From 6c6c66d47090c781c4004b7ba54bcabbd8ee61a8 Mon Sep 17 00:00:00 2001
From: Yuanxun Gu <yuanxun.gu@sap.com>
Date: Tue, 24 Jun 2025 15:11:52 +0200
Subject: [PATCH 01/10] chore: update kyma environment binding configuration to
 trim whitespace in required values

---
 .../templates/kyma-enviornment-binding.yaml                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml b/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml
index 4d0e924..11465b3 100644
--- a/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml
+++ b/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml
@@ -12,9 +12,9 @@ spec:
   providerConfigRef:
     name: {{required "A valid value is required! .Values.kymaEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }}
   forProvider:
-    {{ required "A valid value is required! (.Values.kymaEnvironmentBindings[].forProvider)" $item.forProvider | toYaml | nindent 4 }}
+    {{ required "A valid value is required! (.Values.kymaEnvironmentBindings[].forProvider)" $item.forProvider | toYaml | trim | nindent 4 }}
   cloudManagementRef:
-    {{ required "A valid value is required! (.Values.kymaEnvironmentBindings[].cloudManagementRef)" $item.cloudManagementRef | toYaml | nindent 4 }}
+    {{ required "A valid value is required! (.Values.kymaEnvironmentBindings[].cloudManagementRef)" $item.cloudManagementRef | toYaml | trim | nindent 4 }}
   kymaEnvironmentRef:
     name: {{required "A valid value is required! (.Values.kymaEnvironmentBindings[].kymaEnvironmentRef.name)" $item.kymaEnvironmentRef.name }}
   {{- if $item.writeConnectionSecretToRef}}

From dce119828500aad0bf0937184f2173f2d0ea2e39 Mon Sep 17 00:00:00 2001
From: Yuanxun Gu <yuanxun.gu@sap.com>
Date: Wed, 25 Jun 2025 13:34:52 +0200
Subject: [PATCH 02/10] chore: update kyma environment binding configuration to
 use trimmed whitespace for required values

---
 .../templates/kyma-enviornment-binding.yaml                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml b/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml
index 11465b3..cf8ad84 100644
--- a/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml
+++ b/helm/charts/crossplane-provider-sap-btp-environment/templates/kyma-enviornment-binding.yaml
@@ -12,9 +12,9 @@ spec:
   providerConfigRef:
     name: {{required "A valid value is required! .Values.kymaEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }}
   forProvider:
-    {{ required "A valid value is required! (.Values.kymaEnvironmentBindings[].forProvider)" $item.forProvider | toYaml | trim | nindent 4 }}
+    {{- required "A valid value is required! (.Values.kymaEnvironmentBindings[].forProvider)" $item.forProvider | toYaml | trim | nindent 4 }}
   cloudManagementRef:
-    {{ required "A valid value is required! (.Values.kymaEnvironmentBindings[].cloudManagementRef)" $item.cloudManagementRef | toYaml | trim | nindent 4 }}
+    {{- required "A valid value is required! (.Values.kymaEnvironmentBindings[].cloudManagementRef)" $item.cloudManagementRef | toYaml | trim | nindent 4 }}
   kymaEnvironmentRef:
     name: {{required "A valid value is required! (.Values.kymaEnvironmentBindings[].kymaEnvironmentRef.name)" $item.kymaEnvironmentRef.name }}
   {{- if $item.writeConnectionSecretToRef}}

From d8b668ee8c80ce060ad28d06313f415687fec9d9 Mon Sep 17 00:00:00 2001
From: ricogu <ricogu@users.noreply.github.com>
Date: Wed, 25 Jun 2025 11:36:47 +0000
Subject: [PATCH 03/10] chore(ci): update
 helm/charts/crossplane-provider-sap-btp-environment/Chart.yaml.version 0.0.17
 -> 0.0.18

---
 helm/charts/crossplane-provider-sap-btp-environment/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/charts/crossplane-provider-sap-btp-environment/Chart.yaml b/helm/charts/crossplane-provider-sap-btp-environment/Chart.yaml
index fb8192b..7a81f0b 100644
--- a/helm/charts/crossplane-provider-sap-btp-environment/Chart.yaml
+++ b/helm/charts/crossplane-provider-sap-btp-environment/Chart.yaml
@@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4"
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.17
+version: 0.0.18
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

