apiVersion: external-secrets.io/v1alpha1
kind: ClusterSecretStore
metadata:
  name: vault
  namespace: external-secrets
spec:
  provider:
    vault:
      server: "http://10.42.42.6:8200"
      path: "k8s"
      version: "v2"
      auth:
        # VaultAppRole authenticates with Vault using the
        # App Role auth mechanism
        # https://www.vaultproject.io/docs/auth/approle
        tokenSecretRef:
          name: "vault-secret-id"
          namespace: "external-secrets"
          key: "token"
        # appRole:
        #   # Path where the App Role authentication backend is mounted
        #   path: "approle"
        #   # RoleID configured in the App Role authentication backend
        #   roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
        #   # Reference to a key in a K8 Secret that contains the App Role SecretId
        #   # (not commited in git)
        #   secretRef:
        #     name: "vault-secret-id"
        #     namespace: "external-secrets"
        #     key: "secret-id"