external-secrets/docs/snippets/chef-external-secret.yaml

{% raw %}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: vivid-external-secrets # name of ExternalSecret
  namespace: vivid # namespace inside which the ExternalSecret will be created
  annotations:
    company/contacts: user.a@company.com, user.b@company.com
    company/team: vivid-dev
  labels:
    app.kubernetes.io/name: external-secrets
spec:
  refreshInterval: 15m
  secretStoreRef:
    name: vivid-clustersecretstore # name of ClusterSecretStore
    kind: ClusterSecretStore
  data:
  - secretKey: USERNAME
    remoteRef:
      key: vivid_prod/global_user # databagName/dataItemName
      property: username # a json key in dataItem
  - secretKey: PASSWORD
    remoteRef:
      key: vivid_prod/global_user
      property: password
  - secretKey: APIKEY
    remoteRef:
      key: vivid_global/apikey
      property: api_key
  - secretKey: APP_PROPERTIES
    remoteRef:
      key: vivid_global/app_properties # databagName/dataItemName , it will fetch all key-vlaues present in the dataItem
  target:
    name: vivid-credentials # name of kubernetes Secret resource that will be created and will contain the obtained secrets
    creationPolicy: Owner
    template:
      mergePolicy: Replace    
      engineVersion: v2
      data:
        secrets.json: |
          {
            "username": "{{ .USERNAME }}",
            "password": "{{ .PASSWORD }}",
            "app_apikey": "{{ .APIKEY }}",
            "app_properties": "{{ .APP_PROPERTIES }}"
          }          

{% endraw %}