docs/userguide/openbao.md aktualisiert

docs/userguide/openbao.md

@@ -28,8 +28,36 @@ And to add your first secret just run:
 
 `kubectl exec -ti openbao-0 -n openbao -- vault kv put data/postgres POSTGRES_USER=admin POSTGRES_PASSWORD=123456`
 
+To fetch it as a kubernetes secret you'll need to create an **external-secrets.yaml** file and apply it to the cluster with `kubectl apply -f external-secrets.yaml`
+```
+# external-secret.yaml 
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: external-secret
+  namespace: openbao
+spec:
+  refreshInterval: "15s" #This specifies the time interval at which the ExternalSecret controller will refresh the secrets.
+  secretStoreRef: # This references the first file.
+    name: bao-backend
+    kind: SecretStore
+  target: #This specifies the target Kubernetes secret that the ExternalSecret will create.
+    name: postgres-secret
+    creationPolicy: Owner 
+  data: # This is an array of secret key-value pairs that the ExternalSecret will retrieve from the Vault secret store and store in the Kubernetes secret.
+    - secretKey: POSTGRES_USER #Name of the k8 secret that is being created
+      remoteRef: #This is an object that contains the reference to the secret in the Vault secret store.
+        key: data/postgres # This specifies the path to the secret in the Vault secret store
+        property: POSTGRES_USER #This specifies the name of the secret property to retrieve from the Vault secret.
+    - secretKey: POSTGRES_PASSWORD
+      remoteRef:
+        key: data/postgres
+        property: POSTGRES_PASSWORD
+```
+
+After that just run `kubectl get externalsecrets -A` to check that there are no problems with synchronization. And to access the secret on your cluster run: `kubectl get secrets -n openbao`
+
 ## 🔗 References
 
 * https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao
-* https://developer.hashicorp.com/vault
-
+* https://developer.hashicorp.com/vault