59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
# SecretStore for HashiCorp Vault
|
|
# This configures External Secrets Operator to fetch secrets from Vault
|
|
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: SecretStore
|
|
metadata:
|
|
name: vault-store
|
|
namespace: veza-production
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: "https://vault.veza.internal:8200"
|
|
path: "secret"
|
|
version: "v2"
|
|
auth:
|
|
kubernetes:
|
|
mountPath: "kubernetes"
|
|
role: "veza-external-secrets"
|
|
serviceAccountRef:
|
|
name: external-secrets
|
|
---
|
|
# For development environment
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: SecretStore
|
|
metadata:
|
|
name: vault-store
|
|
namespace: veza-development
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: "https://vault.veza.internal:8200"
|
|
path: "secret"
|
|
version: "v2"
|
|
auth:
|
|
kubernetes:
|
|
mountPath: "kubernetes"
|
|
role: "veza-external-secrets-dev"
|
|
serviceAccountRef:
|
|
name: external-secrets
|
|
---
|
|
# For staging environment
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: SecretStore
|
|
metadata:
|
|
name: vault-store
|
|
namespace: veza-staging
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: "https://vault.veza.internal:8200"
|
|
path: "secret"
|
|
version: "v2"
|
|
auth:
|
|
kubernetes:
|
|
mountPath: "kubernetes"
|
|
role: "veza-external-secrets-staging"
|
|
serviceAccountRef:
|
|
name: external-secrets
|
|
|