MFA
generators.external-secrets.io / v1alpha1
apiVersion: generators.external-secrets.io/v1alpha1
kind: MFA
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
MFASpec controls the behavior of the mfa generator.
algorithm
string
Algorithm to use for encoding. Defaults to SHA1 as per the RFC.
length
integer
Length defines the token length. Defaults to 6 characters.
secret object required
Secret is a secret selector to a secret containing the seed secret to generate the TOTP value from.
key
string
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
pattern:
^[-._a-zA-Z0-9]+$minLength:
1maxLength:
253
name
string
The name of the Secret resource being referred to.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
namespace
string
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
timePeriod
integer
TimePeriod defines how long the token can be active. Defaults to 30 seconds.
when
string
When defines a time parameter that can be used to pin the origin time of the generated token.
format:
date-timeNo matches. Try .spec.algorithm for an exact path