feat: add postgres generator docs

docs/enterprise/externalsecrets/generators/postgresql.mdx

@@ -0,0 +1,142 @@
+---
+title: 'PostgreSQL  User Generator'
+description: 'Easily manage and rotate PostgreSQL Users in your setup'
+---
+
+<Note>
+  The External Secrets Enterprise product suite is a premium product.
+  It requires a specific subscription. Contact us for more information.
+</Note>
+
+<Tip>
+  In order to use the PostgreSQL User Generator, you must have the Enterprise Distribution of ESO available via [ESI Agent](../../esi-agent/quickstart.mdx).
+</Tip>
+
+## Introduction
+
+The PostgreSQL User Generator for ESO allows you to dynamically create and rotate database users with native integration.
+
+This is useful when providing applications with scoped credentials to PostgreSQL, reducing the operational overhead of manual user management and improving security posture.
+
+## Output Keys and Values
+
+| Key        | Description                       |
+| ---------- | --------------------------------- |
+| `username` | The generated PostgreSQL username |
+| `password` | The generated PostgreSQL password |
+
+## Parameters
+
+| Key                       | Default      | Description |
+| ------------------------- | ------------ | ----------- |
+| `database`                | `postgres`   | The name of the PostgreSQL database to connect to. |
+| `host`                    | **Required** | The hostname or IP of the PostgreSQL server. |
+| `port`                    | `5432`       | The port used to connect to the PostgreSQL server. |
+| `auth.username`           | `postgres`   | Admin username for authentication. |
+| `auth.password.name`      | **Required** | Kubernetes secret name containing the admin password. |
+| `auth.password.key`       | **Required** | Key in the secret that holds the admin password. |
+| `user.username`           | **Required** | The username to create. A random suffix will be appended. |
+| `user.suffixSize`         | `8`          | Length of the random suffix appended to the username. If set to 0, no suffix is appended. |
+| `user.attributes`         | `[]`         | List of PostgreSQL attributes to assign. Each item must be an object with a name field (e.g., `CREATEDBT`) and an optional value field for attributes that require a parameter (e.g.,`CONNECTION LIMIT`). |
+| `user.roles`              | `[]`         | List of existing roles to grant to the user. Non-existent roles are created with no attributes. |
+| `user.destructiveCleanup` | `false`      | If `true`, all owned objects are dropped during cleanup. Otherwise, ownership is reassigned to the `reassignTo` user. |
+| `user.reassignTo`         | -            | The name of the role to which all owned objects should be reassigned during cleanup. `auth.username` is used if not set. |
+
+## Set up
+
+### PostgreSQL Permissions
+
+The admin user provided in the spec must have sufficient permissions to create and delete users in PostgreSQL. Typically, the built-in `postgres` admin account has the required permissions.
+
+### Generator Config
+
+<CodeGroup> 
+```yaml 
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: PostgreSql
+metadata:
+  name: postgres-generator
+  namespace: default
+spec:
+  host: postgres.default.svc.cluster.local
+  port: "5432"
+  database: postgres
+  auth:
+    username: postgres
+    password:
+      name: pg-admin-secret
+      key: password
+  user:
+    username: appuser
+    suffixSize: 6
+    attributes:
+      - name: CREATEDB
+      - name: "CONNECTION LIMIT"
+        value: "10"
+    roles:
+      - pg_read_all_data
+      - custom_role
+    destructiveCleanup: false
+```
+</CodeGroup>
+
+### ExternalSecret Config
+
+```yaml
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: postgres-credentials
+  namespace: default
+spec:
+  refreshInterval: 1h # Rotates every 1 hour
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: PostgreSql
+          name: postgres-generator
+```
+
+### Using the Generated Secret
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: my-app
+  template:
+    metadata:
+      labels:
+        app: my-app
+    spec:
+      containers:
+        - name: my-container
+          image: my-image:latest
+          env:
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: password
+```
+
+### Notes and Considerations
+
+* If destructiveCleanup is true, owned objects are dropped before dropping the user.
+* If destructiveCleanup is false, ownership is reassigned to the user defined in user.reassignTo.
+* If user.reassignTo is not set, the admin user defined in auth.username is used for reassignment.
+* If user.reassignTo does not exists, it will be created with no attributes or roles.
+* Roles listed in user.roles are created if missing and assigned to the generated user.
+* Only the standard PostgreSQL attributes (SUPERUSER, CREATEDB, CREATEROLE, REPLICATION) are supported.

mint.json

@@ -136,7 +136,8 @@
           "group": "Generators",
           "pages": [
             "docs/enterprise/externalsecrets/generators/iam-keys",
-            "docs/enterprise/externalsecrets/generators/neo4j"
+            "docs/enterprise/externalsecrets/generators/neo4j",
+            "docs/enterprise/externalsecrets/generators/postgresql"
           ]
         },
         {