add secret

clusters/cl01tl/helm/garage/templates/external-secret.yaml

@@ -33,3 +33,56 @@ spec:
         key: /cl01tl/garage/token
         metadataPolicy: None
         property: metric
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: garage-db-backup-secret-remote
+  namespace: garage
+spec:
+  data:
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+      secretKey: BUCKET_ENDPOINT
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+      secretKey: RESTIC_PASSWORD
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+      secretKey: AWS_DEFAULT_REGION
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+      secretKey: AWS_ACCESS_KEY_ID
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+      secretKey: AWS_SECRET_ACCESS_KEY
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      data:
+        RESTIC_REPOSITORY: '{{ .BUCKET_ENDPOINT }}/garage/garage-db'
+      engineVersion: v2
+      mergePolicy: Merge