From bfa63e7cd18332d5cabb9af7bc1f060ce0b30564 Mon Sep 17 00:00:00 2001
From: Patricia Salajova <salajova.p@gmail.com>
Date: Thu, 15 Jan 2026 10:11:36 +0100
Subject: [PATCH 1/2] Add initial config for testing

---
 .../ci-secret-bootstrap/gsm-config.yaml       | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 core-services/ci-secret-bootstrap/gsm-config.yaml

diff --git a/core-services/ci-secret-bootstrap/gsm-config.yaml b/core-services/ci-secret-bootstrap/gsm-config.yaml
new file mode 100644
index 0000000000000..267306a79332b
--- /dev/null
+++ b/core-services/ci-secret-bootstrap/gsm-config.yaml
@@ -0,0 +1,59 @@
+# GSM Configuration File for Secret Management
+# This file defines how secrets from Google Secret Manager are bundled and consumed in our CI.
+# See docs for further info: [TODO docs link]
+
+cluster_groups:
+  build_farm:
+    - app.ci
+    - build01
+    - build02
+    - build03
+    - build04
+    - build05
+    - build06
+    - build07
+    - build08
+    - build09
+    - build10
+    - build11
+    - core-ci
+    - vsphere02
+  managed_clusters:
+    - app.ci
+    - build01
+    - build02
+    - build03
+    - build04
+    - build05
+    - build06
+    - build07
+    - build08
+    - build09
+    - build10
+    - build11
+    - core-ci
+    - hosted-mgmt
+  non_app_ci:
+    - build01
+    - build02
+    - build03
+    - build04
+    - build05
+    - build06
+    - build07
+    - build08
+    - build09
+    - build10
+    - build11
+    - core-ci
+    - vsphere02
+
+bundles:
+  - name: test-credentials
+    gsm_secrets:
+      - collection: psalajova-first-secret
+        group: group1
+    sync_to_cluster: true
+    targets:
+      - cluster: build01
+        namespace: ci

From 003860ab584155ca458c711710c41a7418924f52 Mon Sep 17 00:00:00 2001
From: Patricia Salajova <salajova.p@gmail.com>
Date: Thu, 15 Jan 2026 10:13:03 +0100
Subject: [PATCH 2/2] Add gsm-config to config-updater

---
 core-services/prow/02_config/_plugins.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core-services/prow/02_config/_plugins.yaml b/core-services/prow/02_config/_plugins.yaml
index 07f05f5fb4896..001617f1742e5 100644
--- a/core-services/prow/02_config/_plugins.yaml
+++ b/core-services/prow/02_config/_plugins.yaml
@@ -457,6 +457,10 @@ config_updater:
         app.ci:
         - ci
       name: ci-secret-bootstrap
+    core-services/ci-secret-bootstrap/gsm-config.yaml:
+      cluster_groups:
+      - build_farm_ci
+      name: gsm-config
     core-services/ci-secret-generator/_config.yaml:
       clusters:
         app.ci: