{% raw %}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: sonarqube-api-token
  namespace: ci
spec:
  refreshInterval: 1m
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: sonarqube-api-token
    template:
      metadata:
        labels:
          "jenkins.io/credentials-type": "secretText"
        annotations:
          "jenkins.io/credentials-description": "sonarqube api token"
      data:
        text: >-
          {{ printf "{{ .password | toString }}" }}
  data:
    - secretKey: password
      remoteRef:
        key: jenkins-credentials
        property: sonarqube-api-token
{% endraw %}