{% raw %}
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: example
spec:
  refreshInterval: 1h           # rate SecretManager pulls KeeperSrucity
  secretStoreRef:
    kind: SecretStore
    name: example               # name of the SecretStore (or kind specified)
  target:
    name: secret-to-be-created  # name of the k8s Secret to be created
    creationPolicy: Owner
  dataFrom:
    - extract:
        key: OqPt3Vd37My7G8rTb-8Q  # ID of the Keeper Record
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: regcred
  namespace: external-secrets
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: keeper
    kind: ClusterSecretStore
  target:
    name: regcred
    creationPolicy: Owner
    template:
      engineVersion: v2
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: "{\"auths\":{\"registry.example.com\":{\"username\":\"{{ .username }}\",\"password\":\"{{ .password }}\",\"auth\":\"{{(printf \"%s:%s\" .username .password) | b64enc }}\"}}}"
  data:
    - secretKey: username
      remoteRef:
        key: OqPt3Vd37My7G8rTb-8Q
        property: login
    - secretKey: password
      remoteRef:
        key: OqPt3Vd37My7G8rTb-8Q
        property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: config
  namespace: external-secrets
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: keeper
    kind: ClusterSecretStore
  target:
    name: credentials
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        username: "{{ .login }}"
        password: "{{ .password }}"
  data:
    - secretKey: login
      remoteRef:
        key: OqPt3Vd37My7G8rTb-8Q
        property: login
    - secretKey: password
      remoteRef:
        key: OqPt3Vd37My7G8rTb-8Q
        property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: example
spec:
  refreshInterval: 1h           # rate SecretManager pulls KeeperSrucity
  secretStoreRef:
    kind: SecretStore
    name: example               # name of the SecretStore (or kind specified)
  target:
    name: secret-to-be-created  # name of the k8s Secret to be created
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        username: "{{  (fromJson .name).first }} {{  (fromJson .name).middle }} {{  (fromJson .name).last }}" # decode json string into vars
  dataFrom:
    - extract:
        key: OqPt3Vd37My7G8rTb-8Q  # ID of the Keeper Record
{% endraw %}