apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-snapshot-agent-token namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-snapshot-agent-token app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: VAULT_APPROLE_ROLE_ID remoteRef: key: /cl01tl/vault/snapshot property: VAULT_APPROLE_ROLE_ID - secretKey: VAULT_APPROLE_SECRET_ID remoteRef: key: /cl01tl/vault/snapshot property: VAULT_APPROLE_SECRET_ID --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-s3cmd-local-config namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-s3cmd-local-config app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: .s3cfg remoteRef: key: /garage/home-infra/vault-backups property: s3cfg-local - secretKey: BUCKET remoteRef: key: /garage/home-infra/vault-backups property: BUCKET --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-s3cmd-remote-config namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-s3cmd-remote-config app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: .s3cfg remoteRef: key: /garage/home-infra/vault-backups property: s3cfg-remote - secretKey: BUCKET remoteRef: key: /garage/home-infra/vault-backups property: BUCKET --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-s3cmd-external-config namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-s3cmd-external-config app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: .s3cfg remoteRef: key: /digital-ocean/home-infra/vault-backup property: s3cfg - secretKey: BUCKET remoteRef: key: /digital-ocean/home-infra/vault-backup property: BUCKET --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-backup-ntfy-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-backup-ntfy-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: NTFY_TOKEN remoteRef: key: /ntfy/user/cl01tl property: token - secretKey: NTFY_ENDPOINT remoteRef: key: /ntfy/user/cl01tl property: endpoint - secretKey: NTFY_TOPIC remoteRef: key: /cl01tl/vault/snapshot property: NTFY_TOPIC --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-unseal-config-1 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-1 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/vault/unseal/config-1 property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: key: /cl01tl/vault/unseal/config-1 property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: key: /cl01tl/vault/unseal/config-1 property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: key: /cl01tl/vault/unseal/config-1 property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: key: /cl01tl/vault/unseal/config-1 property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: key: /cl01tl/vault/unseal/config-1 property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: key: /cl01tl/vault/unseal/config-1 property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: key: /cl01tl/vault/unseal/config-1 property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: key: /cl01tl/vault/unseal/config-1 property: NOTIFY_QUEUE_DELAY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-unseal-config-2 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-2 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/vault/unseal/config-2 property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: key: /cl01tl/vault/unseal/config-2 property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: key: /cl01tl/vault/unseal/config-2 property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: key: /cl01tl/vault/unseal/config-2 property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: key: /cl01tl/vault/unseal/config-2 property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: key: /cl01tl/vault/unseal/config-2 property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: key: /cl01tl/vault/unseal/config-2 property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: key: /cl01tl/vault/unseal/config-2 property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: key: /cl01tl/vault/unseal/config-2 property: NOTIFY_QUEUE_DELAY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-unseal-config-3 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-3 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/vault/unseal/config-3 property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: key: /cl01tl/vault/unseal/config-3 property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: key: /cl01tl/vault/unseal/config-3 property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: key: /cl01tl/vault/unseal/config-3 property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: key: /cl01tl/vault/unseal/config-3 property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: key: /cl01tl/vault/unseal/config-3 property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: key: /cl01tl/vault/unseal/config-3 property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: key: /cl01tl/vault/unseal/config-3 property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: key: /cl01tl/vault/unseal/config-3 property: NOTIFY_QUEUE_DELAY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: vault-token namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-token app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: token remoteRef: key: /cl01tl/vault/token property: token - secretKey: unseal_key_1 remoteRef: key: /cl01tl/vault/token property: unseal_key_1 - secretKey: unseal_key_2 remoteRef: key: /cl01tl/vault/token property: unseal_key_2 - secretKey: unseal_key_3 remoteRef: key: /cl01tl/vault/token property: unseal_key_3 - secretKey: unseal_key_4 remoteRef: key: /cl01tl/vault/token property: unseal_key_4 - secretKey: unseal_key_5 remoteRef: key: /cl01tl/vault/token property: unseal_key_5