apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: aws-secretsmanager
spec:
  provider:
    aws:
      service: SecretsManager
      role: arn:aws:iam::123456789012:role/external-secrets
      region: eu-central-1
      secretsManager:
        # Additional parameters can be added to the AWS Secrets Manager DeleteSecret API call.
        # These parameters are only relevant when the deletionPolicy is set to Delete.
        # See: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#API_DeleteSecret_RequestSyntax
        forceDeleteWithoutRecovery: true
        # recoveryWindowInDays: 9 (conflicts with forceDeleteWithoutRecovery)