helm-external-secrets/docs/snippets/github-push-secret.yaml

apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: github-push-secret-example
spec:
  deletionPolicy: Delete
  refreshInterval: 10m # Refresh interval for which push secret will reconcile
  secretStoreRefs: # A list of secret stores to push secrets to
    - name: github # Must match SecretStore on the cluster
      kind: SecretStore
  selector:
    secret:
      name: EXTSERCRET # Remote Github actions secret that we want to sync with the kubernetes secret
  data:
    - match:
        secretKey: extsecret # Source Kubernetes secret key containing the secret
        remoteRef:
          remoteKey: EXTSECRET # Key of the kubernetes secret to push