apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
  name: vault
spec:
  provider:
    vault:
      server: "https://vault.infra.durp.info"
      path: "kv"
      version: "v2"
      auth:
        kubernetes:
          mountPath: "dmz-cluster"
          role: "external-secrets"
          serviceAccountRef:
            name: "vault"

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault