From 9c2c5da57a23da4653fe5a87766a5ea5b65e859e Mon Sep 17 00:00:00 2001
From: Victor Roest <victor@xirion.net>
Date: Fri, 29 Oct 2021 22:44:40 +0200
Subject: [PATCH] external-secrets: back to approle

---
 .../external-secrets/vault-secret-store.yaml  | 26 ++++++++-----------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml
index 916d7e2..929866e 100644
--- a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml
+++ b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml
@@ -13,18 +13,14 @@ spec:
         # VaultAppRole authenticates with Vault using the
         # App Role auth mechanism
         # https://www.vaultproject.io/docs/auth/approle
-        tokenSecretRef:
-          name: "vault-secret-id"
-          namespace: "external-secrets"
-          key: "token"
-        # appRole:
-        #   # Path where the App Role authentication backend is mounted
-        #   path: "approle"
-        #   # RoleID configured in the App Role authentication backend
-        #   roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
-        #   # Reference to a key in a K8 Secret that contains the App Role SecretId
-        #   # (not commited in git)
-        #   secretRef:
-        #     name: "vault-secret-id"
-        #     namespace: "external-secrets"
-        #     key: "secret-id"
+        appRole:
+          # Path where the App Role authentication backend is mounted
+          path: "approle"
+          # RoleID configured in the App Role authentication backend
+          roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
+          # Reference to a key in a K8 Secret that contains the App Role SecretId
+          # (not commited in git)
+          secretRef:
+            name: "vault-secret-id"
+            namespace: "external-secrets"
+            key: "secret-id"