My ExternalSecret resource references a Hashicorp key-value Vault secret that stores a Google service account (json).
The ExternalSecret will create a Secret of type kubernetes.io/dockerconfigjson.
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gcr-external
namespace: vault-dev
spec:
refreshInterval:
secretStoreRef:
name: vault-backend
kind: SecretStore
target:
name: gcr
creationPolicy: Owner
template:
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: '\{"auths": {"eu.gcr.io": {"username": "_json_key", "password": {{ .data }} }}}'
data:
- secretKey: data
remoteRef:
key: gcp/sa
However, .dockerconfigjson string is not reading the *data *secretKey as it is referenced now with "password": {{ .data }}. What's the correct way to reference it?
