27 lines
702 B
YAML
27 lines
702 B
YAML
# SecretStore for Google Cloud Secret Manager
|
|
# This configures External Secrets Operator to fetch secrets from GCP Secret Manager
|
|
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: external-secrets-gcp
|
|
namespace: veza-production
|
|
annotations:
|
|
iam.gke.io/gcp-service-account: veza-external-secrets@PROJECT_ID.iam.gserviceaccount.com
|
|
---
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: SecretStore
|
|
metadata:
|
|
name: gcp-store
|
|
namespace: veza-production
|
|
spec:
|
|
provider:
|
|
gcpsm:
|
|
projectId: PROJECT_ID
|
|
auth:
|
|
workloadIdentity:
|
|
clusterLocation: us-central1
|
|
clusterName: veza-cluster
|
|
serviceAccountRef:
|
|
name: external-secrets-gcp
|
|
|