Reference

December 31, 2025 ยท View on GitHub

Packages:

addons.projectcapsule.dev/v1alpha1

Resource Types:

GlobalSopsSecret

GlobalSopsSecret is the Schema for the globalsopssecrets API.

NameTypeDescriptionRequired
apiVersionstringaddons.projectcapsule.dev/v1alpha1true
kindstringGlobalSopsSecrettrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
sopsobjectMetadata is stored in SOPS encrypted files, and it contains the information necessary to decrypt the file.
This struct is just used for serialization, and SOPS uses another struct internally, sops.Metadata. It exists
in order to allow the binary format to stay backwards compatible over time, but at the same time allow the internal
representation SOPS uses to change over time.true
specobjectSopsSecretSpec defines the desired state of SopsSecret.true
statusobjectSopsSecretStatus defines the observed state of SopsSecret.false

GlobalSopsSecret.sops

Metadata is stored in SOPS encrypted files, and it contains the information necessary to decrypt the file. This struct is just used for serialization, and SOPS uses another struct internally, sops.Metadata. It exists in order to allow the binary format to stay backwards compatible over time, but at the same time allow the internal representation SOPS uses to change over time.

NameTypeDescriptionRequired
lastmodifiedstringtrue
macstringtrue
age[]objectfalse
azure_kv[]objectfalse
encrypted_comment_regexstringfalse
encrypted_regexstringfalse
encrypted_suffixstringfalse
gcp_kms[]objectfalse
hc_vault[]objectfalse
key_groups[]objectfalse
kms[]objectfalse
mac_only_encryptedbooleanfalse
pgp[]objectfalse
shamir_thresholdintegerfalse
unencrypted_comment_regexstringfalse
unencrypted_regexstringfalse
unencrypted_suffixstringfalse
versionstringfalse

GlobalSopsSecret.sops.age[index]

NameTypeDescriptionRequired
encstringtrue
recipientstringtrue

GlobalSopsSecret.sops.azure_kv[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
namestringtrue
vault_urlstringtrue
versionstringtrue

GlobalSopsSecret.sops.gcp_kms[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
resource_idstringtrue

GlobalSopsSecret.sops.hc_vault[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
engine_pathstringtrue
key_namestringtrue
vault_addressstringtrue

GlobalSopsSecret.sops.key_groups[index]

NameTypeDescriptionRequired
age[]objectfalse
azure_kv[]objectfalse
gcp_kms[]objectfalse
hc_vault[]objectfalse
kms[]objectfalse
pgp[]objectfalse

GlobalSopsSecret.sops.key_groups[index].age[index]

NameTypeDescriptionRequired
encstringtrue
recipientstringtrue

GlobalSopsSecret.sops.key_groups[index].azure_kv[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
namestringtrue
vault_urlstringtrue
versionstringtrue

GlobalSopsSecret.sops.key_groups[index].gcp_kms[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
resource_idstringtrue

GlobalSopsSecret.sops.key_groups[index].hc_vault[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
engine_pathstringtrue
key_namestringtrue
vault_addressstringtrue

GlobalSopsSecret.sops.key_groups[index].kms[index]

NameTypeDescriptionRequired
arnstringtrue
aws_profilestringtrue
created_atstringtrue
encstringtrue
contextmap[string]stringfalse
rolestringfalse

GlobalSopsSecret.sops.key_groups[index].pgp[index]

NameTypeDescriptionRequired
created_atstringfalse
encstringfalse
fpstringfalse

GlobalSopsSecret.sops.kms[index]

NameTypeDescriptionRequired
arnstringtrue
aws_profilestringtrue
created_atstringtrue
encstringtrue
contextmap[string]stringfalse
rolestringfalse

GlobalSopsSecret.sops.pgp[index]

NameTypeDescriptionRequired
created_atstringfalse
encstringfalse
fpstringfalse

GlobalSopsSecret.spec

SopsSecretSpec defines the desired state of SopsSecret.

