Getting Started with External Secret Operator

To use External Secret Operator for your application, you need to perform the following steps:

• Login to Vault
• Add secrets in Vault
• Configure ExternalSecrets in Helm values

Prerequisite

Tenant CustomResource should be using template named as tenant-vault-access:

apiVersion: tenantoperator.stakater.com/v1alpha1
kind: Tenant
metadata:
  name: gabbar
spec:
  users:
    owner:
    - user1
    - user2
  quota: medium
  namespacetemplate:
    templateInstances:
    - spec:
        template: tenant-vault-access
        sync: true

Configure ExternalSecrets in Helm values

In your deploy/values.yaml, enable externalSecret and provide details of the secret path in Vault:

externalSecret:
    enabled: true
    secretStore:
      name: tenant-vault-secret-store
    files:   
     inventory-postgres: #Name of Kubernetes Secret
      data:
        postgresql-password: #Name of Kubernetes Secret Key
          remoteRef:
            key: inventory-postgres #Name of Vault Secret
            property: postgresql-password #Name of Vault Secret Key