1apiVersion: external-secrets.io/v1beta1
2kind: ExternalSecret
3metadata:
4 name: edge-bsl
5spec:
6 data:
7 - remoteRef:
8 key: edge-bsl-prod-admin
9 property: secret-key
10 secretKey: EDGE_BSL_SECRET_KEY
11 - remoteRef:
12 key: edge-bsl-prod-admin
13 property: shared-key
14 secretKey: EDGE_BSL_SHARED_KEY
15 refreshInterval: 1m
16 secretStoreRef:
17 name: gcp-provider
18 kind: ClusterSecretStore
19 target:
20 name: edge-bsl
21 creationPolicy: Owner
22---
23apiVersion: iam.cnrm.cloud.google.com/v1beta1
24kind: IAMPolicyMember
25metadata:
26 name: essa-edge-bsl-prod-admin
27spec:
28 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
29 resourceRef:
30 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
31 kind: SecretManagerSecret
32 external: projects/${gcp_project_id}/secrets/edge-bsl-prod-admin
33 role: roles/secretmanager.secretAccessor
View as plain text