1apiVersion: external-secrets.io/v1beta1
2kind: ExternalSecret
3metadata:
4 name: triage-party-github-token
5spec:
6 data:
7 - remoteRef:
8 key: ea-sports-github-token
9 secretKey: token
10 refreshInterval: 1m
11 secretStoreRef:
12 name: gcp-provider
13 kind: ClusterSecretStore
14 target:
15 name: triage-party-github-token
16 template:
17 data:
18 token: "{{ .token | toString }}"
19 creationPolicy: Owner
20---
21apiVersion: iam.cnrm.cloud.google.com/v1beta1
22kind: IAMPolicyMember
23metadata:
24 name: essa-ea-sports-github-token
25spec:
26 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
27 resourceRef:
28 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
29 kind: SecretManagerSecret
30 external: projects/${gcp_project_id}/secrets/ea-sports-github-token
31 role: roles/secretmanager.secretAccessor
View as plain text