From 23969cc1ddd365533e671ef2cc8b3f9810ec7952 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Thu, 18 Jan 2024 21:04:23 +0100
Subject: [PATCH 01/10] Upgrade helm to v3.13.2

This is the version we use in gitops-1.11 which is the new default
---
 .github/workflows/linter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 947cc1270..39aa63cb3 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -36,7 +36,7 @@ jobs:
       - name: Setup helm
         uses: azure/setup-helm@v3
         with:
-          version: 'v3.12.3'
+          version: 'v3.13.2'
 
 
       ################################

From e67832844e5f3e4ddab97db8fe20a9164b6ace45 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Thu, 18 Jan 2024 16:29:05 +0100
Subject: [PATCH 02/10] Drop old patch around null subkeys

Now that we switched to gitops-1.11, the helm version is recent enough
that we're not affected by the subkey null bug any longer.
---
 hashicorp-vault/README.md                     |   6 ----
 hashicorp-vault/charts/vault-0.27.0.tgz       | Bin 48690 -> 49088 bytes
 ... 0001-Allow-per-service-annotations.patch} |   0
 .../0001-patch-server-route.patch             |  28 ------------------
 hashicorp-vault/update-helm-dependency.sh     |   2 +-
 5 files changed, 1 insertion(+), 35 deletions(-)
 rename hashicorp-vault/local-patches/{0002-Allow-per-service-annotations.patch => 0001-Allow-per-service-annotations.patch} (100%)
 delete mode 100644 hashicorp-vault/local-patches/0001-patch-server-route.patch

diff --git a/hashicorp-vault/README.md b/hashicorp-vault/README.md
index 84065ffd5..26252b7ea 100644
--- a/hashicorp-vault/README.md
+++ b/hashicorp-vault/README.md
@@ -10,12 +10,6 @@
 
 ## Patches
 
-### Issue 9136
-
-**IMPORTANT**: Due to the fact that 'null' values do not work in helm charts
-([GH#9136](https://github.com/helm/helm/issues/9136)), we need to patch the
-chart to skip setting the host.
-
 ### Issue 674
 
 In order to be able to use vault ssl we need to patch the helm chart to fix
diff --git a/hashicorp-vault/charts/vault-0.27.0.tgz b/hashicorp-vault/charts/vault-0.27.0.tgz
