>12</a> publishConnectionDetailsTo: <a class=lnlinks href=#hl-23-13>13</a> name: ess-claim-conn <a class=lnlinks href=#hl-23-14>14</a> metadata: <a class=lnlinks href=#hl-23-15>15</a> labels: <a class=lnlinks href=#hl-23-16>16</a> environment: development <a class=lnlinks href=#hl-23-17>17</a> team: backend <a class=lnlinks href=#hl-23-18>18</a> configRef: <a class=lnlinks href=#hl-23-19>19</a> name: vault" | kubectl apply -f - </code></pre></div><h2 id=verify-the-resources>Verify the resources <a class=anchor-link id=verify-the-resources href=#verify-the-resources aria-label="Link to this section: Verify the resources"></a></h2>Verify all resources are <code>READY</code> and <code>SYNCED</code>:<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-24-1>1</a>kubectl get managed <a class=lnlinks href=#hl-24-2>2</a>NAME READY SYNCED DISPLAYNAME EMAIL DISABLED <a class=lnlinks href=#hl-24-3>3</a>serviceaccount.iam.gcp.crossplane.io/my-ess-zvmkz-vhklg True True a service account to test ess my-ess-zvmkz-vhklg@testingforbugbounty.iam.gserviceaccount.com <a class=lnlinks href=#hl-24-4>4</a> <a class=lnlinks href=#hl-24-5>5</a>NAME READY SYNCED KEY_ID CREATED_AT EXPIRES_AT <a class=lnlinks href=#hl-24-6>6</a>serviceaccountkey.iam.gcp.crossplane.io/my-ess-zvmkz-bq8pz True True 5cda49b7c32393254b5abb121b4adc07e140502c 2022-03-23T10:54:50Z </code></pre></div>View the claims<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-25-1>1</a>kubectl -n default get claim <a class=lnlinks href=#hl-25-2>2</a>NAME READY CONNECTION-SECRET AGE <a class=lnlinks href=#hl-25-3>3</a>my-ess True 19s </code></pre></div>View the composite resources.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-26-1>1</a>kubectl get composite <a class=lnlinks href=#hl-26-2>2</a>NAME READY COMPOSITION AGE <a class=lnlinks href=#hl-26-3>3</a>my-ess-zvmkz True essinstances.ess.example.org 32s </code></pre></div><h2 id=verify-vault-secrets>Verify Vault secrets <a class=anchor-link id=verify-vault-secrets href=#verify-vault-secrets aria-label="Link to this section: Verify Vault secrets"></a></h2>Look inside Vault to view the secrets from the managed resources.<div class=highlight copy-lines=1 label=vault-key><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-27-1>1</a>kubectl -n vault-system exec -i vault-0 -- vault kv list /secret/default <a class=lnlinks href=#hl-27-2>2</a>Keys <a class=lnlinks href=#hl-27-3>3</a>---- <a class=lnlinks href=#hl-27-4>4</a>ess-claim-conn </code></pre></div>The key <code><highlight-term id=1731573034746523721 data-label=vault-key data-line=4>ess-claim-conn</highlight-term></code> is the name of the Claim’s <code><highlight-term id=1731573034746541420 data-label=claim data-line=12>publishConnectionDetailsTo</highlight-term></code> configuration.Check connection secrets in the <code>crossplane-system</code> Vault scope.