alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

remove

Browse Source
This commit is contained in:
Alex Lebens
2025-02-16 22:24:50 -06:00
parent 50811026a5
commit f9da7d31bd
23 changed files with 382 additions and 1118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
clusters/standby/platform/vault/Chart.yaml
View File

@@ -16,13 +16,13 @@ dependencies:
- name: vault
version: 0.29.1
repository: https://helm.releases.hashicorp.com
- name: app-template
alias: snapshot
repository: https://bjw-s.github.io/helm-charts/
version: 3.6.1
- name: app-template
alias: unseal
repository: https://bjw-s.github.io/helm-charts/
version: 3.6.1
# - name: app-template
# alias: snapshot
# repository: https://bjw-s.github.io/helm-charts/
# version: 3.6.1
# - name: app-template
# alias: unseal
# repository: https://bjw-s.github.io/helm-charts/
# version: 3.6.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png
appVersion: 1.18.2

748
clusters/standby/platform/vault/templates/external-secret.yaml
View File

@@ -1,379 +1,379 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-snapshot-agent-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-agent-token
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: snapshot
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: VAULT_APPROLE_ROLE_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot/approle
metadataPolicy: None
property: role-id
- secretKey: VAULT_APPROLE_SECRET_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot/approle
metadataPolicy: None
property: secret-id
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: vault-snapshot-agent-token
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: vault-snapshot-agent-token
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: snapshot
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: VAULT_APPROLE_ROLE_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/snapshot/approle
# metadataPolicy: None
# property: role-id
# - secretKey: VAULT_APPROLE_SECRET_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/snapshot/approle
# metadataPolicy: None
# property: secret-id
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-snapshot-s3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-s3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: snapshot
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ENDPOINT_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_ENDPOINT_URL
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: vault-snapshot-s3
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: vault-snapshot-s3
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: snapshot
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/vault-backup
# metadataPolicy: None
# property: AWS_ACCESS_KEY_ID
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/vault-backup
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ENDPOINT_URL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/vault-backup
# metadataPolicy: None
# property: AWS_ENDPOINT_URL
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/vault-backup
# metadataPolicy: None
# property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-unseal-config-1
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-key-1
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: unseal
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ENVIRONMENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: vault-unseal-config-1
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: vault-unseal-key-1
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: unseal
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: ENVIRONMENT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: ENVIRONMENT
# - secretKey: CHECK_INTERVAL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: CHECK_INTERVAL
# - secretKey: MAX_CHECK_INTERVAL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: MAX_CHECK_INTERVAL
# - secretKey: NODES
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: NODES
# - secretKey: TLS_SKIP_VERIFY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: TLS_SKIP_VERIFY
# - secretKey: TOKENS
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: TOKENS
# - secretKey: EMAIL_ENABLED
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: EMAIL_ENABLED
# - secretKey: NOTIFY_MAX_ELAPSED
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: NOTIFY_MAX_ELAPSED
# - secretKey: NOTIFY_QUEUE_DELAY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None
# property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-unseal-config-2
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-key-2
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: unseal
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ENVIRONMENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: vault-unseal-config-2
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: vault-unseal-key-2
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: unseal
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: ENVIRONMENT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: ENVIRONMENT
# - secretKey: CHECK_INTERVAL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: CHECK_INTERVAL
# - secretKey: MAX_CHECK_INTERVAL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: MAX_CHECK_INTERVAL
# - secretKey: NODES
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: NODES
# - secretKey: TLS_SKIP_VERIFY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: TLS_SKIP_VERIFY
# - secretKey: TOKENS
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: TOKENS
# - secretKey: EMAIL_ENABLED
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: EMAIL_ENABLED
# - secretKey: NOTIFY_MAX_ELAPSED
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: NOTIFY_MAX_ELAPSED
# - secretKey: NOTIFY_QUEUE_DELAY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None
# property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-unseal-config-3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: unseal
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ENVIRONMENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: vault-unseal-config-3
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: vault-unseal-config-3
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: unseal
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: ENVIRONMENT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: ENVIRONMENT
# - secretKey: CHECK_INTERVAL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: CHECK_INTERVAL
# - secretKey: MAX_CHECK_INTERVAL
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: MAX_CHECK_INTERVAL
# - secretKey: NODES
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: NODES
# - secretKey: TLS_SKIP_VERIFY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: TLS_SKIP_VERIFY
# - secretKey: TOKENS
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: TOKENS
# - secretKey: EMAIL_ENABLED
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: EMAIL_ENABLED
# - secretKey: NOTIFY_MAX_ELAPSED
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: NOTIFY_MAX_ELAPSED
# - secretKey: NOTIFY_QUEUE_DELAY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None
# property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-token
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: token
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token
metadataPolicy: None
property: token
- secretKey: unseal_key_1
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_1
- secretKey: unseal_key_2
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_2
- secretKey: unseal_key_3
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_3
- secretKey: unseal_key_4
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_4
- secretKey: unseal_key_5
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_5
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: vault-token
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: vault-token
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: token
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: token
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/token
# metadataPolicy: None
# property: token
# - secretKey: unseal_key_1
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/token
# metadataPolicy: None
# property: unseal_key_1
# - secretKey: unseal_key_2
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/token
# metadataPolicy: None
# property: unseal_key_2
# - secretKey: unseal_key_3
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/token
# metadataPolicy: None
# property: unseal_key_3
# - secretKey: unseal_key_4
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/token
# metadataPolicy: None
# property: unseal_key_4
# - secretKey: unseal_key_5
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/vault/token
# metadataPolicy: None
# property: unseal_key_5