1apiVersion: external-secrets.io/v1beta1
2kind: ExternalSecret
3metadata:
4 name: auth
5spec:
6 data:
7 - remoteRef:
8 key: edge-backend-jwt-secret
9 secretKey: APP_SECRET
10 refreshInterval: 1m
11 secretStoreRef:
12 name: gcp-provider
13 kind: ClusterSecretStore
14 target:
15 name: auth
16 creationPolicy: Owner
17---
18apiVersion: iam.cnrm.cloud.google.com/v1beta1
19kind: IAMPolicyMember
20metadata:
21 name: essa-edge-backend-jwt-secret
22spec:
23 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
24 resourceRef:
25 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
26 kind: SecretManagerSecret
27 external: projects/${gcp_project_id}/secrets/edge-backend-jwt-secret
28 role: roles/secretmanager.secretAccessor
29---
30apiVersion: external-secrets.io/v1beta1
31kind: ExternalSecret
32metadata:
33 name: session
34spec:
35 data:
36 - remoteRef:
37 key: edge-auth-proxy-session-secret
38 secretKey: SESSION_SECRET
39 refreshInterval: 1m
40 secretStoreRef:
41 name: gcp-provider
42 kind: ClusterSecretStore
43 target:
44 name: session
45 creationPolicy: Owner
46---
47apiVersion: iam.cnrm.cloud.google.com/v1beta1
48kind: IAMPolicyMember
49metadata:
50 name: essa-edge-auth-proxy-session-secret
51spec:
52 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
53 resourceRef:
54 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
55 kind: SecretManagerSecret
56 external: projects/${foreman_gcp_project_id}/secrets/edge-auth-proxy-session-secret
57 role: roles/secretmanager.secretAccessor
View as plain text