NameTypeDescriptionRequired
secrets[]objectDefine Secrets to replicate, when secret is decryptedtrue
metadataobjectDefine additional Metadata for the generated secretsfalse

GlobalSopsSecret.spec.secrets[index]

GlobalSopsSecretItem defines the desired state of GlobalSopsSecret.

NameTypeDescriptionRequired
namestringName must be unique within a namespace. Is required when creating resources, although
some resources may allow a client to request the generation of an appropriate name
automatically. Name is primarily intended for creation idempotence and configuration
definition.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#namestrue
namespacestringNamespace must be declared since this is a cluster scoped resourcetrue
annotationsmap[string]stringMap of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsfalse
datamap[string]stringData map to use in Kubernetes secret (equivalent to Kubernetes Secret object data, please see for more
information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)false
immutablebooleanImmutable, if set to true, ensures that data stored in the Secret cannot
be updated (only object metadata can be modified).
If not set to true, the field can be modified at any time.
Defaulted to nil.false
labelsmap[string]stringMap of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsfalse
stringDatamap[string]stringstringData map to use in Kubernetes secret (equivalent to Kubernetes Secret object stringData, please see for more
information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)false
typeenumKubernetes secret type.
Defaults to Opaque.
Allowed values:
  • Opaque
  • kubernetes.io/service-account-token
  • kubernetes.io/dockercfg
  • kubernetes.io/dockerconfigjson
  • kubernetes.io/basic-auth
  • kubernetes.io/ssh-auth
  • kubernetes.io/tls
  • bootstrap.kubernetes.io/token
    Enum: Opaque, kubernetes.io/service-account-token, kubernetes.io/dockercfg, kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token
    | false |

GlobalSopsSecret.spec.metadata

Define additional Metadata for the generated secrets

NameTypeDescriptionRequired
annotationsmap[string]stringAnnotations added to all generated Secretsfalse
labelsmap[string]stringLabels added to all generated Secretsfalse
prefixstringPrefix added to all generated Secrets namesfalse
suffixstringSuffix added to all generated Secrets namesfalse

GlobalSopsSecret.status

SopsSecretStatus defines the observed state of SopsSecret.

NameTypeDescriptionRequired
conditionobjectConditions represent the latest available observations of an instances statefalse
providers[]objectProviders used on this secretfalse
secrets[]objectSecrets being replicated by this SopsSecretfalse
sizeintegerAmount of Secrets
Default: 0
false

GlobalSopsSecret.status.condition

Conditions represent the latest available observations of an instances state

NameTypeDescriptionRequired
lastTransitionTimestringlastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Format: date-time
true
messagestringmessage is a human readable message indicating details about the transition.
This may be an empty string.true
reasonstringreason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.true
statusenumstatus of the condition, one of True, False, Unknown.
Enum: True, False, Unknown
true
typestringtype of condition in CamelCase or in foo.example.com/CamelCase.true
observedGenerationintegerobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Format: int64
Minimum: 0
false

GlobalSopsSecret.status.providers[index]

NameTypeDescriptionRequired
namestringName of Objecttrue
namespacestringnamespace of Objectfalse
uidstringnamespace of Objectfalse

GlobalSopsSecret.status.secrets[index]

NameTypeDescriptionRequired
conditionobjectCondition contains details for one aspect of the current state of this API Resource.true
namestringtrue
namespacestringtrue
uidstringUID is a type that holds unique ID values, including UUIDs. Because we
don't ONLY use UUIDs, this is an alias to string. Being a type captures
intent and helps make sure that UIDs and names do not get conflated.false

GlobalSopsSecret.status.secrets[index].condition

Condition contains details for one aspect of the current state of this API Resource.

NameTypeDescriptionRequired
lastTransitionTimestringlastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Format: date-time
true
messagestringmessage is a human readable message indicating details about the transition.
This may be an empty string.true
reasonstringreason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.true
statusenumstatus of the condition, one of True, False, Unknown.
Enum: True, False, Unknown
true
typestringtype of condition in CamelCase or in foo.example.com/CamelCase.true
observedGenerationintegerobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Format: int64
Minimum: 0
false

SopsProvider

SopsProvider is the Schema for the sopsproviders API.