From 10c9e62c7b66f97079b1dc53458dc2c1d0cdca70 Mon Sep 17 00:00:00 2001
From: ricogu <ricogu@users.noreply.github.com>
Date: Wed, 25 Jun 2025 11:36:49 +0000
Subject: [PATCH 04/10] chore(ci): update Helm Chart
 helm/charts/crossplane-provider-sap-btp-environment/README.md file

---
 helm/charts/crossplane-provider-sap-btp-environment/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/charts/crossplane-provider-sap-btp-environment/README.md b/helm/charts/crossplane-provider-sap-btp-environment/README.md
index a50486d..9494ffb 100644
--- a/helm/charts/crossplane-provider-sap-btp-environment/README.md
+++ b/helm/charts/crossplane-provider-sap-btp-environment/README.md
@@ -2,7 +2,7 @@
 
 # crossplane-provider-sap-btp-environment
 
-![Version: 0.0.17](https://img.shields.io/badge/Version-0.0.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
+![Version: 0.0.18](https://img.shields.io/badge/Version-0.0.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
 
 A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP.
 

From 3fc6476e334ccfad19d683fdeda5320f7a7d688e Mon Sep 17 00:00:00 2001
From: Yuanxun Gu <yuanxun.gu@sap.com>
Date: Thu, 26 Jun 2025 21:34:03 +0200
Subject: [PATCH 05/10] chore: update API version for external secrets to v1

---
 .../templates/cluster-external-secret.yaml                      | 2 +-
 .../external-secrets-config/templates/cluster-secret-store.yaml | 2 +-
 .../external-secrets-config/templates/external-secret.yaml      | 2 +-
 helm/charts/external-secrets-config/templates/push-secret.yaml  | 2 +-
 helm/charts/external-secrets-config/templates/secret-store.yaml | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/helm/charts/external-secrets-config/templates/cluster-external-secret.yaml b/helm/charts/external-secrets-config/templates/cluster-external-secret.yaml
index 3f4d6f7..525cc4a 100644
--- a/helm/charts/external-secrets-config/templates/cluster-external-secret.yaml
+++ b/helm/charts/external-secrets-config/templates/cluster-external-secret.yaml
@@ -1,7 +1,7 @@
 {{- range $item := .Values.clusterExternalSecret}}
   {{- if and ($item) (ne $item.name "")}}
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ClusterExternalSecret
 metadata:
   name: {{required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].name)" $item.name | lower | quote}}
diff --git a/helm/charts/external-secrets-config/templates/cluster-secret-store.yaml b/helm/charts/external-secrets-config/templates/cluster-secret-store.yaml
index 4b3edf2..85659da 100644
--- a/helm/charts/external-secrets-config/templates/cluster-secret-store.yaml
+++ b/helm/charts/external-secrets-config/templates/cluster-secret-store.yaml
@@ -1,7 +1,7 @@
 {{- range $item := .Values.clusterSecretStores}}
   {{- if and ($item) (ne $item.name "")}}
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
   name: {{required "A valid value is required! (.Values.clusterSecretStores[].name)" $item.name | lower | quote}}
diff --git a/helm/charts/external-secrets-config/templates/external-secret.yaml b/helm/charts/external-secrets-config/templates/external-secret.yaml
index 59acb25..b171322 100644
--- a/helm/charts/external-secrets-config/templates/external-secret.yaml
+++ b/helm/charts/external-secrets-config/templates/external-secret.yaml
@@ -1,7 +1,7 @@
 {{- range $externalSecret := .Values.externalSecret}}
   {{- if and ($externalSecret) (ne $externalSecret.name "")}}
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
   name: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].name)" $externalSecret.name | lower | quote}}
diff --git a/helm/charts/external-secrets-config/templates/push-secret.yaml b/helm/charts/external-secrets-config/templates/push-secret.yaml
index 4c5eb4a..df63517 100644
--- a/helm/charts/external-secrets-config/templates/push-secret.yaml
+++ b/helm/charts/external-secrets-config/templates/push-secret.yaml
@@ -1,7 +1,7 @@
 {{- range $item := .Values.pushSecrets}}
   {{- if and ($item) (ne $item.name "")}}
 ---
-apiVersion: external-secrets.io/v1alpha1
+apiVersion: external-secrets.io/v1
 kind: PushSecret
 metadata:
   name: {{required "A valid value is required! (.Values.pushSecrets[].name)" $item.name | lower | quote}}
diff --git a/helm/charts/external-secrets-config/templates/secret-store.yaml b/helm/charts/external-secrets-config/templates/secret-store.yaml
index 77244d7..2f64a30 100644
--- a/helm/charts/external-secrets-config/templates/secret-store.yaml
+++ b/helm/charts/external-secrets-config/templates/secret-store.yaml
@@ -1,7 +1,7 @@
 {{- range $item := .Values.secretStores}}
   {{- if and ($item) (ne $item.name "")}}
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: SecretStore
 metadata:
   name: {{required "A valid value is required! (.Values.secretStore[].name)" $item.name | lower | quote}}

