bolt.diy/k8s/external-secret.yaml

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: buildify-auth-secrets
  namespace: buildify
  annotations:
    description: "Authentication secrets for Buildify application"
    owner: "DevOps Team"
    lastRotated: "2025-05-31"  # Update this when secrets are rotated
spec:
  refreshInterval: "1h"  # Check for updates every hour
  secretStoreRef:
    kind: ClusterSecretStore
    name: aws-secretsmanager
  target:
    name: buildify-auth-secrets  # K8s Secret that will be created
    creationPolicy: Owner
  data:
    # Map each key from AWS Secrets Manager to the corresponding key in the K8s Secret
    - secretKey: SESSION_SECRET
      remoteRef:
        key: buildify/auth  # AWS Secrets Manager secret name
        property: SESSION_SECRET  # JSON property in the secret
    - secretKey: GITHUB_CLIENT_ID
      remoteRef:
        key: buildify/auth
        property: GITHUB_CLIENT_ID
    - secretKey: GITHUB_CLIENT_SECRET
      remoteRef:
        key: buildify/auth
        property: GITHUB_CLIENT_SECRET