22 lines
781 B
YAML
22 lines
781 B
YAML
# Template ClusterSecretStore - Vault (Cluster-Wide)
|
|
#
|
|
# Use ClusterSecretStore if you want the store to be available cluster-wide.
|
|
# This is useful for shared secrets like TLS certificates or database credentials.
|
|
#
|
|
# Note: This should typically be created and managed by the infrastructure team,
|
|
# not individual applications.
|
|
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ClusterSecretStore
|
|
metadata:
|
|
name: vault-cluster-store
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: "https://vault.example.com:8200" # CHANGE: Your Vault server URL
|
|
path: "secret" # CHANGE: Your secret path in Vault
|
|
auth:
|
|
kubernetes:
|
|
mountPath: "kubernetes"
|
|
role: "cluster-app-role" # CHANGE: Your cluster-wide Vault role
|