logic855
/
helm-external-secrets
mirrorاز https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536
							apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
  name: example-external-secret
spec:
  refreshInterval: 1h           # rate SecretManager pulls Azure
  secretStoreRef:
    kind: SecretStore
    name: example-secret-store               # name of the SecretStore (or kind specified)
 
  target:
    name: secret-to-be-created  # name of the k8s Secret to be created
    creationPolicy: Owner
  
  data:
  - secretKey: dev-secret-test  # name of the  key to be created in the secret object
    remoteRef:
      key: dev-secret-test #name of the SECRET in the Azure KV (no prefix => SECRET)

  - secretKey: dev-another-secret-test  # name of the  key to be created in the secret object
    remoteRef:
      key: secret/dev-secret-test #type and name of secret in the Azure KV

  - secretKey: dev-cert-test  # name of the  key to be created in the secret object
    remoteRef:
      key: cert/dev-cert-test #type/name of certificate in the Azure KV 
                              #raw value will be returned , use templating features for data processing

  - secretKey: dev-key-test  # name of the  key to be created in the secret object
    remoteRef:
      key: key/dev-key-test #type/name of the public key in the Azure KV 
  
  # dataFrom , return ALL secrets saved in the referenced secretStore 
  # each secret name in the KV will be used as the secret key in the SECRET k8s target object
  dataFrom: 
  - name: "*"