apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccountKey
metadata:
  name: clusterctl-gcp-api-key
spec:
  serviceAccountRef:
    name: placeholder
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecret
metadata:
  name: clusterctl-${cluster_hash}-gcp-api-key
spec:
  replication:
    automatic: true
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecretVersion
metadata:
  name: clusterctl-${cluster_hash}-gcp-api-key
spec:
  secretRef:
    name: clusterctl-${cluster_hash}-gcp-api-key
  enabled: true
  secretData:
    valueFrom:
      secretKeyRef:
        name: clusterctl-gcp-api-key
        key: key.json