<div class=highlight copy-lines=1 label=scope-key><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-28-1>1</a>kubectl -n vault-system exec -i vault-0 -- vault kv list /secret/crossplane-system <a class=lnlinks href=#hl-28-2>2</a>Keys <a class=lnlinks href=#hl-28-3>3</a>---- <a class=lnlinks href=#hl-28-4>4</a>d2408335-eb88-4146-927b-8025f405da86 <a class=lnlinks href=#hl-28-5>5</a>ess-mr-conn </code></pre></div>The key <code><highlight-term id=1731573034746556580 data-label=scope-key data-line=4>d2408335-eb88-4146-927b-8025f405da86</highlight-term></code> comes fromand the key <code><highlight-term id=1731573034746573389 data-label=scope-key data-line=5>ess-mr-conn</highlight-term></code> comes from the Composition’s <code><highlight-term id=1731573034746590911 data-label=comp data-line=31>publishConnectionDetailsTo</highlight-term></code> configuration.Check contents of Claim’s connection secret <code>ess-claim-conn</code> to see the key created by the managed resource.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-29-1> 1</a>kubectl -n vault-system exec -i vault-0 -- vault kv get /secret/default/ess-claim-conn <a class=lnlinks href=#hl-29-2> 2</a>======= Metadata ======= <a class=lnlinks href=#hl-29-3> 3</a>Key Value <a class=lnlinks href=#hl-29-4> 4</a>--- ----- <a class=lnlinks href=#hl-29-5> 5</a>created_time 2022-03-18T21:24:07.2085726Z <a class=lnlinks href=#hl-29-6> 6</a>custom_metadata map[environment:development secret.crossplane.io/ner-uid:881cd9a0-6cc6-418f-8e1d-b36062c1e108 team:backend] <a class=lnlinks href=#hl-29-7> 7</a>deletion_time n/a <a class=lnlinks href=#hl-29-8> 8</a>destroyed false <a class=lnlinks href=#hl-29-9> 9</a>version 1 <a class=lnlinks href=#hl-29-10>10</a> <a class=lnlinks href=#hl-29-11>11</a>======== Data ======== <a class=lnlinks href=#hl-29-12>12</a>Key Value <a class=lnlinks href=#hl-29-13>13</a>--- ----- <a class=lnlinks href=#hl-29-14>14</a>publicKey -----BEGIN PUBLIC KEY----- <a class=lnlinks href=#hl-29-15>15</a>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsEYCokmYEsZJCc9QN/8 <a class=lnlinks href=#hl-29-16>16</a>Fm1M/kTPp7Gat/MXLTP3zFyCTBFVNLN79MbAKdinWi6ePXEb75vzB79IdZcWj8lo <a class=lnlinks href=#hl-29-17>17</a>8trnS64QjNB9Vs4Xk5UvDALwleFN/bZeperxivDPwVPvT9Aqy/U9kohoS/LHyE8w <a class=lnlinks href=#hl-29-18>18</a>uWQb5AuMeVQ1gtCTnCqQZ4d2MSVhQXYVvAWax1spJ9LT7mHub5j95xDdYIcOV3VJ <a class=lnlinks href=#hl-29-19>19</a>l9CIo4VrWIT8THFN2NnjTrGq9+0TzXY0bV674bjJkfBC6v6yXs5HTetG+Uekq/xf <a class=lnlinks href=#hl-29-20>20</a>FCjrrDi1+2UR9Mu2WTuvl8qn50be+mbwdJO5wE32jewxdYrVVmj19+PkaEeAwGTc <a class=lnlinks href=#hl-29-21>21</a>vwIDAQAB <a class=lnlinks href=#hl-29-22>22</a>-----END PUBLIC KEY----- <a class=lnlinks href=#hl-29-23>23</a>publicKeyType TYPE_RAW_PUBLIC_KEY </code></pre></div>Check contents of managed resource connection secret <code>ess-mr-conn</code>. The public key is identical to the public key in the Claim since the Claim is using this managed resource.