129 lines
3.1 KiB
YAML
129 lines
3.1 KiB
YAML
# ExternalSecret for Veza Production Secrets
|
|
# This syncs secrets from Vault into Kubernetes Secrets
|
|
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: veza-secrets
|
|
namespace: veza-production
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: vault-store
|
|
kind: SecretStore
|
|
target:
|
|
name: veza-secrets
|
|
creationPolicy: Owner
|
|
template:
|
|
type: Opaque
|
|
data:
|
|
database-url: "{{ .database_url }}"
|
|
redis-url: "{{ .redis_url }}"
|
|
jwt-secret: "{{ .jwt_secret }}"
|
|
stripe-api-key: "{{ .stripe_api_key }}"
|
|
stripe-webhook-secret: "{{ .stripe_webhook_secret }}"
|
|
smtp-password: "{{ .smtp_password }}"
|
|
s3-access-key: "{{ .s3_access_key }}"
|
|
s3-secret-key: "{{ .s3_secret_key }}"
|
|
data:
|
|
- secretKey: database_url
|
|
remoteRef:
|
|
key: veza/production
|
|
property: database-url
|
|
- secretKey: redis_url
|
|
remoteRef:
|
|
key: veza/production
|
|
property: redis-url
|
|
- secretKey: jwt_secret
|
|
remoteRef:
|
|
key: veza/production
|
|
property: jwt-secret
|
|
- secretKey: stripe_api_key
|
|
remoteRef:
|
|
key: veza/production
|
|
property: stripe-api-key
|
|
- secretKey: stripe_webhook_secret
|
|
remoteRef:
|
|
key: veza/production
|
|
property: stripe-webhook-secret
|
|
- secretKey: smtp_password
|
|
remoteRef:
|
|
key: veza/production
|
|
property: smtp-password
|
|
- secretKey: s3_access_key
|
|
remoteRef:
|
|
key: veza/production
|
|
property: s3-access-key
|
|
- secretKey: s3_secret_key
|
|
remoteRef:
|
|
key: veza/production
|
|
property: s3-secret-key
|
|
---
|
|
# ExternalSecret for Development
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: veza-secrets
|
|
namespace: veza-development
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: vault-store
|
|
kind: SecretStore
|
|
target:
|
|
name: veza-secrets
|
|
creationPolicy: Owner
|
|
template:
|
|
type: Opaque
|
|
data:
|
|
database-url: "{{ .database_url }}"
|
|
redis-url: "{{ .redis_url }}"
|
|
jwt-secret: "{{ .jwt_secret }}"
|
|
data:
|
|
- secretKey: database_url
|
|
remoteRef:
|
|
key: veza/development
|
|
property: database-url
|
|
- secretKey: redis_url
|
|
remoteRef:
|
|
key: veza/development
|
|
property: redis-url
|
|
- secretKey: jwt_secret
|
|
remoteRef:
|
|
key: veza/development
|
|
property: jwt-secret
|
|
---
|
|
# ExternalSecret for Staging
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: veza-secrets
|
|
namespace: veza-staging
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: vault-store
|
|
kind: SecretStore
|
|
target:
|
|
name: veza-secrets
|
|
creationPolicy: Owner
|
|
template:
|
|
type: Opaque
|
|
data:
|
|
database-url: "{{ .database_url }}"
|
|
redis-url: "{{ .redis_url }}"
|
|
jwt-secret: "{{ .jwt_secret }}"
|
|
data:
|
|
- secretKey: database_url
|
|
remoteRef:
|
|
key: veza/staging
|
|
property: database-url
|
|
- secretKey: redis_url
|
|
remoteRef:
|
|
key: veza/staging
|
|
property: redis-url
|
|
- secretKey: jwt_secret
|
|
remoteRef:
|
|
key: veza/staging
|
|
property: jwt-secret
|
|
|