...

Text file src/edge-infra.dev/config/pallets/edge/api/base/external-secrets.yaml

Documentation: edge-infra.dev/config/pallets/edge/api/base 

     1apiVersion: external-secrets.io/v1beta1
     2kind: ExternalSecret
     3metadata:
     4  name: auth
     5spec:
     6  data:
     7  - remoteRef:
     8      key: edge-backend-jwt-secret
     9    secretKey: APP_SECRET
    10  - remoteRef:
    11      key: edge-backend-launch-darkly-sdk-key
    12    secretKey: LD_KEY
    13  refreshInterval: 1m
    14  secretStoreRef:
    15    name: gcp-provider
    16    kind: ClusterSecretStore
    17  target:
    18    name: auth
    19    creationPolicy: Owner
    20---
    21apiVersion: iam.cnrm.cloud.google.com/v1beta1
    22kind: IAMPolicyMember
    23metadata:
    24  name: essa-edge-backend-jwt-secret
    25spec:
    26  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    27  resourceRef:
    28    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    29    kind: SecretManagerSecret
    30    external: projects/${gcp_project_id}/secrets/edge-backend-jwt-secret
    31  role: roles/secretmanager.secretAccessor
    32---
    33apiVersion: iam.cnrm.cloud.google.com/v1beta1
    34kind: IAMPolicyMember
    35metadata:
    36  name: edge-backend-launch-darkly-sdk-key
    37spec:
    38  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    39  resourceRef:
    40    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    41    kind: SecretManagerSecret
    42    external: projects/${gcp_project_id}/secrets/edge-backend-launch-darkly-sdk-key
    43  role: roles/secretmanager.secretAccessor
    44---
    45apiVersion: external-secrets.io/v1beta1
    46kind: ExternalSecret
    47metadata:
    48  name: edge-totp-secret-key
    49spec:
    50  data:
    51  - remoteRef:
    52      key: edge-backend-totp-secret
    53    secretKey: TOTP_SECRET_KEY
    54  refreshInterval: 1m
    55  secretStoreRef:
    56    name: gcp-provider
    57    kind: ClusterSecretStore
    58  target:
    59    name: edge-totp-secret-key
    60    creationPolicy: Owner
    61---
    62apiVersion: iam.cnrm.cloud.google.com/v1beta1
    63kind: IAMPolicyMember
    64metadata:
    65  name: essa-edge-totp-secret-key
    66spec:
    67  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    68  resourceRef:
    69    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    70    kind: SecretManagerSecret
    71    external: projects/${gcp_project_id}/secrets/edge-backend-totp-secret
    72  role: roles/secretmanager.secretAccessor
    73---
    74apiVersion: external-secrets.io/v1beta1
    75kind: ExternalSecret
    76metadata:
    77  name: okta-client-id
    78spec:
    79  data:
    80  - remoteRef:
    81      key: ${okta_secret_key}
    82    secretKey: OKTA_CLIENT_ID
    83  refreshInterval: 1m
    84  secretStoreRef:
    85    name: okta-provider
    86    kind: ClusterSecretStore
    87  target:
    88    name: okta-client-id
    89    creationPolicy: Owner

View as plain text