From 47c415439ff91b40fdbda5ae00708e2d0f5cd96f Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Fri, 12 Dec 2025 15:25:25 +0900
Subject: [PATCH] FEAT(app): add Vault SecretStore for todo-dev

- Add SecretStore configuration
- Enable Vault integration
---
 deploy/k8s/overlays/dev/kustomization.yaml |  3 ++-
 deploy/k8s/overlays/dev/secretstore.yaml   | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 deploy/k8s/overlays/dev/secretstore.yaml

diff --git a/deploy/k8s/overlays/dev/kustomization.yaml b/deploy/k8s/overlays/dev/kustomization.yaml
index 7144325..d6f97e4 100644
--- a/deploy/k8s/overlays/dev/kustomization.yaml
+++ b/deploy/k8s/overlays/dev/kustomization.yaml
@@ -7,6 +7,7 @@ resources:
   - ../../base
   - resourcequota.yaml
   - namespace.yaml
+  - secretstore.yaml
   - externalsecret.yaml
 
 commonLabels:
@@ -15,7 +16,7 @@ commonLabels:
 # 이미지 태그 설정
 images:
   - name: ghcr.io/mayne0213/todo
-    newTag: develop-sha-741395c60d615ff33f6d36e712090cd9eebb2f01
+    newTag: develop-sha-430ec8255b5afa16943e8dc63525f8042b282d61
 
 patchesStrategicMerge:
   - deployment-patch.yaml
diff --git a/deploy/k8s/overlays/dev/secretstore.yaml b/deploy/k8s/overlays/dev/secretstore.yaml
new file mode 100644
index 0000000..a4ab800
--- /dev/null
+++ b/deploy/k8s/overlays/dev/secretstore.yaml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: http://vault.vault.svc.cluster.local:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: todo-dev
+          serviceAccountRef:
+            name: external-secrets