index 574b3e743442466c1d05f9c38bf1e69c0f82f037..24a07991517b476c1391b305d0953e9e231a030c 100644
GIT binary patch
delta 48301
zcmV)MK)AoM`~txL0v#WV2mk;800003>^*67+c>iMtY3krnSF_;MyF+w9U6afw8{MU
z*Eo2ArzBdoW1%XsNCJ(k(cNftHx`O#xUDyjn%a<#4i4zw&e1_T`qxiyI=zE~ZnxL%
zv^#Iwoo>6m{{|gAZnJpu99OXsdNbG688&cczM}6hG%eWtpUf27Z7!9$@fdZ`2|n!g
zvgW_jfp0MX-GhTpr*qha`QLv(+CO}Q+K<r~Ilc1vS4@+*imMaTIj$k3Qbcf?#KNXC
z(<g3ICoNN%<74zmffpylw$NvaGBw50KV#d0g2!mlg-0uR>@+(E&2CM@j%w?c%idj0
zCc3ICh71QW)T_-1tz+i8mUG-{Jv=-#8Dd&C`43iUD{8t*!T33*x;uaK?wTr@w`LTe
z3IJOimu=;tHR*P>Zo8{$xZCc$pZpbwi-y%BieT@Rzuvv?9lSrp?f2alYs2l(*5``7
zJSS6f`-`Ed_f5;3*6#80f!G?1O9L^`@YlhrXY1|~eqvL#m#laEy^UQ5e$5qAnc_J%
zX?DeP$y^b6baP@Wj%$B=s_WUfcJJNcV94J7?E?&3x7}<v+HY%o#Ce?#@oW{dMih6x
zRHg>t@w{Bl`}a<{jH;tIV6qmvhV9zI?^V0mJ!-aVPmSZdl%4pRaq-+T6c;;>A_=U{
z|9g;Q$N#sH<oUn68V^QI_lsL$9R>Wq4KpwC|AStyyW{`cNVR|QOfm1#l6YuBY~WEa
z9EPErQ<+i!Ppx)I9*{dzT$X#LEHKirWsoJ-c$S~p2WLh+Lqi53_lN*1fFh8Qs170~
z@*DtN<DCBi*a`X#xS(xfKs}@^6x~qn42)*j#>cgq&v!Juzy^pUb~9i*j0thvrJ!rI
z+V8+8kqtAXI2eEF4x&6%Ltnq5<~4uWyo5LC&p(@JOc1=WO*AJqM#>%WT-HcY`e)?Y
zOQ;^99}#7h2!_P<oHSTro+)-I>(?jPaZ__XQ!Xg4f6B-~eldZi6LX?Z=ZdxQzMx?J
zciRV@`1*%8?cQ$vZzFyE+WM(>Lae2&PiHQAr|yLd|7U-6W~$BFXn6Y1#<{M-mH;=-
zG{6mgqGS6QT@23~U6Aj7YEk_D`n7?4JVJGbS53gCfk~INR!2?LfNV6EK0%79p?8tb
zd*~hh1KxaA3=cc>Lz7`)6Z7xr8*<6WwSju<p*qOWxW32W#kL`x+P!XS$LNHi?uBC2
z=Gav<#Z`ak-iAxnur}pZPCUb)A88x^{4*xY#@2#>;aG~w0qLe{cv=7__{af4b|7ci
zU>hsM$VAhbwb&LbtvLG-6h#QORL%Q<Jcc{5^omm&p8<u@cvEyCg`%aE;kz2Gakq?@
z8ew|@m_ZBr!_3F3Ia7^e^o@aIjYMDBZ<+)S_>+G<HOQS}H1QV~DpU-{9QvAO`>mm=
zuD}cIICb;^)oBBY%hqG{!8G7JfYOLMu-N@E1rAh*G|fV6XgUk^IMQ+lMh-Zd!w0Zw
z5!+2R8diyD^Pe^LM^&I<=&N`#bjQUeu-Lk1>R;-SAr`%(odY&$w`|W8?2<1lhp6{q
zU9NxO+-kbRc<%>9SC^<W(uk)fRJ-&jDUJUF8UtS0HZgD|I>93SA8Y_*{@?EG@A&^V
z(i8Fj$d?2gx9=3Ssd(;;*!q8&@~nCPo^hd&!E+3~1`OSt#YfOxV%aZ@1KXa#6@@UG
zzuLsJST`D|PANUG17DL!-wD2>s4DSH*J*#b<Q|*w1$fe($fDX9MsUXizUx##|L<VA
zfy})b8z`dx`-hVLr`y@@9qs7<Hqwiy|G#hyt&|N2tbgI$06KDwC$#N8Kgbzd$dzQR
z6);rCyQ3#~j4kmBL=*d*^Q>9Ns$20L6U#_x^j}l(oWNqQ$|4}2{&#wZiSz%X-u{1%
z{%<8cL;4TY&Iw8VDMQ8)b~mQ*o2l<!81;|n*-%ugs`<l7b!N75&U(nEAXGcK<ab#2
zC5nARCd?5a1nLDKd`iooV>1*76tO%J1MXN@rGxERFwJ-b^|*Mt<iqbSEipu?t%?_E
