{% raw %} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: my-secrets namespace: default spec: target: name: my-secrets deletionPolicy: Delete template: type: Opaque data: username: |- {{ .username }} password: |- {{ .password }} postgres-password: |- {{ .postgres_password }} postgres-replication-password: |- {{ .postgres_replication_password }} db_url: |- postgresql://{{ .username }}:{{ .password }}@my-postgresql:5432/mydb service_account_key: |- {{ .service_account_key }} ssh_pub_key: |- {{ .ssh_pub_key }} data: - secretKey: username sourceRef: storeRef: name: bitwarden-login kind: ClusterSecretStore # or SecretStore remoteRef: key: aaaabbbb-cccc-dddd-eeee-000011112222 property: username - secretKey: password sourceRef: storeRef: name: bitwarden-login kind: ClusterSecretStore # or SecretStore remoteRef: key: aaaabbbb-cccc-dddd-eeee-000011112222 property: password - secretKey: postgres_password sourceRef: storeRef: name: bitwarden-fields kind: ClusterSecretStore # or SecretStore remoteRef: key: aaaabbbb-cccc-dddd-eeee-000011112222 property: admin-password - secretKey: postgres_replication_password sourceRef: storeRef: name: bitwarden-fields kind: ClusterSecretStore # or SecretStore remoteRef: key: aaaabbbb-cccc-dddd-eeee-000011112222 property: postgres-replication-password - secretKey: service_account_key sourceRef: storeRef: name: bitwarden-notes kind: ClusterSecretStore # or SecretStore remoteRef: key: service_account_key - secretKey: ssh_pub_key sourceRef: storeRef: name: bitwarden-attachments kind: ClusterSecretStore # or SecretStore remoteRef: key: aaaabbbb-cccc-dddd-eeee-000011112222 property: id_rsa.pub {% endraw %}