documentation/fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store-app.yaml

apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
  name: vault-secret-store-app
spec:
  provider:
    vault:
      server: "https://vault.example.com"
      path: "app"
      version: "v2"
      auth:
        appRole:
          path: "approle"
          roleId: "" # k8s-external-secrets
          secretRef:
            name: "vault-k8s-external-secrets"
            namespace: infrastructure
            key: "secret-id"