broadinstitute · katiewelch · Apr 2, 2024 · Mar 5, 2024 · Mar 5, 2024 · Mar 5, 2024
diff --git a/charts/create-secret-manager-secret/templates/vaultsecret.yaml b/charts/create-secret-manager-secret/templates/vaultsecret.yaml
@@ -19,3 +19,27 @@ spec:
       key: {{ .vaultKey }}
     {{- end }}
 {{- end -}}
+
+{{- range .Values.externalSecrets.secrets }}
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ .secretName }}
+  labels: {{- include "datarepo.labels" . | nindent 4 }}
+spec:
+  secretStoreRef:
+    name: cluster-secret-store
+    kind: ClusterSecretStore
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval | quote }}
+  data:
+    {{- range .data}}
+    - secretKey: {{ .secretKey}}
+      remoteRef:
+        key: {{ .key }}
+        property: {{ .property }}
+        {{- if .decodingStrategy }}
+        decodingStrategy: {{ .decodingStrategy }}
+        {{- end }}
+    {{- end}}
+{{- end -}}
diff --git a/charts/create-secret-manager-secret/values.yaml b/charts/create-secret-manager-secret/values.yaml
@@ -9,3 +9,14 @@ secrets:
 #  - kubeSecretKey:  ## name of kubeSecretKey
 #    path:  ## vault path
 #    vaultKey:  ## vault key name
+
+externalSecrets:
+  secrets: []
+  refreshInterval: "5m"
+
+# - secretName:               ## name of kubeSecret
+#   data:
+#     - secretKey:            ## name of kubeSecretKey
+#       key:                  ## key name
+#       property:             ## description of secret
+#       decodingStrategy:     ## how to decode secret