apiVersion: kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
  name: policy-secrets
spec:
  rules:
    - name: secret1
      match:
        resources:
          kinds : 
          - Secret
          name: "mysecret"
      mutate:
        patches:
        - path: "/metadata/labels/isMutated"
          op: add
          value: "true"
        - path: "/metadata/labels/originalLabel"
          op: remove
        - path : "/data/newPass"
          op : add
          value : "bmV3UmFuZG9tUGFzcwo="
        - path : "/data/password"
          op : replace
          value : "Y29tcHJvbWlzZWQK"
      validate:
        message: "This type of secrets does not meet security criteria"
        pattern:
          type: "Opaque"