logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738
							---
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: pushsecret-example # customizable
spec:
  deletionPolicy: Delete
  refreshInterval: 1h0m0s
  secretStoreRefs:
    - name: onepassword
      kind: SecretStore
  selector:
    secret:
      name: source-secret # Source Kubernetes secret
  data:
    - match:
        secretKey: api-key # Source Kubernetes secret key to be pushed
        remoteRef:
          remoteKey: 1pw-item-name     # 1Password item name
          property: password           # Field label within the 1Password item
      metadata:
        apiVersion: kubernetes.external-secrets.io/v1alpha1
        kind: PushSecretMetadata
        spec:
          tags: ["tag1", "tag2"]  # (Optional) tags on the 1Password item (item-level, not field-level)
                                  # Tags are shared across all fields of the same remoteKey — last write wins if entries differ
          fieldType: concealed    # (Optional) field type (default: concealed)
                                  # Accepted values (case-insensitive): text|string|concealed|password|url|email|phone|date|monthYear
    - match:
        secretKey: api-url
        remoteRef:
          remoteKey: 1pw-item-name     # Same 1Password item — adds a second field
          property: api-endpoint
      metadata:
        apiVersion: kubernetes.external-secrets.io/v1alpha1
        kind: PushSecretMetadata
        spec:
          fieldType: url