apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: woodpecker-harbor-creds
  namespace: dev-tools
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-cicd                  # ClusterSecretStore for CICD secrets
    kind: ClusterSecretStore
  target:
    name: woodpecker-harbor-secret    # K8s Secret that will be created
    creationPolicy: Owner
  data:
    - secretKey: docker_username
      remoteRef:
        key: harbor                   # relative to ClusterSecretStore's path (cicd)
        property: docker_username
    - secretKey: docker_password
      remoteRef:
        key: harbor
        property: docker_password