apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: openbao-snapshot-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-snapshot-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: key: /garage/home-infra/openbao-backups property: ACCESS_KEY_ID - secretKey: ACCESS_REGION remoteRef: key: /garage/home-infra/openbao-backups property: ACCESS_REGION - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: key: /garage/home-infra/openbao-backups property: ACCESS_SECRET_KEY - secretKey: BUCKET remoteRef: key: /garage/home-infra/openbao-backups property: BUCKET --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: openbao-unseal-config-1 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-unseal-config-1 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal property: ENVIRONMENT - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal property: NODES - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal property: TOKENS_1 - secretKey: NOTIFY_QUEUE_URLS remoteRef: key: /cl01tl/openbao/unseal property: NOTIFY_QUEUE_URLS --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: openbao-unseal-config-2 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-unseal-config-2 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal property: ENVIRONMENT - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal property: NODES - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal property: TOKENS_2 - secretKey: NOTIFY_QUEUE_URLS remoteRef: key: /cl01tl/openbao/unseal property: NOTIFY_QUEUE_URLS --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: openbao-unseal-config-3 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-unseal-config-3 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal property: ENVIRONMENT - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal property: NODES - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal property: TOKENS_3 - secretKey: NOTIFY_QUEUE_URLS remoteRef: key: /cl01tl/openbao/unseal property: NOTIFY_QUEUE_URLS # --- # apiVersion: external-secrets.io/v1 # kind: ExternalSecret # metadata: # name: openbao-token # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: openbao-token # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: openbao # data: # - secretKey: token # remoteRef: # key: /cl01tl/openbao/token # property: token # - secretKey: unseal_key_1 # remoteRef: # key: /cl01tl/openbao/token # property: unseal_key_1 # - secretKey: unseal_key_2 # remoteRef: # key: /cl01tl/openbao/token # property: unseal_key_2 # - secretKey: unseal_key_3 # remoteRef: # key: /cl01tl/openbao/token # property: unseal_key_3 # - secretKey: unseal_key_4 # remoteRef: # key: /cl01tl/openbao/token # property: unseal_key_4 # - secretKey: unseal_key_5 # remoteRef: # key: /cl01tl/openbao/token # property: unseal_key_5