chore: remove unmaintained secret stores

[Skarlso]

Problem Statement

What is the problem you're trying to solve?

Related Issue

Fixes #5710

Proposed Changes

How do you like to solve the issue and why?

Format

Please ensure that your PR follows the following format for the title:

feat(scope): add new feature
fix(scope): fix bug
docs(scope): update documentation
chore(scope): update build tool or dependencies
ref(scope): refactor code
clean(scope): provider cleanup
test(scope): add tests
perf(scope): improve performance
desig(scope): improve design

Where scope is optionally one of:

• charts
• release
• testing
• security
• templating

Checklist

• I have read the contribution guidelines
• All commits are signed with git commit --signoff
• My changes have reasonable test coverage
• All tests pass with make test
• I ensured my PR is ready for review with make reviewable

Summary

This PR removes support for three unmaintained secret store providers: Alibaba Cloud KMS, Device42, and Passbolt. The removal is comprehensive and includes:

Code Deletions:

• Provider type definitions (APIs in apis/externalsecrets/v1/)
• Complete provider implementations (providers/v1/alibaba/, providers/v1/device42/, providers/v1/passbolt/)
• API client code and mock implementations
• Provider registration files
• Unit and end-to-end tests

Configuration & Documentation:

• CRD schema definitions for all three providers (SecretStore, ClusterSecretStore)
• API documentation and markdown guides
• Example YAML snippets and test fixtures
• Provider entries from CODEOWNERS, MkDocs navigation, and support matrices
• Go module files for provider packages

Impact:

• Removes 181 lines from auto-generated deepcopy implementations
• Removes 426 lines from API documentation
• Eliminates 422 lines from CRD bundle definitions
• Removes support for these providers from SecretStoreProvider struct

This is a breaking change for users of these providers who must migrate to alternative secret management solutions.

[Skarlso]

/ok-to-test sha=e2ad962263ae5d8173e2ad0c8d36175abe56ed5d

[eso-service-account-app]

[Bot] - ❌ e2e for e2ad962263ae5d8173e2ad0c8d36175abe56ed5d failed

[Skarlso]

The thing failed because of teardown context deadline.

[eso-service-account-app]

[Bot] - ✅ e2e for e2ad962263ae5d8173e2ad0c8d36175abe56ed5d passed

[coderabbitai]

Walkthrough

This pull request removes support for three provider implementations (Alibaba Cloud, Device42, and Passbolt) from the External Secrets project by deleting type definitions, provider code, CRD schemas, documentation, tests, and build configuration.

Changes

Cohort / File(s)	Summary
API Type Definitions apis/externalsecrets/v1/secretstore_alibaba_types.go, apis/externalsecrets/v1/secretstore_device42_types.go, apis/externalsecrets/v1/secretsstore_passbolt_types.go, apis/externalsecrets/v1/secretstore_types.go	Deleted provider struct definitions (AlibabaProvider, AlibabaAuth, AlibabaRRSAAuth, AlibabaAuthSecretRef, Device42Provider, Device42Auth, Device42SecretRef, PassboltProvider, PassboltAuth) and removed corresponding fields from SecretStoreProvider struct.
Generated Code apis/externalsecrets/v1/zz_generated.deepcopy.go	Removed auto-generated DeepCopy and DeepCopyInto methods for all deleted provider types and related fields within SecretStoreProvider.
CRD Schemas config/crds/bases/external-secrets.io_clustersecretstores.yaml, config/crds/bases/external-secrets.io_secretstores.yaml, deploy/crds/bundle.yaml	Removed provider schema definitions (alibaba, device42, passbolt) from CustomResourceDefinition specs, eliminating validation constraints for these providers across all CRDs.
Alibaba Provider Implementation providers/v1/alibaba/client.go, providers/v1/alibaba/kms.go, providers/v1/alibaba/kms_test.go, providers/v1/alibaba/logger.go, providers/v1/alibaba/utils.go, providers/v1/alibaba/fake/fake.go, providers/v1/alibaba/go.mod	Deleted entire Alibaba provider implementation including KMS client, authentication flows (RRSA and AccessKey), secret retrieval, validation logic, mock client for testing, and module configuration.
Device42 Provider Implementation providers/v1/device42/device42.go, providers/v1/device42/device42_api.go, providers/v1/device42/device42_api_test.go, providers/v1/device42/fake/fake.go, providers/v1/device42/go.mod	Removed Device42 provider implementation including provider struct, HTTP API client, secret operations (GetSecret, GetSecretMap, validation), unit tests, mock HTTP client, and module configuration.
Passbolt Provider Implementation providers/v1/passbolt/passbolt.go, providers/v1/passbolt/passbolt_test.go, providers/v1/passbolt/go.mod	Deleted Passbolt provider implementation including provider interfaces, secret handling (retrieval, filtering, decryption), authentication, validation, unit tests, and module configuration.
Provider Registration pkg/register/alibaba.go, pkg/register/device42.go, pkg/register/passbolt.go	Removed provider registration initialization files that registered each provider with the External Secrets API during package init.
E2E Tests e2e/suites/provider/cases/alibaba/*, e2e/go.mod	Deleted Alibaba provider end-to-end test suite and test case definitions; removed Alibaba SDK dependency from e2e module.
Documentation docs/provider/alibaba.md, docs/provider/device42.md, docs/provider/passbolt.md, docs/api/spec.md	Removed provider documentation including authentication setup, configuration examples, YAML manifest samples, and API specification sections for all three providers.
Documentation Snippets docs/snippets/device42-external-secret.yaml, docs/snippets/passbolt-*.yaml	Deleted YAML example snippets for SecretStore and ExternalSecret configurations for Device42 and Passbolt providers.
Metadata and Configuration CODEOWNERS.md, hack/api-docs/mkdocs.yml, docs/introduction/stability-support.md, go.mod, tests/__snapshot__/clustersecretstore-v1.yaml, tests/__snapshot__/secretstore-v1.yaml	Removed provider entries from CODEOWNERS review assignments, MkDocs navigation, stability support tables, module dependencies, and test snapshot manifests.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	PR successfully removes all code for three unmaintained providers (Alibaba, Passbolt, Device42) as specified in issue #5710, including type definitions, implementations, tests, documentation, and provider registration.
Out of Scope Changes check	✅ Passed	All changes are within scope of removing Alibaba, Passbolt, and Device42 providers. No unrelated modifications to other providers or unrelated features detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docs/introduction/stability-support.md (2)

45-45: Correct the 1.0 stability statement.

This sentence says the project hasn’t reached 1.0, but the page lists 1.x releases. That’s a factual inconsistency and will confuse readers. Please update to reflect the current versioning reality.

---

10-10: Fix typo: “most-up-to date”.

Should be “most up-to-date.” User-facing docs should be clean.