stacks_adding_alloy/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml

#  cluster-store.yaml 
apiVersion: external-secrets.io/v1beta1
kind: SecretStore #Kubernetes resource type
metadata:
  name: bao-backend #resource name
  namespace: openbao
spec:
  provider:
    vault: #specifies vault as the provider
      # server: "http://10.244.0.28:8200" # how to map it dynamically?
      server: "http://openbao.openbao.svc.cluster.local:8200"
      path: "data" #path for accessing the secrets
      version: "v1" #Vault API version
      auth:
        tokenSecretRef:
          name: "vault-token" #Use a secret called vault-token
          key: "token" #THIS REFERENCES THE INITIAL TOKEN NOW SAVED AS A K8 SECRET

# openbao-0.openbao.pod.cluster.local
#  10.96.59.250:8200