Secret store

helm/homarr/dev/templates/db-encryption-externalsecret.yaml

@@ -1,5 +1,6 @@
 {{- if .Values.vault.enabled }}
-apiVersion: external-secrets.io/v1beta1
+---
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
   name: db-encryption
@@ -9,10 +10,10 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  refreshInterval: {{ .Values.vault.refreshInterval | default "1h" }}
+  refreshInterval: {{ .Values.vault.refreshInterval | default "5m" }}
   secretStoreRef:
     name: {{ .Values.vault.secretStoreName }}
-    kind: {{ .Values.vault.secretStoreKind | default "SecretStore" }}
+    kind: SecretStore
   target:
     name: db-encryption
     creationPolicy: Owner

helm/homarr/dev/templates/vault-secretstore.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.vault.enabled }}
+################
+# SECRET STORE #
+################
+---
+apiVersion: external-secrets.io/v1
+kind: SecretStore
+metadata:
+  name: vault-backend
+  namespace: {{ .Release.Namespace }}
+spec:
+  provider:
+    vault:
+      server: {{ .Values.vault.server }}
+      path: {{ .Values.vault.path | default "secret" }}
+      version: {{ .Values.vault.version | default "v2" }}
+      auth:
+        kubernetes:
+          mountPath: {{ .Values.vault.auth.kubernetes.mountPath }}
+          role: {{ .Values.vault.auth.kubernetes.role }}
+          serviceAccountRef:
+            name: {{ .Values.vault.auth.kubernetes.serviceAccountRef.name }}
+{{- end }}
+