From 14cd4b560b2408acc59bf443d43701eef345c03e Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 27 Dec 2025 15:09:33 -0600 Subject: [PATCH] add secret --- .../garage/templates/external-secret.yaml | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/clusters/cl01tl/helm/garage/templates/external-secret.yaml b/clusters/cl01tl/helm/garage/templates/external-secret.yaml index 238fdb23b..4129eb2f0 100644 --- a/clusters/cl01tl/helm/garage/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/garage/templates/external-secret.yaml @@ -33,3 +33,56 @@ spec: key: /cl01tl/garage/token metadataPolicy: None property: metric + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-db-backup-secret-remote + namespace: garage +spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + secretKey: BUCKET_ENDPOINT + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + secretKey: RESTIC_PASSWORD + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + secretKey: AWS_DEFAULT_REGION + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + secretKey: AWS_ACCESS_KEY_ID + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + secretKey: AWS_SECRET_ACCESS_KEY + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + data: + RESTIC_REPOSITORY: '{{ .BUCKET_ENDPOINT }}/garage/garage-db' + engineVersion: v2 + mergePolicy: Merge