apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vault-snapshot-agent-token namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-snapshot-agent-token app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: snapshot app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: VAULT_APPROLE_ROLE_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/snapshot/approle metadataPolicy: None property: role-id - secretKey: VAULT_APPROLE_SECRET_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/snapshot/approle metadataPolicy: None property: secret-id --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vault-snapshot-s3 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-snapshot-s3 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: snapshot app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/vault-backup metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/vault-backup metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ENDPOINT_URL remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/vault-backup metadataPolicy: None property: AWS_ENDPOINT_URL - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/vault-backup metadataPolicy: None property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vault-unseal-config-1 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-key-1 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: unseal app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-1 metadataPolicy: None property: NOTIFY_QUEUE_DELAY --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vault-unseal-config-2 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-key-2 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: unseal app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-2 metadataPolicy: None property: NOTIFY_QUEUE_DELAY --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vault-unseal-config-3 namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-3 app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: unseal app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ENVIRONMENT remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/unseal/config-3 metadataPolicy: None property: NOTIFY_QUEUE_DELAY --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vault-token namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-token app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: token app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: token remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/token metadataPolicy: None property: token - secretKey: unseal_key_1 remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/token metadataPolicy: None property: unseal_key_1 - secretKey: unseal_key_2 remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/token metadataPolicy: None property: unseal_key_2 - secretKey: unseal_key_3 remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/token metadataPolicy: None property: unseal_key_3 - secretKey: unseal_key_4 remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/token metadataPolicy: None property: unseal_key_4 - secretKey: unseal_key_5 remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/vault/token metadataPolicy: None property: unseal_key_5