helm-external-secrets/docs/snippets/vault-pushsecret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: source-secret
  namespace: default
stringData:
  source-key: "{\"foo\":\"bar\"}" # Needs to be a JSON
---
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: pushsecret-example
  namespace: default
spec:
  refreshInterval: 10s # Refresh interval for which push secret will reconcile
  secretStoreRefs: # A list of secret stores to push secrets to
    - name: vault-secretstore
      kind: SecretStore
  selector:
    secret:
      name: source-secret # Source Kubernetes secret to be pushed
  data:
    - match:
        secretKey: source-key # Source Kubernetes secret key containing the vault secret (in JSON format)
        remoteRef:
          remoteKey: vault/secret # path to vault secret. This path is appended with the vault-store path.