From 87121915c6f7faefbbb7d277515a87708de8a7e0 Mon Sep 17 00:00:00 2001
From: ricogu <ricogu@users.noreply.github.com>
Date: Thu, 26 Jun 2025 19:37:26 +0000
Subject: [PATCH 06/10] chore(ci): update
 helm/charts/external-secrets-config/Chart.yaml.version 0.1.10 -> 0.1.11

---
 helm/charts/external-secrets-config/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/charts/external-secrets-config/Chart.yaml b/helm/charts/external-secrets-config/Chart.yaml
index a6073e2..78d7fbc 100644
--- a/helm/charts/external-secrets-config/Chart.yaml
+++ b/helm/charts/external-secrets-config/Chart.yaml
@@ -16,7 +16,7 @@ icon: "https://github.com/external-secrets/external-secrets/raw/main/assets/eso-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.10
+version: 0.1.11
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

From 0fc171be98320f79979d7772ba9e3c8ca0e67846 Mon Sep 17 00:00:00 2001
From: ricogu <ricogu@users.noreply.github.com>
Date: Thu, 26 Jun 2025 19:37:28 +0000
Subject: [PATCH 07/10] chore(ci): update Helm Chart
 helm/charts/external-secrets-config/README.md file

---
 helm/charts/external-secrets-config/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/charts/external-secrets-config/README.md b/helm/charts/external-secrets-config/README.md
index 7e0b7fc..2b50ef1 100644
--- a/helm/charts/external-secrets-config/README.md
+++ b/helm/charts/external-secrets-config/README.md
@@ -2,7 +2,7 @@
 
 # external-secrets-config
 
-![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square)
+![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square)
 
 A Helm Chart to template external-secrets.io manifests to sync credentials from remote vault (e.g. SAP HashiCorp Vault).
 

From fe3be72bdb48a28f8be175512db9fecd71ec046c Mon Sep 17 00:00:00 2001
From: Yuanxun Gu <yuanxun.gu@sap.com>
Date: Thu, 26 Jun 2025 21:47:23 +0200
Subject: [PATCH 08/10] chore: update API version references in values.yaml to
 v1

---
 .../external-secrets-config/values.yaml       | 82 +++++++++----------
 1 file changed, 41 insertions(+), 41 deletions(-)

