Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 194955a10e
Branches Tags
helm-externa...
/
docs
/
snippets
/
vault-kubernetes-store.yaml

vault-kubernetes-store.yaml 979 B
History Raw

1234567891011121314151617181920212223242526272829 
  1. apiVersion: external-secrets.io/v1
    2. 

  2. kind: SecretStore
    3. 

  3. metadata:
    4. 

  4.   name: vault-backend
    5. 

  5.   namespace: example
    6. 

  6. spec:
    7. 

  7.   provider:
    8. 

  8.     vault:
    9. 

  9.       server: "https://vault.acme.org"
    10. 

  10.       path: "secret"
    11. 

  11.       version: "v2"
    12. 

  12.       auth:
    13. 

  13.         # Authenticate against Vault using a Kubernetes ServiceAccount
    14. 

  14.         # token stored in a Secret.
    15. 

  15.         # https://www.vaultproject.io/docs/auth/kubernetes
    16. 

  16.         kubernetes:
    17. 

  17.           # Path where the Kubernetes authentication backend is mounted in Vault
    18. 

  18.           mountPath: "kubernetes"
    19. 

  19.           # A required field containing the Vault Role to assume.
    20. 

  20.           role: "demo"
    21. 

  21.           # Optional service account field containing the name
    22. 

  22.           # of a kubernetes ServiceAccount
    23. 

  23.           serviceAccountRef:
    24. 

  24.             name: "my-sa"
    25. 

  25.           # Optional secret field containing a Kubernetes ServiceAccount JWT
    26. 

  26.           #  used for authenticating with Vault
    27. 

  27.           secretRef:
    28. 

  28.             name: "my-secret"
    29. 

  29.             key: "vault"
    30.