infra/argo-apps/sops-secret-operator.yaml

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: sops-secrets
  namespace: argocd
spec:
  generators:
    - clusters:
        selector:
          matchLabels:
            sopsSecret: "true"
    - list:
        elements:
          - name: in-cluster
  template:
    metadata:
      name: "sops-secrets-{{name}}"
    spec:
      project: infra
      source:
        chart: sops-secrets-operator
        repoURL: https://isindir.github.io/sops-secrets-operator
        targetRevision: 0.20.4
        helm:
          valuesObject:
            secretsAsFiles:
              - mountPath: /etc/sops-age-key-file
                name: sops-age-key-file
                secretName: sops-age-key
            extraEnv:
              - name: SOPS_AGE_KEY_FILE
                value: /etc/sops-age-key-file/key.txt
      destination:
        namespace: sops-operator
        name: "{{name}}"
      syncPolicy:
        automated: {}
        syncOptions:
          - CreateNamespace=true