strato-infra/flux/cluster/core/external-secrets/vault-secret-store.yaml

27 lines
873 B
YAML

apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
namespace: external-secrets
spec:
provider:
vault:
server: "https://vault.asraphiel.dev"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
roleId: "48a0e39d-e7e8-4ac2-529c-db99ffa1f6b0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "external-secrets"
key: "secret-id"