apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: thanos-objstore-secret
  namespace: thanos
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: thanos-objstore-secret
    template:
      engineVersion: v2
      data:
        objstore.yml: |
          type: S3
          config:
            bucket: thanos
            endpoint: minio.minio.svc.cluster.local:9000
            access_key: {{ .access_key }}
            secret_key: {{ .secret_key }}
            insecure: true
  data:
    - secretKey: access_key
      remoteRef:
        key: secret/minio
        property: root-user
    - secretKey: secret_key
      remoteRef:
        key: secret/minio
        property: root-password