diff --git a/helm/charts/external-secrets-config/values.yaml b/helm/charts/external-secrets-config/values.yaml
index dd86659..180e4ff 100644
--- a/helm/charts/external-secrets-config/values.yaml
+++ b/helm/charts/external-secrets-config/values.yaml
@@ -14,55 +14,55 @@ secretStores:
   - name: ""
     # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore`
     namespace: "ns1"
-    # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set.
+    # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreSpec). Only one provider may be set.
     # @default -- []
     provider:
-      # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider
+      # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreProvider) configures this store to sync secrets using Hashi provider
       # @default -- []
       vault:
-        # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/".
+        # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/".
         server: ""
-        # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1"
+        # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1"
         namespace: "ns1"
-        # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.
+        # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.
         path: ""
-        # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”.
+        # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”.
         version: "v2"
-        # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server.
+        # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) configures how secret-manager authenticates with the Vault server.
         # @default -- []
         auth:
-          # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle).
+          # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle).
           # @default -- []
           appRole:
-            # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle”
+            # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle”
             path: "approle"
-            # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault.
+            # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault.
             roleId: ""
-            # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+            # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret.
             secretRef:
               # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector)
               name: ""
               # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector)
               key: ""
 ########################################################################################################################
-# -- [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the Schema for the external-secrets API.
+# -- [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) is the Schema for the external-secrets API.
 # @default -- {}
 externalSecret:
 # externalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret`
 - name: ""
   # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret`
   namespace: "ns1"
-  # -- [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data.
+  # -- [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data.
   secretStore:
     # -- Name of the SecretStore resource
     name: ""
     # -- *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind`
     kind: ""
-  # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h.
+  # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h.
   refreshInterval: ""
-  # -- [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+  # -- [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
   targetSecretName: ""
-  # -- *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTemplate) defines a blueprint for the created Secret resource.
+  # -- *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretTemplate) defines a blueprint for the created Secret resource.
   template: []
   # -- *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’
   creationPolicy: ""
@@ -70,16 +70,16 @@ externalSecret:
   deletionPolicy: ""
   # -- *(optional)* Immutable defines if the final secret will be immutable
   immutable: false
-  # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data
+  # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data
   # @default -- []
   data:
-    # secretKey -- [SecretKey](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the key in which the controller stores the value. This is the key in the Kind=Secret. e.g. "kubeconfig"
+    # secretKey -- [SecretKey](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretData) defines the key in which the controller stores the value. This is the key in the Kind=Secret. e.g. "kubeconfig"
     - secretKey: ""
-      # -- [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch.
+      # -- [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch.
       remoteRef:
-        # -- [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account"
+        # -- [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account"
         key: ""
-        # -- *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig"
+        # -- *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig"
         property: ""
 ########################################################################################################################
 # @clusterSecretStores -- -
@@ -89,31 +89,31 @@ clusterSecretStores:
   - name: ""
     # -- *(optional)* Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property
     controller: ""
-    # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set.
+    # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreSpec). Only one provider may be set.
     # @default -- []
     provider:
-      # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider
+      # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreProvider) configures this store to sync secrets using Hashi provider
       # @default -- []
       vault:
-        # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/".
+        # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/".
         server: "https://vault.example/"
-        # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1"
+        # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1"
         namespace: "ns1"
-        # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.
+        # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.
         path: ""
-        # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”.
+        # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”.
         version: "v2"
-        # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server.
+        # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) configures how secret-manager authenticates with the Vault server.
         # @default -- []
         auth:
-          # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle).
+          # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle).
           # @default -- []
           appRole:
-            # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle”
+            # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle”
             path: "approle"
-            # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault.
+            # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault.
             roleId: ""
-            # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+            # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret.
             # @default -- []
             secretRef:
               # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector)
@@ -121,29 +121,29 @@ clusterSecretStores:
               # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector)
               key: ""
 ########################################################################################################################    
-# -- [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the Schema for the external-secrets API.
+# -- [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ClusterExternalSecretSpec) is the Schema for the external-secrets API.
 # @default -- {}
 clusterExternalSecret:
 # clusterExternalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret`
 - name: ""
   # -- *(optional)* The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
   externalSecretName: ""
-  # -- [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the  time in which the controller should reconcile its objects and recheck namespaces for labels.
+  # -- [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ClusterExternalSecretSpec) is the  time in which the controller should reconcile its objects and recheck namespaces for labels.
   refreshTime: ""      
-  # -- *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.
+  # -- *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.
   namespaceSelectors: []
-  # -- The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) for the ExternalSecrets to be created
+  # -- The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretSpec) for the ExternalSecrets to be created
   # @default -- []
   externalSecretSpec:
-    # -- (optional) - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data.
+    # -- (optional) - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data.
     secretStoreRef: []
-    # -- [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+    # -- [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
     target: []
-    # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h.
+    # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h.
     refreshInterval: ""
-    # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data
+    # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data
     data: []
-    # -- *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+    # -- *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
     dataFrom: []
 ########################################################################################################################
 # -- The [PushSecret](https://external-secrets.io/latest/api/pushsecret/) is namespaced and it describes what data should be pushed to the secret provider.

