# apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: vault-snapshot-agent-token # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: vault-snapshot-agent-token # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/version: {{ .Chart.AppVersion }} # app.kubernetes.io/component: snapshot # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: vault # data: # - secretKey: VAULT_APPROLE_ROLE_ID # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/snapshot/approle # metadataPolicy: None # property: role-id # - secretKey: VAULT_APPROLE_SECRET_ID # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/snapshot/approle # metadataPolicy: None # property: secret-id # --- # apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: vault-snapshot-s3 # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: vault-snapshot-s3 # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/version: {{ .Chart.AppVersion }} # app.kubernetes.io/component: snapshot # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: vault # data: # - secretKey: AWS_ACCESS_KEY_ID # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /digital-ocean/home-infra/vault-backup # metadataPolicy: None # property: AWS_ACCESS_KEY_ID # - secretKey: AWS_DEFAULT_REGION # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /digital-ocean/home-infra/vault-backup # metadataPolicy: None # property: AWS_DEFAULT_REGION # - secretKey: AWS_ENDPOINT_URL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /digital-ocean/home-infra/vault-backup # metadataPolicy: None # property: AWS_ENDPOINT_URL # - secretKey: AWS_SECRET_ACCESS_KEY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /digital-ocean/home-infra/vault-backup # metadataPolicy: None # property: AWS_SECRET_ACCESS_KEY # --- # apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: vault-unseal-config-1 # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: vault-unseal-key-1 # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/version: {{ .Chart.AppVersion }} # app.kubernetes.io/component: unseal # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: vault # data: # - secretKey: ENVIRONMENT # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: ENVIRONMENT # - secretKey: CHECK_INTERVAL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: CHECK_INTERVAL # - secretKey: MAX_CHECK_INTERVAL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: MAX_CHECK_INTERVAL # - secretKey: NODES # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: NODES # - secretKey: TLS_SKIP_VERIFY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: TLS_SKIP_VERIFY # - secretKey: TOKENS # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: TOKENS # - secretKey: EMAIL_ENABLED # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: EMAIL_ENABLED # - secretKey: NOTIFY_MAX_ELAPSED # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: NOTIFY_MAX_ELAPSED # - secretKey: NOTIFY_QUEUE_DELAY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-1 # metadataPolicy: None # property: NOTIFY_QUEUE_DELAY # --- # apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: vault-unseal-config-2 # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: vault-unseal-key-2 # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/version: {{ .Chart.AppVersion }} # app.kubernetes.io/component: unseal # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: vault # data: # - secretKey: ENVIRONMENT # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: ENVIRONMENT # - secretKey: CHECK_INTERVAL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: CHECK_INTERVAL # - secretKey: MAX_CHECK_INTERVAL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: MAX_CHECK_INTERVAL # - secretKey: NODES # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: NODES # - secretKey: TLS_SKIP_VERIFY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: TLS_SKIP_VERIFY # - secretKey: TOKENS # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: TOKENS # - secretKey: EMAIL_ENABLED # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: EMAIL_ENABLED # - secretKey: NOTIFY_MAX_ELAPSED # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: NOTIFY_MAX_ELAPSED # - secretKey: NOTIFY_QUEUE_DELAY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-2 # metadataPolicy: None # property: NOTIFY_QUEUE_DELAY # --- # apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: vault-unseal-config-3 # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: vault-unseal-config-3 # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/version: {{ .Chart.AppVersion }} # app.kubernetes.io/component: unseal # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: vault # data: # - secretKey: ENVIRONMENT # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: ENVIRONMENT # - secretKey: CHECK_INTERVAL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: CHECK_INTERVAL # - secretKey: MAX_CHECK_INTERVAL # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: MAX_CHECK_INTERVAL # - secretKey: NODES # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: NODES # - secretKey: TLS_SKIP_VERIFY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: TLS_SKIP_VERIFY # - secretKey: TOKENS # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: TOKENS # - secretKey: EMAIL_ENABLED # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: EMAIL_ENABLED # - secretKey: NOTIFY_MAX_ELAPSED # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: NOTIFY_MAX_ELAPSED # - secretKey: NOTIFY_QUEUE_DELAY # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/unseal/config-3 # metadataPolicy: None # property: NOTIFY_QUEUE_DELAY # --- # apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: vault-token # namespace: {{ .Release.Namespace }} # labels: # app.kubernetes.io/name: vault-token # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/version: {{ .Chart.AppVersion }} # app.kubernetes.io/component: token # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: # secretStoreRef: # kind: ClusterSecretStore # name: vault # data: # - secretKey: token # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/token # metadataPolicy: None # property: token # - secretKey: unseal_key_1 # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/token # metadataPolicy: None # property: unseal_key_1 # - secretKey: unseal_key_2 # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/token # metadataPolicy: None # property: unseal_key_2 # - secretKey: unseal_key_3 # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/token # metadataPolicy: None # property: unseal_key_3 # - secretKey: unseal_key_4 # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/token # metadataPolicy: None # property: unseal_key_4 # - secretKey: unseal_key_5 # remoteRef: # conversionStrategy: Default # decodingStrategy: None # key: /cl01tl/vault/token # metadataPolicy: None # property: unseal_key_5