72 lines
1.8 KiB
YAML
72 lines
1.8 KiB
YAML
# Template ExternalSecret - With Advanced Templating
|
|
#
|
|
# This template demonstrates more advanced features:
|
|
# - Multiple secrets from different sources
|
|
# - Template transformations
|
|
# - Custom keys in the resulting Secret
|
|
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: app-secrets-advanced
|
|
namespace: default # CHANGE: Your application's namespace
|
|
spec:
|
|
refreshInterval: 30m
|
|
|
|
secretStoreRef:
|
|
name: vault-secretstore
|
|
kind: SecretStore
|
|
|
|
target:
|
|
name: app-secrets-advanced
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
# Build a custom configuration file from secret values
|
|
data:
|
|
config.yaml: |
|
|
database:
|
|
host: "{{ .db_host }}"
|
|
port: {{ .db_port }}
|
|
username: "{{ .db_user }}"
|
|
password: "{{ .db_password }}"
|
|
api:
|
|
key: "{{ .api_key }}"
|
|
secret: "{{ .api_secret }}"
|
|
.env: |
|
|
DATABASE_URL=postgresql://{{ .db_user }}:{{ .db_password }}@{{ .db_host }}:{{ .db_port }}/myapp
|
|
API_KEY={{ .api_key }}
|
|
|
|
data:
|
|
# Database credentials
|
|
- secretKey: db_host
|
|
remoteRef:
|
|
key: databases/postgres # CHANGE
|
|
property: host
|
|
|
|
- secretKey: db_port
|
|
remoteRef:
|
|
key: databases/postgres # CHANGE
|
|
property: port
|
|
|
|
- secretKey: db_user
|
|
remoteRef:
|
|
key: databases/postgres # CHANGE
|
|
property: username
|
|
|
|
- secretKey: db_password
|
|
remoteRef:
|
|
key: databases/postgres # CHANGE
|
|
property: password
|
|
|
|
# API credentials
|
|
- secretKey: api_key
|
|
remoteRef:
|
|
key: my-app/api-keys # CHANGE
|
|
property: key
|
|
|
|
- secretKey: api_secret
|
|
remoteRef:
|
|
key: my-app/api-keys # CHANGE
|
|
property: secret
|