apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: minio-root-password namespace: minio spec: refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: vault-backend target: name: minio-root-password creationPolicy: Owner data: - secretKey: root-user remoteRef: key: storage/minio property: ROOT_USER - secretKey: root-password remoteRef: key: storage/minio property: ROOT_PASSWORD - secretKey: rootUser remoteRef: key: storage/minio property: ROOT_USER - secretKey: rootPassword remoteRef: key: storage/minio property: ROOT_PASSWORD --- apiVersion: external-secrets.io/v1 kind: ClusterExternalSecret metadata: name: minio-s3-credentials spec: namespaceSelector: matchLabels: minio-s3: enabled externalSecretSpec: refreshInterval: 1h0m0s secretStoreRef: kind: ClusterSecretStore name: vault-backend target: name: minio-s3-credentials creationPolicy: Owner deletionPolicy: Retain data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: key: storage/minio-s3-credentials property: AWS_ACCESS_KEY_ID conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: key: storage/minio-s3-credentials property: AWS_SECRET_ACCESS_KEY conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: AWS_REGION remoteRef: key: storage/minio-s3-credentials property: AWS_REGION conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: AWS_S3_ENDPOINT remoteRef: key: storage/minio-s3-credentials property: AWS_S3_ENDPOINT conversionStrategy: Default decodingStrategy: None metadataPolicy: None