mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
93 lines
2.5 KiB
YAML
93 lines
2.5 KiB
YAML
{% raw %}
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: example
|
|
spec:
|
|
refreshInterval: 1h # rate SecretManager pulls KeeperSrucity
|
|
secretStoreRef:
|
|
kind: SecretStore
|
|
name: example # name of the SecretStore (or kind specified)
|
|
target:
|
|
name: secret-to-be-created # name of the k8s Secret to be created
|
|
creationPolicy: Owner
|
|
dataFrom:
|
|
- extract:
|
|
key: OqPt3Vd37My7G8rTb-8Q # ID of the Keeper Record
|
|
---
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: regcred
|
|
namespace: external-secrets
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: keeper
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: regcred
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
type: kubernetes.io/dockerconfigjson
|
|
data:
|
|
.dockerconfigjson: "{\"auths\":{\"registry.example.com\":{\"username\":\"{{ .username }}\",\"password\":\"{{ .password }}\",\"auth\":\"{{(printf \"%s:%s\" .username .password) | b64enc }}\"}}}"
|
|
data:
|
|
- secretKey: username
|
|
remoteRef:
|
|
key: OqPt3Vd37My7G8rTb-8Q
|
|
property: login
|
|
- secretKey: password
|
|
remoteRef:
|
|
key: OqPt3Vd37My7G8rTb-8Q
|
|
property: password
|
|
---
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: config
|
|
namespace: external-secrets
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: keeper
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: credentials
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
username: "{{ .login }}"
|
|
password: "{{ .password }}"
|
|
data:
|
|
- secretKey: login
|
|
remoteRef:
|
|
key: OqPt3Vd37My7G8rTb-8Q
|
|
property: login
|
|
- secretKey: password
|
|
remoteRef:
|
|
key: OqPt3Vd37My7G8rTb-8Q
|
|
property: password
|
|
---
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: example
|
|
spec:
|
|
refreshInterval: 1h # rate SecretManager pulls KeeperSrucity
|
|
secretStoreRef:
|
|
kind: SecretStore
|
|
name: example # name of the SecretStore (or kind specified)
|
|
target:
|
|
name: secret-to-be-created # name of the k8s Secret to be created
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
username: "{{ (fromJson .name).first }} {{ (fromJson .name).middle }} {{ (fromJson .name).last }}" # decode json string into vars
|
|
dataFrom:
|
|
- extract:
|
|
key: OqPt3Vd37My7G8rTb-8Q # ID of the Keeper Record
|
|
{% endraw %}
|