From a7585f43c834c5a40e276bb340636cfeb4133e89 Mon Sep 17 00:00:00 2001
From: William P <me@williamtpeebles.com>
Date: Thu, 8 May 2025 15:27:00 -0400
Subject: [PATCH] cert-manager: add vault approle

---
 .../config/ExternalSecrets/vault-approle.yaml | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 system-apps/cert-manager/config/ExternalSecrets/vault-approle.yaml

diff --git a/system-apps/cert-manager/config/ExternalSecrets/vault-approle.yaml b/system-apps/cert-manager/config/ExternalSecrets/vault-approle.yaml
new file mode 100644
index 0000000..9f0938d
--- /dev/null
+++ b/system-apps/cert-manager/config/ExternalSecrets/vault-approle.yaml
@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-approle-secret
+  namespace: cert-manager
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: vault-approle-secret
+    creationPolicy: Owner
+  data:
+  - secretKey: roleId
+    remoteRef:
+      key: cert-manager
+      property: vault-approle-secret-roleid
+  - secretKey: secretId
+    remoteRef:
+      key: cert-manager
+      property: vault-approle-secret-secretid 
\ No newline at end of file