6a8582e54d
- Add Cloud for Sovereignty landing zone architecture and deployment - Implement complete legal document management system - Reorganize documentation with improved navigation - Add infrastructure improvements (Dockerfiles, K8s, monitoring) - Add operational improvements (graceful shutdown, rate limiting, caching) - Create comprehensive project structure documentation - Add Azure deployment automation scripts - Improve repository navigation and organization
59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: SecretStore
|
|
metadata:
|
|
name: azure-keyvault
|
|
namespace: the-order
|
|
spec:
|
|
provider:
|
|
azurekv:
|
|
tenantId: "${AZURE_TENANT_ID}" # Set via environment variable
|
|
vaultUrl: "${AZURE_KEY_VAULT_URI}" # Set via environment variable
|
|
authType: WorkloadIdentity
|
|
serviceAccountRef:
|
|
name: external-secrets-sa
|
|
---
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: azure-secrets
|
|
namespace: the-order
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: azure-keyvault
|
|
kind: SecretStore
|
|
target:
|
|
name: the-order-secrets
|
|
creationPolicy: Owner
|
|
data:
|
|
# Database
|
|
- secretKey: database-url
|
|
remoteRef:
|
|
key: database-url
|
|
# Azure Storage
|
|
- secretKey: storage-account
|
|
remoteRef:
|
|
key: storage-account
|
|
- secretKey: storage-key
|
|
remoteRef:
|
|
key: storage-key
|
|
# Entra VerifiedID
|
|
- secretKey: entra-tenant-id
|
|
remoteRef:
|
|
key: entra-tenant-id
|
|
- secretKey: entra-client-id
|
|
remoteRef:
|
|
key: entra-client-id
|
|
- secretKey: entra-client-secret
|
|
remoteRef:
|
|
key: entra-client-secret
|
|
# Payment Gateway
|
|
- secretKey: payment-gateway-api-key
|
|
remoteRef:
|
|
key: payment-gateway-api-key
|
|
# Grafana
|
|
- secretKey: grafana-admin-password
|
|
remoteRef:
|
|
key: grafana-admin-password
|
|
|