Erich Blume
f2cdb41f35
Converts devpi secret from manual op inject to ExternalSecret. This validates the 1Password Connect + ESO workflow. The secret-root.yaml.tpl template is kept for reference but the ExternalSecret will now manage the devpi-root secret. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
25 lines
549 B
YAML
25 lines
549 B
YAML
# ExternalSecret for devpi root password
|
|
#
|
|
# Replaces the manual op inject workflow from secret-root.yaml.tpl
|
|
#
|
|
# 1Password item: "devpi" in blumeops vault
|
|
# Field: "root password"
|
|
#
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: devpi-root
|
|
namespace: devpi
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: onepassword-blumeops
|
|
target:
|
|
name: devpi-root
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: password
|
|
remoteRef:
|
|
key: devpi
|
|
property: root password
|