<div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-30-1> 1</a>kubectl -n vault-system exec -i vault-0 -- vault kv get /secret/crossplane-system/ess-mr-conn <a class=lnlinks href=#hl-30-2> 2</a>======= Metadata ======= <a class=lnlinks href=#hl-30-3> 3</a>Key Value <a class=lnlinks href=#hl-30-4> 4</a>--- ----- <a class=lnlinks href=#hl-30-5> 5</a>created_time 2022-03-18T21:21:07.9298076Z <a class=lnlinks href=#hl-30-6> 6</a>custom_metadata map[environment:development secret.crossplane.io/ner-uid:4cd973f8-76fc-45d6-ad45-0b27b5e9252a team:backend] <a class=lnlinks href=#hl-30-7> 7</a>deletion_time n/a <a class=lnlinks href=#hl-30-8> 8</a>destroyed false <a class=lnlinks href=#hl-30-9> 9</a>version 2 <a class=lnlinks href=#hl-30-10>10</a> <a class=lnlinks href=#hl-30-11>11</a>========= Data ========= <a class=lnlinks href=#hl-30-12>12</a>Key Value <a class=lnlinks href=#hl-30-13>13</a>--- ----- <a class=lnlinks href=#hl-30-14>14</a>privateKey { <a class=lnlinks href=#hl-30-15>15</a> "type": "service_account", <a class=lnlinks href=#hl-30-16>16</a> "project_id": "REDACTED", <a class=lnlinks href=#hl-30-17>17</a> "private_key_id": "REDACTED", <a class=lnlinks href=#hl-30-18>18</a> "private_key": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n", <a class=lnlinks href=#hl-30-19>19</a> "client_email": "ess-test-sa@REDACTED.iam.gserviceaccount.com", <a class=lnlinks href=#hl-30-20>20</a> "client_id": "REDACTED", <a class=lnlinks href=#hl-30-21>21</a> "auth_uri": "https://accounts.google.com/o/oauth2/auth", <a class=lnlinks href=#hl-30-22>22</a> "token_uri": "https://oauth2.googleapis.com/token", <a class=lnlinks href=#hl-30-23>23</a> "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", <a class=lnlinks href=#hl-30-24>24</a> "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ess-test-sa%40REDACTED.iam.gserviceaccount.com" <a class=lnlinks href=#hl-30-25>25</a>} <a class=lnlinks href=#hl-30-26>26</a>privateKeyType TYPE_GOOGLE_CREDENTIALS_FILE <a class=lnlinks href=#hl-30-27>27</a>publicKey -----BEGIN PUBLIC KEY----- <a class=lnlinks href=#hl-30-28>28</a>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsEYCokmYEsZJCc9QN/8 <a class=lnlinks href=#hl-30-29>29</a>Fm1M/kTPp7Gat/MXLTP3zFyCTBFVNLN79MbAKdinWi6ePXEb75vzB79IdZcWj8lo <a class=lnlinks href=#hl-30-30>30</a>8trnS64QjNB9Vs4Xk5UvDALwleFN/bZeperxivDPwVPvT9Aqy/U9kohoS/LHyE8w <a class=lnlinks href=#hl-30-31>31</a>uWQb5AuMeVQ1gtCTnCqQZ4d2MSVhQXYVvAWax1spJ9LT7mHub5j95xDdYIcOV3VJ <a class=lnlinks href=#hl-30-32>32</a>l9CIo4VrWIT8THFN2NnjTrGq9+0TzXY0bV674bjJkfBC6v6yXs5HTetG+Uekq/xf <a class=lnlinks href=#hl-30-33>33</a>FCjrrDi1+2UR9Mu2WTuvl8qn50be+mbwdJO5wE32jewxdYrVVmj19+PkaEeAwGTc <a class=lnlinks href=#hl-30-34>34</a>vwIDAQAB <a class=lnlinks href=#hl-30-35>35</a>-----END PUBLIC KEY----- <a class=lnlinks href=#hl-30-36>36</a>publicKeyType TYPE_RAW_PUBLIC_KEY </code></pre></div><h3 id=remove-the-resources>Remove the resources <a class=anchor-link id=remove-the-resources href=#remove-the-resources aria-label="Link to this section: Remove the resources"></a></h3>Deleting the Claim removes the managed resources and associated keys from Vault.