docker-erpnext/documentation/deployment-guides/azure-managed/kubernetes-manifests/secrets.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: erpnext-sa
  namespace: erpnext
  annotations:
    azure.workload.identity/client-id: "${CLIENT_ID}"
---
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: erpnext-secrets
  namespace: erpnext
spec:
  provider: azure
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"
    userAssignedIdentityID: "${CLIENT_ID}"
    keyvaultName: "${KEYVAULT_NAME}"
    cloudName: "AzurePublicCloud"
    objects: |
      array:
        - |
          objectName: erpnext-admin-password
          objectType: secret
          objectAlias: admin-password
        - |
          objectName: erpnext-db-password
          objectType: secret
          objectAlias: db-password
        - |
          objectName: erpnext-redis-key
          objectType: secret
          objectAlias: redis-key
        - |
          objectName: erpnext-api-key
          objectType: secret
          objectAlias: api-key
        - |
          objectName: erpnext-api-secret
          objectType: secret
          objectAlias: api-secret
        - |
          objectName: erpnext-encryption-key
          objectType: secret
          objectAlias: encryption-key
        - |
          objectName: erpnext-jwt-secret
          objectType: secret
          objectAlias: jwt-secret      
    tenantId: "${TENANT_ID}"
  secretObjects:
  - secretName: erpnext-secrets
    type: Opaque
    data:
    - objectName: admin-password
      key: admin-password
    - objectName: db-password
      key: db-password
    - objectName: redis-key
      key: redis-key
    - objectName: api-key
      key: api-key
    - objectName: api-secret
      key: api-secret
    - objectName: encryption-key
      key: encryption-key
    - objectName: jwt-secret
      key: jwt-secret
---
apiVersion: v1
kind: Secret
metadata:
  name: azure-storage-secret
  namespace: erpnext
type: Opaque
stringData:
  azurestorageaccountname: "${STORAGE_ACCOUNT}"
  azurestorageaccountkey: "${STORAGE_KEY}"
---
apiVersion: v1
kind: Secret
metadata:
  name: acr-secret
  namespace: erpnext
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: |
    {
      "auths": {
        "${ACR_LOGIN_SERVER}": {
          "username": "${ACR_USERNAME}",
          "password": "${ACR_PASSWORD}",
          "auth": "${ACR_AUTH}"
        }
      }
    }