apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
  name: aws-secrets-manager
  namespace: skills
spec:
  provider:
    aws:
      service: SecretsManager
      region: ap-northeast-2
      auth:
        jwt:
          serviceAccountRef:
            name: aws-external-secret-manager
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: aws-secrets
  namespace: skills
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: aws-secrets-manager
    kind: SecretStore
  target:
    name: secrets-manager-secret
    creationPolicy: Owner
  data:
  - secretKey: MYSQL_HOST
    remoteRef:
      key: gmst-secret
      property: MYSQL_HOST
  - secretKey: MYSQL_PASSWD
    remoteRef:
      key: gmst-secret
      property: MYSQL_PASSWD
  - secretKey: MYSQL_PORT
    remoteRef:
      key: gmst-secret
      property: MYSQL_PORT
  - secretKey: MYSQL_USERNAME
    remoteRef:
      key: gmst-secret
      property: MYSQL_USERNAME
  - secretKey: MYSQL_DB
    remoteRef:
      key: gmst-secret
      property: MYSQL_DB