NameTypeDescriptionRequired
apiVersionstringaddons.projectcapsule.dev/v1alpha1true
kindstringSopsProvidertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobjectSopsProviderSpec defines the desired state of SopsProvider.true
statusobjectSopsProviderStatus defines the observed state of SopsProvider.false

SopsProvider.spec

SopsProviderSpec defines the desired state of SopsProvider.

NameTypeDescriptionRequired
keys[]objectSelect namespaces or secrets where decryption information for this
provider can be sourced fromtrue
sops[]objectSelector Referencing which Secrets can be encrypted by this provider
This selects effective SOPS Secretstrue

SopsProvider.spec.keys[index]

Selector for resources and their labels or selecting origin namespaces

NameTypeDescriptionRequired
matchExpressions[]objectmatchExpressions is a list of label selector requirements. The requirements are ANDed.false
matchLabelsmap[string]stringmatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.false
namespaceSelectorobjectNamespaceSelector for filtering namespaces by labels where items can be located infalse

SopsProvider.spec.keys[index].matchExpressions[index]

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

NameTypeDescriptionRequired
keystringkey is the label key that the selector applies to.true
operatorstringoperator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.true
values[]stringvalues is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.false

SopsProvider.spec.keys[index].namespaceSelector

NamespaceSelector for filtering namespaces by labels where items can be located in

NameTypeDescriptionRequired
matchExpressions[]objectmatchExpressions is a list of label selector requirements. The requirements are ANDed.false
matchLabelsmap[string]stringmatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.false

SopsProvider.spec.keys[index].namespaceSelector.matchExpressions[index]

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

NameTypeDescriptionRequired
keystringkey is the label key that the selector applies to.true
operatorstringoperator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.true
values[]stringvalues is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.false

SopsProvider.spec.sops[index]

Selector for resources and their labels or selecting origin namespaces

NameTypeDescriptionRequired
matchExpressions[]objectmatchExpressions is a list of label selector requirements. The requirements are ANDed.false
matchLabelsmap[string]stringmatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.false
namespaceSelectorobjectNamespaceSelector for filtering namespaces by labels where items can be located infalse

SopsProvider.spec.sops[index].matchExpressions[index]

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

NameTypeDescriptionRequired
keystringkey is the label key that the selector applies to.true
operatorstringoperator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.true
values[]stringvalues is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.false

SopsProvider.spec.sops[index].namespaceSelector

NamespaceSelector for filtering namespaces by labels where items can be located in

NameTypeDescriptionRequired
matchExpressions[]objectmatchExpressions is a list of label selector requirements. The requirements are ANDed.false
matchLabelsmap[string]stringmatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.false

SopsProvider.spec.sops[index].namespaceSelector.matchExpressions[index]

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

NameTypeDescriptionRequired
keystringkey is the label key that the selector applies to.true
operatorstringoperator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.true
values[]stringvalues is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.false

SopsProvider.status

SopsProviderStatus defines the observed state of SopsProvider.

NameTypeDescriptionRequired
conditionobjectConditions represent the latest available observations of an instances statefalse
providers[]objectList Validated Providersfalse
sizeintegerAmount of providers
Default: 0
false

SopsProvider.status.condition

Conditions represent the latest available observations of an instances state

NameTypeDescriptionRequired
lastTransitionTimestringlastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Format: date-time
true
messagestringmessage is a human readable message indicating details about the transition.
This may be an empty string.true
reasonstringreason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.true
statusenumstatus of the condition, one of True, False, Unknown.
Enum: True, False, Unknown
true
typestringtype of condition in CamelCase or in foo.example.com/CamelCase.true
observedGenerationintegerobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Format: int64
Minimum: 0
false

SopsProvider.status.providers[index]

NameTypeDescriptionRequired
namestringName of Objecttrue
conditionobjectConditions represent the latest available observations of an instances statefalse
namespacestringnamespace of Objectfalse
uidstringnamespace of Objectfalse

SopsProvider.status.providers[index].condition

Conditions represent the latest available observations of an instances state

NameTypeDescriptionRequired
lastTransitionTimestringlastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Format: date-time
true
messagestringmessage is a human readable message indicating details about the transition.
This may be an empty string.true
reasonstringreason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.true
statusenumstatus of the condition, one of True, False, Unknown.
Enum: True, False, Unknown
true
typestringtype of condition in CamelCase or in foo.example.com/CamelCase.true
observedGenerationintegerobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Format: int64
Minimum: 0
false

SopsSecret

SopsSecret is the Schema for the sopssecrets API.

