deploy-templates/templates/external-secrets/secretstore-aws.yaml (24 lines of code) (raw):
{{- if .Values.externalSecrets.enabled }}
{{- if eq .Values.externalSecrets.type "aws" }}
{{- $validAwsProviders := list "ParameterStore" "SecretsManager" }}
{{- if not (has .Values.externalSecrets.secretProvider.aws.service $validAwsProviders) }}
{{- fail "Unsupported AWS Secret Provider, expected ParameterStore or SecretsManager" }}
{{- end }}
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: {{ include "edp-install.secretStoreName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "edp-install.labels" . | nindent 4 }}
spec:
provider:
aws:
service: {{ .Values.externalSecrets.secretProvider.aws.service }}
region: {{ required "Region is not defined" .Values.externalSecrets.secretProvider.aws.region }}
auth:
jwt:
serviceAccountRef:
name: externalsecrets-aws
{{- end }}
{{- end }}