From 9e2829f9bf34bf27fbbd788541f33b22d6dea3dd Mon Sep 17 00:00:00 2001
From: Conan Scott <conanscott@gmail.com>
Date: Thu, 8 Jan 2026 14:43:51 +1100
Subject: [PATCH] Added some sample yaml as a refresher

---
 cg-vault-demo-yaml/DEMO.md             |  6 ++++++
 cg-vault-demo-yaml/va.yaml             | 12 ++++++++++++
 cg-vault-demo-yaml/vc.yaml             |  7 +++++++
 cg-vault-demo-yaml/vso-demo-policy.hcl |  3 +++
 cg-vault-demo-yaml/vss.yaml            | 14 ++++++++++++++
 5 files changed, 42 insertions(+)
 create mode 100644 cg-vault-demo-yaml/DEMO.md
 create mode 100644 cg-vault-demo-yaml/va.yaml
 create mode 100644 cg-vault-demo-yaml/vc.yaml
 create mode 100644 cg-vault-demo-yaml/vso-demo-policy.hcl
 create mode 100644 cg-vault-demo-yaml/vss.yaml

diff --git a/cg-vault-demo-yaml/DEMO.md b/cg-vault-demo-yaml/DEMO.md
new file mode 100644
index 0000000..6452dd2
--- /dev/null
+++ b/cg-vault-demo-yaml/DEMO.md
@@ -0,0 +1,6 @@
+YAML to test Secret sync in a simple sample project
+
+- create vso-demo namespace
+- deploy yaml
+- create revised version of secret in vault and note it is synchronised
+
diff --git a/cg-vault-demo-yaml/va.yaml b/cg-vault-demo-yaml/va.yaml
new file mode 100644
index 0000000..c7a492f
--- /dev/null
+++ b/cg-vault-demo-yaml/va.yaml
@@ -0,0 +1,12 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  name: vault-auth
+  namespace: vso-demo
+spec:
+  vaultConnectionRef: vault
+  method: kubernetes
+  mount: kubernetes
+  kubernetes:
+    role: vso-demo
+    serviceAccount: demo-sync
diff --git a/cg-vault-demo-yaml/vc.yaml b/cg-vault-demo-yaml/vc.yaml
new file mode 100644
index 0000000..88f3ab3
--- /dev/null
+++ b/cg-vault-demo-yaml/vc.yaml
@@ -0,0 +1,7 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultConnection
+metadata:
+  name: vault
+  namespace: vso-demo
+spec:
+  address: http://vault.vault.svc:8200
diff --git a/cg-vault-demo-yaml/vso-demo-policy.hcl b/cg-vault-demo-yaml/vso-demo-policy.hcl
new file mode 100644
index 0000000..12c3cfc
--- /dev/null
+++ b/cg-vault-demo-yaml/vso-demo-policy.hcl
@@ -0,0 +1,3 @@
+path "kv/data/vso-demo/myapp" {
+  capabilities = ["read"]
+}
diff --git a/cg-vault-demo-yaml/vss.yaml b/cg-vault-demo-yaml/vss.yaml
new file mode 100644
index 0000000..3f83ef0
--- /dev/null
+++ b/cg-vault-demo-yaml/vss.yaml
@@ -0,0 +1,14 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: myapp-secret
+  namespace: vso-demo
+spec:
+  vaultAuthRef: vault-auth
+  mount: kv
+  type: kv-v2
+  path: vso-demo/myapp
+  destination:
+    name: myapp
+    create: true
+  refreshAfter: 30s