z(%jN0lqxq@zTBAMIh23^jEtU$-LQYW$6}!3S<5#qy^5H&&w=SwU1Ia9=8CJ%&Lfyu
z6)vuWjs9ecrbSjH(?`ZyncGfz-R3uRy@ivt1}vgwV1LdEkPC&l|2_sFj{p3Pv<4`s
zB=*y+{t8Gf7NV4Ig>*tp7urMtMu4QEyk+Zz6)_aYi4RiZQv#WD3QKBg<STy`gm`zk
z9-R*6Au(<)2$gnX+_G|;M8p1SDv@28Omq|a8Oy4|AS=2F+$lut23l{yrOs=hnTb`q
zA_@epOaRg6z$=bprzR8>dkuA4#L;1Nmh_+_HH)iEV+Rug;t(cqNDN(FCeVeKvw{rq
z_9*r=GLn2W8x6oAi|D5Nq2+%MSxcP65cNKhTf=wW^n*-t>C1RssY_utSJV-+*OQ5b
z51!^|aFf0Uolv=^d<bdBO*xPoB~gf%y~oRBWzqGQ*=<I=`Y`xuc~b~pm_H<Soo;Gp
z<@&L?kY|{$m(Ts1^YLx}^z=HdwX2>0%Wa`2jZpZQABP>cS|yIYViSM1;-O@`&Q(t(
z^H3##`g~3%i)Vd73~!Dvm_9ju`h8S}oKkn^wA4^>XE2Zf1xSun1xVtzg&*uwL}^fr
zz;1Sn;%Kzy@{5j6a=J6tV60Gd8J3w3LtkJMJI>H1cQ`&F)UxVV>>f+4uy}W8STWpL
z%f^bflyeYjyYRmKz8!!2FadGav+;Naylh4cEx{6EZE4Ec<?*0QSXYcwY$!{hv&7V#
z0*EOkWS|xXDMl*?E|ymY<ajDDYo}~y<?J#zSD$0zx#b!b&m0Fu=SzPs6CQ6&B{MF8
z+<3|*c$>|+1Z=}em!M_OdIdzWlq|~t77LZU-V&l^G~?<5X0(5FmYA84oq3^bVOu5h
zxngQE=aOlDn)oV@4wLn`9n^;wc2yyNgqBf7%tFlHiV~Y#YGt{NF7`y{f}O>XlY(wL
zN(u@@z4NPIZ_fvx2j|5?Q`iH8OwXywZ$ey3!v1)5ebFDU2>c_l=ZY&qmo`-KP66}p
zJD0?~CIp5cFpz)plVTX;VQA|M-M~{ka8$)mxZBf20qHId3YPYjX)GzIkC5M4I)JAs
zKv|tP4pp>v+U?{gaiRm?q92QeFv+4ZnxZmKA=*-+c*iqm=I}e4(!J{CuoVQZRmH6m
zt0(b_14~gFq)Wjw;_z<9IT-7Brf$&(<(%sFBe8`HbWwkO6We%utFW;xj~`HnyM(UC
z+c3wP?!k(>fKjrS*%Oq5H3=S@i7YWiU>-WeHu?dB<5~p9j6yhvTRgE$JO8W9@K2;7
z`;VheTRQ(c?6r62e_Kh<@cgfY{YN#1e|Bi&@H!3!Qw#*rzv}gW*P`Zu@J4tuvk%-L
z5MEBP8_R!5TO)>{w34+Uv$FJTvRbTBen8_|(g+d#0lno0jc@6;aIQNP*&L*@gBWy2
zy}uk_hN=q~dAAID$uSE``_5?bL8s1Vuy3AV8^d(96t?SYP~<h)|Nm`KY;OI)vQSpr
za7iN=>osSB_XFNlz$3Ege<g;0A{Ej9Ui(0{|2Ti@?d-p|l3p(Tugvf-Zt?euxWRe`
zf}2<d?o0xoTS}w<ao>Q=SwIo}@AeL5|DWFBPX6CYdWQ5rpz;z~*xCP8VE-34&sog~
zFsJMqmVgqpq(Rh<KyM+*^j|ms!>pwmDz;rmn5t~Z0t(~5b!7Svf7?6yzm4>`^xwy(
z3?_ddeNF_3i0ZHXyiFi=KurhSs4q7@#Jj1RQr^avp{oj|S-R=&q0S!4W<V7CQy32q
zdKO<RPrzQdZrpFib{R~BI)^`>8k=`%)s#*Ds|x~9DF3$;^uK+uqyJk;&yN0YITApe
zgjO93;3)}oy0Tx<gzDSIQ{8dx=%^;u&vSo|isa_>0pHCCx#vf;o^O92Dy4;%o}Cf+
zziDuq;NgKfu>?;Re}abZ<ohR1W$6E=X90!&|3}jKZ?{X21a|a)3+X$e|C<~LNNk|O
z002+Q0=5|fAcvDysPRt>=ZZT29mk2MO#075yV5x3j~xHA+dkUw$@>4pqh0*Zt)zcv
zNB@67rvc`%ki;}HZ?N8T;sgYxDqsMwOqW9os$^~v6WVZ$gtQ;{<NF%3m?3IXpSH2@