From 6cd6a0f5bae0e2a3494806149669de5152d06949 Mon Sep 17 00:00:00 2001
From: ricogu <ricogu@users.noreply.github.com>
Date: Thu, 26 Jun 2025 19:47:55 +0000
Subject: [PATCH 09/10] chore(ci): update Helm Chart
 helm/charts/external-secrets-config/README.md file

---
 helm/charts/external-secrets-config/README.md | 76 +++++++++----------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/helm/charts/external-secrets-config/README.md b/helm/charts/external-secrets-config/README.md
index 2b50ef1..3f0b2bc 100644
--- a/helm/charts/external-secrets-config/README.md
+++ b/helm/charts/external-secrets-config/README.md
@@ -17,53 +17,53 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| clusterExternalSecret | list | {} | [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the Schema for the external-secrets API. |
+| clusterExternalSecret | list | {} | [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ClusterExternalSecretSpec) is the Schema for the external-secrets API. |
 | clusterExternalSecret[0].externalSecretName | string | `""` | *(optional)* The name of the external secrets to be created defaults to the name of the ClusterExternalSecret |
-| clusterExternalSecret[0].externalSecretSpec | object | [] | The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) for the ExternalSecrets to be created |
-| clusterExternalSecret[0].externalSecretSpec.data | list | `[]` | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data |
-| clusterExternalSecret[0].externalSecretSpec.dataFrom | list | `[]` | *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order |
-| clusterExternalSecret[0].externalSecretSpec.refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. |
-| clusterExternalSecret[0].externalSecretSpec.secretStoreRef | optional | `[]` | - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data. |
-| clusterExternalSecret[0].externalSecretSpec.target | list | `[]` | [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. |
+| clusterExternalSecret[0].externalSecretSpec | object | [] | The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretSpec) for the ExternalSecrets to be created |
+| clusterExternalSecret[0].externalSecretSpec.data | list | `[]` | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data |
+| clusterExternalSecret[0].externalSecretSpec.dataFrom | list | `[]` | *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order |
+| clusterExternalSecret[0].externalSecretSpec.refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. |
+| clusterExternalSecret[0].externalSecretSpec.secretStoreRef | optional | `[]` | - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data. |
+| clusterExternalSecret[0].externalSecretSpec.target | list | `[]` | [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. |
 | clusterExternalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` |
-| clusterExternalSecret[0].namespaceSelectors | list | `[]` | *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. |
-| clusterExternalSecret[0].refreshTime | string | `""` | [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the  time in which the controller should reconcile its objects and recheck namespaces for labels. |
+| clusterExternalSecret[0].namespaceSelectors | list | `[]` | *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. |
+| clusterExternalSecret[0].refreshTime | string | `""` | [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ClusterExternalSecretSpec) is the  time in which the controller should reconcile its objects and recheck namespaces for labels. |
 | clusterSecretStores[0].controller | string | `""` | *(optional)* Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property |
 | clusterSecretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ClusterSecretStore` |
-| clusterSecretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. |
-| clusterSecretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider |
-| clusterSecretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. |
-| clusterSecretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). |
-| clusterSecretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” |
-| clusterSecretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. |
+| clusterSecretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreSpec). Only one provider may be set. |
+| clusterSecretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreProvider) configures this store to sync secrets using Hashi provider |
+| clusterSecretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) configures how secret-manager authenticates with the Vault server. |
+| clusterSecretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). |
+| clusterSecretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” |
+| clusterSecretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. |
 | clusterSecretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) |
 | clusterSecretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) |
-| clusterSecretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" |
-| clusterSecretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. |
-| clusterSecretStores[0].provider.vault.server | string | `"https://vault.example/"` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". |
-| clusterSecretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. |
+| clusterSecretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" |
+| clusterSecretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. |
+| clusterSecretStores[0].provider.vault.server | string | `"https://vault.example/"` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". |
+| clusterSecretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. |
 | credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 |
 | credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` |
 | credentials[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` |
 | credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. |
 | defaults.externalSecret.secretStoreRef.kind | string | `"SecretStore"` |  |
 | defaults.namespace | string | `"default"` | default namespace value for optional `namespace` fields. |
-| externalSecret | list | {} | [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the Schema for the external-secrets API. |
