khuedoan-homelab/platform/external-secrets/templates/clustersecretstore.yaml

apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
  name: vault
spec:
  provider:
    vault:
      server: http://vault.vault:8200
      path: secret
      auth:
        tokenSecretRef:
          name: vault-unseal-keys
          namespace: vault
          key: vault-root
        # TODO switch to kubernetes auth
        # kubernetes:
        #   mountPath: "kubernetes"
        #   role: "demo"
        #   serviceAccountRef:
        #     name: "my-sa"
        #     namespace: "secret-admin"
        #   secretRef:
        #     name: "my-secret"
        #     namespace: "secret-admin"
        #     key: "vault"
chore(external-secrets): upgrade API version to v1beta1 2022-05-07 23:49:16 +07:00			`apiVersion: external-secrets.io/v1beta1`
feat(external-secrets): add test secret store 2022-02-26 10:37:25 +07:00			`kind: ClusterSecretStore`
			`metadata:`
			`name: vault`
			`spec:`
			`provider:`
			`vault:`
			`server: http://vault.vault:8200`
			`path: secret`
			`auth:`
			`tokenSecretRef:`
fix(external-secrets): use the correct vault secret ref 2022-05-12 12:11:27 +07:00			`name: vault-unseal-keys`
feat(external-secrets): add test secret store 2022-02-26 10:37:25 +07:00			`namespace: vault`
fix(external-secrets): use the correct vault secret ref 2022-05-12 12:11:27 +07:00			`key: vault-root`
feat(external-secrets): add test secret store 2022-02-26 10:37:25 +07:00			`# TODO switch to kubernetes auth`
			`# kubernetes:`
			`# mountPath: "kubernetes"`
			`# role: "demo"`
			`# serviceAccountRef:`
			`# name: "my-sa"`
			`# namespace: "secret-admin"`
			`# secretRef:`
			`# name: "my-secret"`
			`# namespace: "secret-admin"`
			`# key: "vault"`