mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
242a6ee1ef
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
49 lines
No EOL
1.3 KiB
YAML
49 lines
No EOL
1.3 KiB
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: database-credentials
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: SecretStore
|
|
name: azure-store
|
|
|
|
target:
|
|
name: database-credentials
|
|
creationPolicy: Owner
|
|
|
|
data:
|
|
# name of the SECRET in the Azure KV (no prefix is by default a SECRET)
|
|
- secretKey: database-username
|
|
remoteRef:
|
|
key: database-username
|
|
|
|
# explicit type and name of secret in the Azure KV
|
|
- secretKey: database-password
|
|
remoteRef:
|
|
key: secret/database-password
|
|
|
|
# metadataPolicy to fetch all the tags in JSON format
|
|
- secretKey: database-credentials-metadata
|
|
remoteRef:
|
|
key: database-credentials
|
|
metadataPolicy: Fetch
|
|
|
|
# metadataPolicy to fetch a specific tag which name must be in property
|
|
- secretKey: database-credentials
|
|
remoteRef:
|
|
key: database-credentials
|
|
metadataPolicy: Fetch
|
|
property: environment
|
|
|
|
# type/name of certificate in the Azure KV
|
|
# raw value will be returned, use templating features for data processing
|
|
- secretKey: db-client-cert
|
|
remoteRef:
|
|
key: cert/db-client-cert
|
|
|
|
# type/name of the public key in the Azure KV
|
|
# the key is returned PEM encoded
|
|
- secretKey: encryption-pubkey
|
|
remoteRef:
|
|
key: key/encryption-pubkey |