+| externalSecret | list | {} | [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) is the Schema for the external-secrets API. |
 | externalSecret[0].creationPolicy | string | `""` | *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’ |
-| externalSecret[0].data | list | [] | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data |
-| externalSecret[0].data[0].remoteRef | object | `{"key":"","property":""}` | [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. |
-| externalSecret[0].data[0].remoteRef.key | string | `""` | [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account" |
-| externalSecret[0].data[0].remoteRef.property | string | `""` | *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" |
+| externalSecret[0].data | list | [] | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data |
+| externalSecret[0].data[0].remoteRef | object | `{"key":"","property":""}` | [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. |
+| externalSecret[0].data[0].remoteRef.key | string | `""` | [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account" |
+| externalSecret[0].data[0].remoteRef.property | string | `""` | *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" |
 | externalSecret[0].deletionPolicy | string | `""` | *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ |
 | externalSecret[0].immutable | bool | `false` | *(optional)* Immutable defines if the final secret will be immutable |
 | externalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` |
 | externalSecret[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` |
-| externalSecret[0].refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. |
-| externalSecret[0].secretStore | object | `{"kind":"","name":""}` | [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. |
+| externalSecret[0].refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. |
+| externalSecret[0].secretStore | object | `{"kind":"","name":""}` | [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. |
 | externalSecret[0].secretStore.kind | string | `""` | *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind` |
 | externalSecret[0].secretStore.name | string | `""` | Name of the SecretStore resource |
-| externalSecret[0].targetSecretName | string | `""` | [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource |
-| externalSecret[0].template | list | `[]` | *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTemplate) defines a blueprint for the created Secret resource. |
+| externalSecret[0].targetSecretName | string | `""` | [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource |
+| externalSecret[0].template | list | `[]` | *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.ExternalSecretTemplate) defines a blueprint for the created Secret resource. |
 | pushSecrets | list | {} | The [PushSecret](https://external-secrets.io/latest/api/pushsecret/) is namespaced and it describes what data should be pushed to the secret provider. - tells the operator what secrets should be pushed by using spec.selector. - you can specify what secret keys should be pushed by using spec.data. |
 | pushSecrets[0].spec.data | list | `[]` | Secret Data that should be pushed to providers |
 | pushSecrets[0].spec.deletionPolicy | string | `""` | *optional* The provider' secret will be deleted if the PushSecret is deleted. E.g. Delete |
@@ -74,18 +74,18 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from
 | pushSecrets[0].spec.updatePolicy | string | `""` | *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace  |
 | secretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` |
 | secretStores[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` |
-| secretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. |
-| secretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider |
-| secretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. |
-| secretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). |
-| secretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” |
-| secretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. |
+| secretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreSpec). Only one provider may be set. |
+| secretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.SecretStoreProvider) configures this store to sync secrets using Hashi provider |
+| secretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) configures how secret-manager authenticates with the Vault server. |
+| secretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.  VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). |
+| secretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” |
+| secretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. |
 | secretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) |
 | secretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) |
-| secretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" |
-| secretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. |
-| secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". |
-| secretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. |
+| secretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" |
+| secretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. |
+| secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". |
+| secretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
\ No newline at end of file

From 6c21d24e03588865e01f6d9b8bc533cc80651424 Mon Sep 17 00:00:00 2001
From: Yuanxun Gu <yuanxun.gu@sap.com>
Date: Thu, 26 Jun 2025 21:51:12 +0200
Subject: [PATCH 10/10] fix: update apiVersion in push-secret.yaml from v1 to
 v1alpha1

---
 helm/charts/external-secrets-config/templates/push-secret.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/charts/external-secrets-config/templates/push-secret.yaml b/helm/charts/external-secrets-config/templates/push-secret.yaml
index df63517..4c5eb4a 100644
--- a/helm/charts/external-secrets-config/templates/push-secret.yaml
+++ b/helm/charts/external-secrets-config/templates/push-secret.yaml
@@ -1,7 +1,7 @@
 {{- range $item := .Values.pushSecrets}}
   {{- if and ($item) (ne $item.name "")}}
 ---
-apiVersion: external-secrets.io/v1
+apiVersion: external-secrets.io/v1alpha1
 kind: PushSecret
 metadata:
   name: {{required "A valid value is required! (.Values.pushSecrets[].name)" $item.name | lower | quote}}