# ------------------------------------------------------------------------------ # ExternalSecret — Cloudflare API Token # Pulled from 1Password via Connect Server, materialized as a K8s secret # in the cert-manager namespace for use by the ClusterIssuer. # # In 1Password, store the token as an item named "cloudflare" with a field # named "api-token" in the "mk-labs" vault. # ------------------------------------------------------------------------------ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: cloudflare-api-token namespace: cert-manager spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect refreshInterval: "1h" target: name: cloudflare-api-token creationPolicy: Owner data: - secretKey: api-token remoteRef: key: cloudflare # 1Password item name property: api-token # 1Password field name