apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: vault-gitlab
spec:
  secretStoreRef:
    name: vault-gitlab
    kind: SecretStore
  target:
    name: gitlab-secret
  data:
  - secretKey: runner-registration-token
    remoteRef:
      key: secrets/gitlab/runner
      property: runner-registration-token
  - secretKey: runner-token
    remoteRef:
      key: secrets/gitlab/runner
      property: runner-token     
         

---

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: vault-gitlab
spec:
  provider:
    vault:
      server: "http://vault.vault.svc.cluster.local:8200"
      path: "secrets"
      version: "v2"
      auth:
        kubernetes:
          mountPath: "kubernetes"
          role: "external-secrets"