buun-stack/prometheus/grafana-oidc-external-secret.gomplate.yaml

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: grafana-oidc-credentials
  namespace: {{ .Env.PROMETHEUS_NAMESPACE }}
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-secret-store
    kind: ClusterSecretStore
  target:
    name: grafana-oidc-credentials
    creationPolicy: Owner
    template:
      data:
        client-secret: "{{ `{{ .client_secret }}` }}"
  data:
    - secretKey: client_secret
      remoteRef:
        key: grafana/oidc
        property: client_secret