<div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><a class=lnlinks href=#hl-31-1>1</a>kubectl delete claim my-ess </code></pre></div></div></main></div><footer class="bd-footer p-5"><div class="container text-center"><div class="row pb-5 top-row"><div class="col-lg img-col"><img src=/img/crossplane-logo.svg alt="Crossplane logo" srcset="/img/crossplane-logo.svg 1x, /img/crossplane-logo.svg 2x" width=185 height=40 decoding=async data-nimg=future loading=lazy class="d-flex crossplane-footer"></div><div class="col-lg links-col d-fill justify-content-evenly ms-5"><div class=row><div class=col-lg><a class=footer-link target=_blank href=https://twitter.com/crossplane_io>Twitter</a></div><div class=col-lg><a class=footer-link target=_blank href=https://www.youtube.com/channel/UC19FgzMBMqBro361HbE46Fw>Youtube</a></div><div class=col-lg><a class=footer-link target=_blank href="https://www.youtube.com/playlist?list=PL510POnNVaaYFuK-B_SIUrpIonCtLVOzT">Podcast</a></div><div class=col-lg><a class=footer-link target=_blank href=https://groups.google.com/g/crossplane-dev>Forum</a></div></div></div></div><div class="row pb-5"><div class="col-lg copyright-col pe-4 border-end">© Crossplane Authors 2024. Documentation distributed under <a target=_blank href=https://creativecommons.org/licenses/by/4.0/>CC-BY-4.0</a>.© 2024 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our <a target=_blank href=https://www.linuxfoundation.org/legal/trademark-usage>Trademark Usage</a> page.</div><div class="col-lg cncf-col ms-5"><a class=d-flex target=_blank href=https://www.cncf.io/><img alt=cncfLogo src=/img/cncf-white.webp width=702 height=114 decoding=async data-nimg=future loading=lazy class="cncf-footer py-3"></a>We are a Cloud Native Computing Foundation incubating project.</div></div></div></footer><script src=https://docs.crossplane.io/js/main-727bf178.bundle.min.js data-no-instant></script><script type=text/javascript>(function(e,t,n,s,o,i,a){e[n]=e[n]||function(){(e[n].q=e[n].q||[]).push(arguments)},i=t.createElement(s),i.async=1,i.src="https://www.clarity.ms/tag/"+o,a=t.getElementsByTagName(s)[0],a.parentNode.insertBefore(i,a)})(window,document,"clarity","script","el5517lxor")</script> <script>(function(e,t,n,s,o){e[s]=e[s]||[],e[s].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var a=t.getElementsByTagName(n)[0],i=t.createElement(n),r=s!="dataLayer"?"&l="+s:"";i.async=!0,i.src="https://www.googletagmanager.com/gtm.js?id="+o+r,a.parentNode.insertBefore(i,a)})(window,document,"script","dataLayer","GTM-WFF2NQHG")</script><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WFF2NQHG" height=0 width=0 style=display:none;visibility:hidden></iframe></noscript><script type=text/javascript>adroll_adv_id="B4XQTO44VJFVDGCGM332GU",adroll_pix_id="6ROIBHUPMVCSXN7HHIKJTK",adroll_version="2.0",function(e,t,n,s,o){e.__adroll_loaded=!0,e.adroll=e.adroll||[],e.adroll.f=["setProperties","identify","track"];var i="https://s.adroll.com/j/"+adroll_adv_id+"/roundtrip.js";for(o=0;o<e.adroll.f.length;o++)e.adroll[e.adroll.f[o]]=e.adroll[e.adroll.f[o]]||function(t){return function(){e.adroll.push([t,arguments])}}(e.adroll.f[o]);n=t.createElement("script"),s=t.getElementsByTagName("script")[0],n.async=1,n.src=i,s.parentNode.insertBefore(n,s)}(window,document),adroll.track("pageView")</script><script src=https://cdn.jsdelivr.net/npm/@docsearch/js@3></script> <script>docsearch({container:"#docSearch",appId:"9UXKYX61NK",indexName:"crossplane",apiKey:"e07e181044d561f6a4cb7261931d980a",placeholder:"Search the docs"})</script></body></html>