NameTypeDescriptionRequired
apiVersionstringaddons.projectcapsule.dev/v1alpha1true
kindstringSopsSecrettrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
sopsobjectMetadata is stored in SOPS encrypted files, and it contains the information necessary to decrypt the file.
This struct is just used for serialization, and SOPS uses another struct internally, sops.Metadata. It exists
in order to allow the binary format to stay backwards compatible over time, but at the same time allow the internal
representation SOPS uses to change over time.true
specobjectSopsSecretSpec defines the desired state of SopsSecret.true
statusobjectSopsSecretStatus defines the observed state of SopsSecret.false

SopsSecret.sops

Metadata is stored in SOPS encrypted files, and it contains the information necessary to decrypt the file. This struct is just used for serialization, and SOPS uses another struct internally, sops.Metadata. It exists in order to allow the binary format to stay backwards compatible over time, but at the same time allow the internal representation SOPS uses to change over time.

NameTypeDescriptionRequired
lastmodifiedstringtrue
macstringtrue
age[]objectfalse
azure_kv[]objectfalse
encrypted_comment_regexstringfalse
encrypted_regexstringfalse
encrypted_suffixstringfalse
gcp_kms[]objectfalse
hc_vault[]objectfalse
key_groups[]objectfalse
kms[]objectfalse
mac_only_encryptedbooleanfalse
pgp[]objectfalse
shamir_thresholdintegerfalse
unencrypted_comment_regexstringfalse
unencrypted_regexstringfalse
unencrypted_suffixstringfalse
versionstringfalse

SopsSecret.sops.age[index]

NameTypeDescriptionRequired
encstringtrue
recipientstringtrue

SopsSecret.sops.azure_kv[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
namestringtrue
vault_urlstringtrue
versionstringtrue

SopsSecret.sops.gcp_kms[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
resource_idstringtrue

SopsSecret.sops.hc_vault[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
engine_pathstringtrue
key_namestringtrue
vault_addressstringtrue

SopsSecret.sops.key_groups[index]

NameTypeDescriptionRequired
age[]objectfalse
azure_kv[]objectfalse
gcp_kms[]objectfalse
hc_vault[]objectfalse
kms[]objectfalse
pgp[]objectfalse

SopsSecret.sops.key_groups[index].age[index]

NameTypeDescriptionRequired
encstringtrue
recipientstringtrue

SopsSecret.sops.key_groups[index].azure_kv[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
namestringtrue
vault_urlstringtrue
versionstringtrue

SopsSecret.sops.key_groups[index].gcp_kms[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
resource_idstringtrue

SopsSecret.sops.key_groups[index].hc_vault[index]

NameTypeDescriptionRequired
created_atstringtrue
encstringtrue
engine_pathstringtrue
key_namestringtrue
vault_addressstringtrue

SopsSecret.sops.key_groups[index].kms[index]

NameTypeDescriptionRequired
arnstringtrue
aws_profilestringtrue
created_atstringtrue
encstringtrue
contextmap[string]stringfalse
rolestringfalse

SopsSecret.sops.key_groups[index].pgp[index]

NameTypeDescriptionRequired
created_atstringfalse
encstringfalse
fpstringfalse

SopsSecret.sops.kms[index]

NameTypeDescriptionRequired
arnstringtrue
aws_profilestringtrue
created_atstringtrue
encstringtrue
contextmap[string]stringfalse
rolestringfalse

SopsSecret.sops.pgp[index]

NameTypeDescriptionRequired
created_atstringfalse
encstringfalse
fpstringfalse

SopsSecret.spec

SopsSecretSpec defines the desired state of SopsSecret.

