external-secret.yaml

#
#  Author: Hari Sekhon
#  Date: 2022-12-09 22:22:30 +0000 (Fri, 09 Dec 2022)
#
#  vim:ts=2:sts=2:sw=2:et
#  lint: k8s
#  kics-scan ignore
#
#  https://github.com/HariSekhon/Kubernetes-configs
#
#  License: see accompanying Hari Sekhon LICENSE file
#
#  If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
#  https://www.linkedin.com/in/HariSekhon
#

# ============================================================================ #
#                         E x t e r n a l   S e c r e t
# ============================================================================ #

# https://external-secrets.io/v0.8.1/api/externalsecret/

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: NAME  # XXX: Edit
  namespace: NAMESPACE  # XXX: Edit - K8s Secret will be pull to this same namespace as this ExternalSecret
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: aws-secrets-manager
    #name: gcp-secret-manager
    kind: SecretStore
    #kind: ClusterSecretStore
  target:
    name: k8s-secret-to-be-created  # XXX: Edit
    #creationPolicy: Owner  # XXX: Danger, overwrites other keys, see https://github.com/external-secrets/external-secrets/issues/2416
    creationPolicy: Merge
  data:
    - secretKey: k8s-key-within-secret-to-be-managed  # XXX: Edit
      remoteRef:
        key: provider-key  # XXX: Edit
        #version: provider-key-version
        #property: provider-key-property
  #dataFrom:
  #  - extract:
  #      key: remote-key-in-the-provider