Update external secrets #111

Author: sriramveeraghanta

self-hosting/govern/external-secrets.mdx

@@ -74,51 +74,50 @@ This guide explains how to integrate Plane with external secret management solut
 
 9. Apply the following YAML to create a ClusterSecretStore resource:
     ```yaml
-    apiVersion: external-secrets.io/v1beta1
+    apiVersion: external-secrets.io/v1
     kind: ClusterSecretStore
     metadata:
-    name: cluster-aws-secretsmanager
+      name: cluster-aws-secretsmanager
+      namespace: <application_namespace>
     spec:
-    provider:
+      provider:
         aws:
-        service: SecretsManager
-        role: arn:aws:iam::<ACCOUNT-ID>:role/<IAM ROLE>
-        region: eu-west-1
-        auth:
-            secretRef:
+          service: SecretsManager
+          role: arn:aws:iam::<ACCOUNT-ID>:role/<IAM ROLE>
+          region: eu-west-1
+          auth:
             accessKeyIDSecretRef:
-                name: aws-creds-secret
-                key: access-key
+              name: aws-creds-secret
+              key: access-key
             secretAccessKeySecretRef:
-                name: aws-creds-secret
-                key: secret-access-key
+              name: aws-creds-secret
+              key: secret-access-key
     ```
     Replace `<ACCOUNT-ID>` and `<IAM ROLE>` with your AWS account ID and the role name created in Step 5.
 
 10. Create an ExternalSecret resource to fetch secrets from AWS and create a corresponding Kubernetes secret:
     ```yaml
-    apiVersion: external-secrets.io/v1beta1
+    apiVersion: external-secrets.io/v1
     kind: ExternalSecret
     metadata:
-    name: secret
-    namespace: <application_namespace>
+      name: rabbitmq-external-secrets
+      namespace: <application_namespace>
     spec:
-    refreshInterval: 1m
-    secretStoreRef:
+      refreshInterval: 1m
+      secretStoreRef:
         name: cluster-aws-secretsmanager # ClusterSecretStore name
         kind: ClusterSecretStore
-    target:
+      target:
         name: rabbitmq-secret # Target Kubernetes secret name
         creationPolicy: Owner
-    data:
-        - secretKey: RABBITMQ_DEFAULT_USER # Specifies the key name for the secret value in the Kubernetes secret.
+      data:
+      - secretKey: RABBITMQ_DEFAULT_USER
         remoteRef:
-            key: prod/secrets/rabbitmq # Specifies the name to the secret in the AWS Secrets Manager
-            property: RABBITMQ_DEFAULT_USER # Specifies the name of the secret property to retrieve from the AWS Secrets Manager
-        - secretKey: RABBITMQ_DEFAULT_PASS
+          key: prod/secrets/rabbitmq
+          property: RABBITMQ_DEFAULT_USER
+      - secretKey: RABBITMQ_DEFAULT_PASS
         remoteRef:
-            key: prod/secrets/rabbitmq
-            property: RABBITMQ_DEFAULT_PASS
+          key: prod/secrets/rabbitmq
     ```
 
 Make sure to set all [environment variables](/self-hosting/methods/kubernetes#external-secrets-config) in the AWS Secrets Manager, and then access them via ExternalSecret resources in your Kubernetes cluster.
@@ -145,49 +144,48 @@ Make sure to set all [environment variables](/self-hosting/methods/kubernetes#ex
 
 5. Apply the following YAML to create a ClusterSecretStore resource:
     ```yaml
-    #  cluster-store.yaml 
-    apiVersion: external-secrets.io/v1beta1
-    kind: ClusterSecretStore 
+    apiVersion: external-secrets.io/v1
+    kind: ClusterSecretStore
     metadata:
-    name: vault-backend
+      name: vault-backend
+      namespace: <application_namespace>
     spec:
-    provider:
-        vault: 
-        server: "https://<vault-domain>" #the address of your vault instance
-        path: "secrets" #path for accessing the secrets
-        version: "v2" #Vault API version
-        auth:
+      provider:
+        vault:
+          server: "https://<vault-domain>" # the address of your vault instance
+          path: "secrets" # path for accessing the secrets
+          version: "v2" # Vault API version
+          auth:
             tokenSecretRef:
-            name: "vault-token" #Use a k8s secret called vault-token
-            key: "token" #Use this key to access the vault token
+              name: "vault-token" # Use a k8s secret called vault-token
+              key: "token" # Use this key to access the vault token
     ```
 
     Replace `<vault-domain>` with your Vault server address.
 
 6. Create an ExternalSecret resource to fetch secrets from Vault and create a corresponding Kubernetes secret:
     ```yaml
-    apiVersion: external-secrets.io/v1beta1
+    apiVersion: external-secrets.io/v1
     kind: ExternalSecret
     metadata:
-    name: rabbitmq-external-secrets
-    namespace: <application_namespace> # application-namespace
+      name: rabbitmq-external-secrets
+      namespace: <application_namespace> # application-namespace
     spec:
-    refreshInterval: "1m" 
-    secretStoreRef:
+      refreshInterval: "1m"
+      secretStoreRef:
         name: vault-backend # ClusterSecretStore name
         kind: ClusterSecretStore
-    target: 
+      target:
         name: rabbitmq-secret # Target Kubernetes secret name
-        creationPolicy: Owner 
-    data: 
-        - secretKey: RABBITMQ_DEFAULT_USER # Specifies the key name for the secret value stored in the Kubernetes secret.
+        creationPolicy: Owner
+      data:
+      - secretKey: RABBITMQ_DEFAULT_USER
         remoteRef:
-            key: secrets/data/rabbitmq_secrets # Specifies the name to the secret in the Vault secret store.
-            property: RABBITMQ_DEFAULT_USER # Specifies the name of the secret property to retrieve from the Vault secret store.
-        - secretKey: RABBITMQ_DEFAULT_PASS
+          key: secrets/data/rabbitmq_secrets
+          property: RABBITMQ_DEFAULT_USER
+      - secretKey: RABBITMQ_DEFAULT_PASS
         remoteRef:
-            key: secrets/data/rabbitmq_secrets
-            property: RABBITMQ_DEFAULT_PASS
+          key: secrets/data/rabbitmq_secrets
     ```
 
 Follow this pattern to manage all the environment variables in the Vault, then access them via ExternalSecret resources in your Kubernetes cluster.