logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435
							{% raw %}
apiVersion: v1
kind: Secret
metadata:
  name: source-certificate
data:
  tls.crt: <BASE64_ENCODED_PEM_CERTIFICATE>
  tls.key: <BASE64_ENCODED_PEM_KEY>
---
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: pushsecret-example
  namespace: default
spec:
  refreshInterval: 1h0m0s # Refresh interval for which push secret will reconcile
  deletionPolicy: Delete
  secretStoreRefs: # A list of secret stores to push secrets to
    - name: azure-store
      kind: SecretStore
  selector:
    secret:
      name: source-certificate # Source Kubernetes secret to be pushed
  template:
    engineVersion: v2
    data:
      # Use the `fullPemToPkcs12` function to convert the PEM-encoded certificate chain (certificate + intermediate certificates) + private key into a P12 file.
      # You can also use the `pemToPkcs12` function if you only want to include the certificate + private key without the intermediate certificates.
      cert.p12: '{{ fullPemToPkcs12 (index . "tls.crt" | toString) (index . "tls.key" | toString) | b64dec }}'
  data:
    - match:
        secretKey: cert.p12 # Reference to the generated P12 file in the template data
        remoteRef:
          remoteKey: cert/my-azkv-cert-name
{% endraw %}