# Quick Start: Copy to your repository # # This file shows the minimal steps to get external-secrets working # in your application repository. ## Step 1: Create the folder structure ```bash mkdir -p k8s/secrets- cd k8s/secrets- ``` ## Step 2: Copy template files Copy the following template files to your `secrets-/` folder: ```bash # Choose based on your secret backend: # For Vault: cp secretstore-vault.yaml ./ # For Kubernetes secrets: cp secretstore-kubernetes.yaml ./ # Choose based on what you want to sync: # For individual secret properties: cp externalsecret-basic.yaml ./ # For entire secret objects: cp externalsecret-extract.yaml ./ # For advanced templating: cp externalsecret-advanced.yaml ./ ``` ## Step 3: Customize the files Edit each file and replace the CHANGE markers: ```bash # Edit secretstore vim secretstore-vault.yaml # Edit externalsecret vim externalsecret-basic.yaml ``` Key things to customize: - Namespace (where your app runs) - Vault server URL - Vault secret paths - Secret property names - Refresh interval ## Step 4: Apply to your cluster ```bash kubectl apply -f k8s/secrets-/ ``` ## Step 5: Verify ```bash # Check if the ExternalSecret synced successfully kubectl get externalsecret -n # Check if the secret was created kubectl get secret app-secrets -n # View the secret contents (be careful with sensitive data!) kubectl get secret app-secrets -n -o jsonpath='{.data}' | jq . ``` ## Step 6: Use in your Deployment Reference the synced secret in your Deployment/StatefulSet/DaemonSet: ```yaml envFrom: - secretRef: name: app-secrets ``` See `deployment-example.yaml` for more usage patterns. ## Troubleshooting If the ExternalSecret doesn't sync: ```bash # Check status kubectl describe externalsecret app-secrets -n # Check operator logs kubectl logs -n external-secrets deployment/external-secrets # Verify SecretStore is reachable kubectl describe secretstore vault-secretstore -n ``` See `USAGE.md` in the external-secrets chart for detailed troubleshooting.