zdX7(c%IK`?6Q0sh>2xCKnj@U{gIV5&`+I6v*LQ$V?QX;*HF7=_^m`@e_|#HsddCN_
zR&<XK%cXg6r)PDEMGP`sjx1`Wegc0rLGyLfmHo=o%Vv3@r{&J|LXX(Z1qIf2)-MC0
zl*fL3Rf<{99f6F11r2#5s41T0L>pX16E>Kd%3oslf!O!yy^mzb>35!EzoTndRqW(4
z%<5sbUr~yyR8XqGQ%cHL!ci)xmYAbdU0&10bCw-pAkzn^|Lfp#e0z5J_rZV3`1bs4
zG#*^W@<rX80b@;fg6hYAS=3YTnK~h7x$?%V$@e%)8=t`6=o`}TgaxaHVVICi-{Dw=
z`9AGW<WHVPRo1IJxA=GL&7MEoH{(yY!~XbFc_gDdZtCB&LM>+(@N$J2ViftTBuR;6
zPSTZZ*2IoFn@&#njFj$-&qsf^Cxh$p?Z>n8tPU}UGa;e0SS_uzX7l>#|DyJE55YwB
zzYTt`toD1nOszaS@JB|Y0FACPF=$0~%Vb)<&f8B{qw%Psnqj^DyiTFwrTj=>DTP>j
z{TDf%X7Cr`avEVURCd=CTPw$8t_Pp5ejD6gUEYp9-HcDK{*l2*Q|W(#jTht|Uzwws
z=W67^j5LG!rxq>#Y)LGq#iIfJcXD%mHvawg<mz%f_-B@%E^9=}QYwtA5%dstVz#b2
zfi*~}1voe#Tnxt7zvmG0dP_iFrFGjjT`BD8&1e83QU7#seG7d)8DCvz^p;hg3h%Oi
zF&GW|C#m%FqfO>=WC?$SCOS4Wp?yyM#+`coO?0?Q*It_^!y8yA|93MOmGB6UGs088
z9)Po0-ZlQiqqjJf;w`k!^RtVyjcPpC=X%NdE(RAH_i>KrEA^4qxmh2f#`HdBE$Dc0
zY*8uER*bOO#jPF;Kf(IG?w@ZwUMbaYM6EKQ`y;eU*EXA$MAd(#x|Q0b)4@k3vyKNB
z!}I=lWwAAAQ^4@ciFTqo%3(g9{dzn2=h>KY$!kW~KlabgZ>~3Q3%^eac0js&WnKeE
zSbpU3Y}UkQ2`;@~P8V*F*D&DNK7%c{4ecz+$ix_o#{Kcx3FW%beHemEO7YKt^Im`M
zmk7X7L1W7=i@1M;##Dy`bD`VBq$>Q+itQw|0J$L<{Gl0Mo!(Mz^|*{Gk~K3Rj1Wtu
zPu;)$ZzuBV@q%=vss&SazX<V7_%Zr49uMQYg4{4qp;%LCaIXxo8-;tyfVqCirwo7_
zgni0@_(TD}wud|w2MWuATMhbD7BVagVigEfI(QhOH=BRju4lbu{E2p<I_!x-tp;~u
zAS=L}7`!U*CI&ExHS1{vi{nuVty|zk5lwPHs+fjO$}7d1lKc}^Yk6kurmV(tAn^`{
zfHUN*l=|zngwV8l;Gk7(oU-kIbjS8Adc=9>Y155-zzX9(9LV-R)B#{;|Fex$t^H5x
zVK&iD16+Ulh2fIyaAmP$$<UT(m@M+-Mm^iPzV{hh0liquo@|SiG}H{KX*cTI*7#0s
zMl<QZ@A}aYL-~00e}6ye|9f<_qyJk;&(8kS|8}BS%AIb2<P9sfKRgr6!f8VDP_7#j
z@R7RAVG8osqDQwYl)D3_)QO60oPS-2wet_YbWVSwZc~+bsZCzIYeJ^kksvqygaM%V
zATFnk_+d9^6k%0B*d}lQ)+DhHjD(MVmpn}q0QdHqvFwr4(L|AWM$v!93d>d%$s9cm
z9(++$H#iEW)@Ossgt<(hOJHfWj6Ga#RnitNQrmtzs4774YrN3$gTKnC^B*jup8;z)
zk~4p2KVY$j4miUR+UNViv?kpAtclgpWBC;YHJ&VSe*|M)!9k{~{NkCKbVZkJPa^Wb
zApPMHH@x|a`%wCOKw|k;pLBdqt_S_`fR544@Ra`gchHh#RKMW8G{WJxnByf#CXNX3
z2gH!rDTl$qD2#+)wg>2thYu+QL^l&(j_H3cQb<iJ0?k`KDJ`HU*?jLB+qz~D2g3Y_
zMiE=u#?Gr}qm(KCncRN1!S`kx`2ZE}|2zA#{MS3$#edvNdam+c)P5#mf0Q1%JSw*d
z?4@4Ivd5?}4Cg$!8nr@6No=)U@T#JizfZTQUin3C)nT@P2?o&wCb84nMhcfgUju))
zi0I7~jkH^9EStDQCB`utpA2K1=2bI~O!{v*R#k!E3;qB14`lz(?m=fq|F@A|5d8;?
