Vault integration with external secrets

kostis-codefresh · kostis-codefresh · commit 3ba38a8211eb · 2024-07-04T17:30:39.000+03:00
diff --git a/external-secrets/app/external-secret.yml b/external-secrets/app/external-secret.yml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-example
+spec:
+  refreshInterval: "15s"
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: example-sync
+  data:
+  - secretKey: foobar
+    remoteRef:
+      key: foo
+      property: my-value
diff --git a/external-secrets/vault-integration/secretstore.yml b/external-secrets/vault-integration/secretstore.yml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: "http://vault.vault:8200"
+      path: "secret"
+      # Version is the Vault KV secret engine version.
+      # This can be either "v1" or "v2", defaults to "v2"
+      version: "v2"
+      auth:
+        # points to a secret that contains a vault token
+        # https://www.vaultproject.io/docs/auth/token
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "demo"
