theshire/kubernetes/apps/security/external-secrets/cluster-secrets/pgo-s3-creds.yaml

---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clusterexternalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ClusterExternalSecret
metadata:
  name: pgo-s3-creds
spec:
  externalSecretName: pgo-s3-creds

  namespaceSelector:
    matchLabels:
      pgo-enabled-hsn.dev: "true"

  refreshTime: "1m"

  externalSecretSpec:
    secretStoreRef:
      kind: ClusterSecretStore
      name: onepassword-connect

    target:
      name: pgo-s3-creds
      creationPolicy: Owner
      template:
        engineVersion: v2
        data:
          s3.conf: |
            [global]
            repo1-s3-key={{ .pgo_crunchy_postgres_access_key }}
            repo1-s3-key-secret={{ .pgo_crunchy_postgres_secret_key }}

    dataFrom:
      - extract:
          key: pgo-s3-creds
        rewrite:
          - regexp:
              source: "[-]"
              target: "_"
          - regexp:
              source: "(.*)"
              target: "pgo_$1"
Homelab 2024-01-11 15:03:54 -06:00			`---`
			`# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clusterexternalsecret_v1beta1.json`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ClusterExternalSecret`
			`metadata:`
			`name: pgo-s3-creds`
			`spec:`
			`externalSecretName: pgo-s3-creds`

			`namespaceSelector:`
			`matchLabels:`
			`pgo-enabled-hsn.dev: "true"`

			`refreshTime: "1m"`

			`externalSecretSpec:`
			`secretStoreRef:`
			`kind: ClusterSecretStore`
			`name: onepassword-connect`

			`target:`
			`name: pgo-s3-creds`
			`creationPolicy: Owner`
			`template:`
			`engineVersion: v2`
			`data:`
			`s3.conf: \|`
			`[global]`
			`repo1-s3-key={{ .pgo_crunchy_postgres_access_key }}`
			`repo1-s3-key-secret={{ .pgo_crunchy_postgres_secret_key }}`

			`dataFrom:`
			`- extract:`
			`key: pgo-s3-creds`
			`rewrite:`
			`- regexp:`
			`source: "[-]"`
			`target: "_"`
			`- regexp:`
			`source: "(.*)"`
			`target: "pgo_$1"`