From 2125676be246143342845a026dd6fb4477cc049a Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Wed, 28 Jan 2026 13:53:08 +0100
Subject: [PATCH 1/2] Parametrize refreshInterval

And also set it to 5m instead of 15s.
This is because once we support the AWS secrets manager backend
we do not want to poke those APIs too much for cost reasons
---
 .../all/config-demo/templates/config-demo-external-secret.yaml  | 2 +-
 charts/all/config-demo/values.yaml                              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/charts/all/config-demo/templates/config-demo-external-secret.yaml b/charts/all/config-demo/templates/config-demo-external-secret.yaml
index fa9ed018..6fa32c5b 100644
--- a/charts/all/config-demo/templates/config-demo-external-secret.yaml
+++ b/charts/all/config-demo/templates/config-demo-external-secret.yaml
@@ -5,7 +5,7 @@ metadata:
   name: config-demo-secret
   namespace: config-demo
 spec:
-  refreshInterval: 15s
+  refreshInterval: {{ .Values.configdemosecret.refreshInterval }}
   secretStoreRef:
     name: {{ .Values.secretStore.name }}
     kind: {{ .Values.secretStore.kind }}
diff --git a/charts/all/config-demo/values.yaml b/charts/all/config-demo/values.yaml
index e8aeee0b..3a12bda2 100644
--- a/charts/all/config-demo/values.yaml
+++ b/charts/all/config-demo/values.yaml
@@ -6,6 +6,7 @@ secretStore:
 esoversion: "external-secrets.io/v1beta1"
 configdemosecret:
   key: secret/data/global/config-demo
+  refreshInterval: 5m
 
 global:
   hubClusterDomain: hub.example.com

From f7974216ac049aeb8d9c4e4a69c791bbb5acffcc Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Wed, 28 Jan 2026 13:58:30 +0100
Subject: [PATCH 2/2] Stop using dataFrom and extract

It is too magic for most users. Let's be explicity about which
secrets+properties we are reading and how we are templating them.
---
 .../templates/config-demo-external-secret.yaml         | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/charts/all/config-demo/templates/config-demo-external-secret.yaml b/charts/all/config-demo/templates/config-demo-external-secret.yaml
index 6fa32c5b..496ca0a2 100644
--- a/charts/all/config-demo/templates/config-demo-external-secret.yaml
+++ b/charts/all/config-demo/templates/config-demo-external-secret.yaml
@@ -13,6 +13,10 @@ spec:
     name: config-demo-secret
     template:
       type: Opaque
-  dataFrom:
-  - extract:
-      key: {{ .Values.configdemosecret.key }}
+      data:
+        secret: "{{ `{{ .configdemo_secret }}` }}"
+  data:
+    - secretKey: configdemo_secret
+      remoteRef:
+        key: {{ .Values.configdemosecret.key }}
+        property: secret