NameTypeDescriptionRequired
secrets[]objectDefine Secrets to replicate, when secret is decryptedtrue
metadataobjectDefine additional Metadata for the generated secretsfalse

SopsSecret.spec.secrets[index]

SopsSecretTemplate defines the map of secrets to create

NameTypeDescriptionRequired
namestringName must be unique within a namespace. Is required when creating resources, although
some resources may allow a client to request the generation of an appropriate name
automatically. Name is primarily intended for creation idempotence and configuration
definition.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#namestrue
annotationsmap[string]stringMap of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsfalse
datamap[string]stringData map to use in Kubernetes secret (equivalent to Kubernetes Secret object data, please see for more
information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)false
immutablebooleanImmutable, if set to true, ensures that data stored in the Secret cannot
be updated (only object metadata can be modified).
If not set to true, the field can be modified at any time.
Defaulted to nil.false
labelsmap[string]stringMap of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsfalse
stringDatamap[string]stringstringData map to use in Kubernetes secret (equivalent to Kubernetes Secret object stringData, please see for more
information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)false
typeenumKubernetes secret type.
Defaults to Opaque.
Allowed values:
  • Opaque
  • kubernetes.io/service-account-token
  • kubernetes.io/dockercfg
  • kubernetes.io/dockerconfigjson
  • kubernetes.io/basic-auth
  • kubernetes.io/ssh-auth
  • kubernetes.io/tls
  • bootstrap.kubernetes.io/token
    Enum: Opaque, kubernetes.io/service-account-token, kubernetes.io/dockercfg, kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token
    | false |

SopsSecret.spec.metadata

Define additional Metadata for the generated secrets

NameTypeDescriptionRequired
annotationsmap[string]stringAnnotations added to all generated Secretsfalse
labelsmap[string]stringLabels added to all generated Secretsfalse
prefixstringPrefix added to all generated Secrets namesfalse
suffixstringSuffix added to all generated Secrets namesfalse

SopsSecret.status

SopsSecretStatus defines the observed state of SopsSecret.

NameTypeDescriptionRequired
conditionobjectConditions represent the latest available observations of an instances statefalse
providers[]objectProviders used on this secretfalse
secrets[]objectSecrets being replicated by this SopsSecretfalse
sizeintegerAmount of Secrets
Default: 0
false

SopsSecret.status.condition

Conditions represent the latest available observations of an instances state

NameTypeDescriptionRequired
lastTransitionTimestringlastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Format: date-time
true
messagestringmessage is a human readable message indicating details about the transition.
This may be an empty string.true
reasonstringreason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.true
statusenumstatus of the condition, one of True, False, Unknown.
Enum: True, False, Unknown
true
typestringtype of condition in CamelCase or in foo.example.com/CamelCase.true
observedGenerationintegerobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Format: int64
Minimum: 0
false

SopsSecret.status.providers[index]

NameTypeDescriptionRequired
namestringName of Objecttrue
namespacestringnamespace of Objectfalse
uidstringnamespace of Objectfalse

SopsSecret.status.secrets[index]

NameTypeDescriptionRequired
conditionobjectCondition contains details for one aspect of the current state of this API Resource.true
namestringtrue
namespacestringtrue
uidstringUID is a type that holds unique ID values, including UUIDs. Because we
don't ONLY use UUIDs, this is an alias to string. Being a type captures
intent and helps make sure that UIDs and names do not get conflated.false

SopsSecret.status.secrets[index].condition

Condition contains details for one aspect of the current state of this API Resource.

NameTypeDescriptionRequired
lastTransitionTimestringlastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Format: date-time
true
messagestringmessage is a human readable message indicating details about the transition.
This may be an empty string.true
reasonstringreason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.true
statusenumstatus of the condition, one of True, False, Unknown.
Enum: True, False, Unknown
true
typestringtype of condition in CamelCase or in foo.example.com/CamelCase.true
observedGenerationintegerobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Format: int64
Minimum: 0
false