Complete the code to create a Kubernetes Secret.
apiVersion: v1
kind: Secret
metadata:
name: my-secret
stringData:
password: [1]The stringData field requires the actual secret value, so myPassword123 is correct here.
Complete the ExternalSecret manifest to specify the secret store provider.
apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: my-external-secret spec: refreshInterval: 1h secretStoreRef: name: my-secret-store kind: [1]
The secretStoreRef.kind must be ClusterSecretStore or SecretStore. Here, ClusterSecretStore is correct.
Fix the error in the ExternalSecret spec to correctly map the external secret key to the Kubernetes secret key.
spec:
target:
name: my-secret
data:
- secretKey: password
remoteRef:
key: [1]The remoteRef.key must match the key name in the external secret store, such as db-password.
Fill both blanks to configure the SecretStore to use AWS Secrets Manager with the correct provider and region.
spec:
provider:
[1]:
region: [2]The provider for AWS Secrets Manager is aws, and the region must be a valid AWS region like us-west-2.
Fill all three blanks to define an ExternalSecret that fetches a secret named 'api-key' from HashiCorp Vault with the correct path and key mapping.
spec:
secretStoreRef:
name: vault-secret-store
kind: SecretStore
target:
name: vault-api-key
data:
- secretKey: [1]
remoteRef:
key: [2]
property: [3]The Kubernetes secret key is apiKey. The Vault path is secret/data/api-key, and the property inside the secret is value.