2022-03-09 09:48:25 +00:00
|
|
|
apiVersion: external-secrets.io/v1beta1
|
2021-05-12 20:50:05 +00:00
|
|
|
kind: SecretStore
|
|
|
|
|
metadata:
|
|
|
|
|
name: vault-backend
|
|
|
|
|
namespace: example
|
|
|
|
|
spec:
|
|
|
|
|
provider:
|
|
|
|
|
vault:
|
|
|
|
|
server: "https://vault.acme.org"
|
|
|
|
|
path: "secret"
|
|
|
|
|
version: "v2"
|
|
|
|
|
auth:
|
|
|
|
|
# Authenticate against Vault using a Kubernetes ServiceAccount
|
|
|
|
|
# token stored in a Secret.
|
|
|
|
|
# https://www.vaultproject.io/docs/auth/kubernetes
|
|
|
|
|
kubernetes:
|
|
|
|
|
# Path where the Kubernetes authentication backend is mounted in Vault
|
|
|
|
|
mountPath: "kubernetes"
|
|
|
|
|
# A required field containing the Vault Role to assume.
|
|
|
|
|
role: "demo"
|
|
|
|
|
# Optional service account field containing the name
|
|
|
|
|
# of a kubernetes ServiceAccount
|
|
|
|
|
serviceAccountRef:
|
|
|
|
|
name: "my-sa"
|
|
|
|
|
# Optional secret field containing a Kubernetes ServiceAccount JWT
|
|
|
|
|
# used for authenticating with Vault
|
|
|
|
|
secretRef:
|
|
|
|
|
name: "my-secret"
|
|
|
|
|
key: "vault"
|
