apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: minio-root-password
  namespace: minio
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: minio-root-password
    creationPolicy: Owner
  data:
    - secretKey: root-user
      remoteRef:
        key: minio
        property: ROOT_USER
    - secretKey: root-password
      remoteRef:
        key: minio
        property: ROOT_PASSWORD
    - secretKey: rootUser
      remoteRef:
        key: minio
        property: ROOT_USER
    - secretKey: rootPassword
      remoteRef:
        key: minio
        property: ROOT_PASSWORD
---
apiVersion: external-secrets.io/v1
kind: ClusterExternalSecret
metadata:
  name: minio-s3-credentials
spec:
  namespaceSelector:
    matchLabels:
      minio-s3: enabled
  refreshInterval: 1h
  externalSecretSpec:
    secretStoreRef:
      kind: ClusterSecretStore
      name: vault-backend
    target:
      name: minio-s3-credentials
      creationPolicy: Owner
    data:
      - secretKey: AWS_ACCESS_KEY_ID
        remoteRef:
          key: minio-s3-credentials
          property: AWS_ACCESS_KEY_ID
      - secretKey: AWS_SECRET_ACCESS_KEY
        remoteRef:
          key: minio-s3-credentials
          property: AWS_SECRET_ACCESS_KEY
      - secretKey: AWS_REGION
        remoteRef:
          key: minio-s3-credentials
          property: AWS_REGION
      - secretKey: AWS_S3_ENDPOINT
        remoteRef:
          key: minio-s3-credentials
          property: AWS_S3_ENDPOINT