z6gHD37{Fr&k(c%@(5}r?%j<03x4T<UjV1Gzi-vFIs4;Kp=0!LUu`D`v-bMnL)AX;m
zo`Yj0X&VF5zcLR_jYjr5Df()ukp6#H5D30d{@?G&^8aCbNB_5yUOD}*FlNkaU;|-1
znYCiUr;b>e$TVR98Oj|pLddMWfqTuNEc57pRd+xY(Eo0)(~<B0*l!>1=>Im-_e%c*
zlM;SJ7uc1Igkbsv>Yryq#M9=94s9~zMxashZ?@FJ3oU;@)EP#%Vb)v%Iq-jiD)Dh}
z^`%2!+l08yTABMXV+MDP@ODA*>|gXJ9xa>D!N;0-<|cIFfqFPTD7Mxgp4FsS5q@p-
z<=OBg{$hA`8omfG-(*mO-m+*!K_mp$N6$nLI`AydW&I6D%V`E@Nc2e9ajzq{h%$qk
zbKUg5_%)1Yx+BmQDUQSL7Nmc*vFIU4fx0~h5FYg{t8dSVjcf%z)A&e=iADnkD_SF~
zt#4BMT*tF415?Ke#Sq)Kw5IWQia8C>yna9*iG8PQNYSXA#2UnUIi+Blfx>OB!(@hj
z4RhtoF*-ar*gt?*6LD4P7OTv<WR*|vYv%WI%H;nQUIJOP|2y38%KQ?)x6}V^Cp}mG
z|CI6nx2QYhos*yx6bJr{>RdvYE0env9e<i7j5X3)5wFyeD%D^(Xf033kaFpNMVCMp
z(*H#K=T3XK|JzR5(f_sSe}%e3i48p6ZImxCTJ>f+$TSB0xY|a)=sFiwR?i(W>AxQ^
zt%5B;@%fKT|KZ&({_|GSv!nlcH$hfGYPps1Yoe>!L0S0<&r$sOR#m>eJ-Y;*wSR<L
zSoM1Q+%#RWLDC(TaQ%*Zkv-*DrkJ3;LeqgF`d`H*z(w@GeULc+Kj`l6|Jq7=QS^V4
zn}A<=fd5<;kaq{~Ya@uSEXnlWvI(rN8TOn;_><}A)@K1l=l|`FZ2#Nc-`~;yt)wdH
zf1tOC$KD=ediLnr%VvmC*9@Z=UVrUzedxQWlbbm4&n|z(Jn@*%TiMElrf3iC)u6eJ
zMkB^*=ES7ovZ=OHB{n7w^(Bo&q=*4qhXK`|Ae_XunGAR8ZT*C}`kWoz`U1a$G@?4t
zRvwCvlN0nX!zNx}e#?*W8*~s16L~-|0_GGq(NC?|mGVD^5RX5gva=r+ihqCteEl)?
zgK&L}e2iXjAITUE_ighbIYwdKVLr}8{f*T$ID~JYtZ7W3kK~S;64;{DdP~L&dUczg
zT?$eT{};lcpp1_g|D)YY@c+*K?)+yfsZ#zgbHF*#A~!Eej_g(Nc!8o90!0HBzdC~-
z#USk%{Ih59($qgM{{A?zvVStmmhrd^?P}SwMD>{xxq5<C)lgJdU&t2$ByTn0nRS!j
z2b7lGk6#EsETWsf5;=$snsW;f1EY(O(lKpv0S4$&%xp)s6$_7f5R_E_#R`Vdc$m_>
z#(zVA)i}6TNyJKBbXv~R@h_4PUu<O_;KGF64H9u)j-!`rIPrKZFn`<Bh#8OWbqmOw
zKJi0drUvo|5HR9kCtU1ym*wt~EdTMfQRVIL#rpq)BU%67?d<&jwv!%J{^Q8h_uSbj
z4Bb?5gZnT26M&Q)D@1|IGt{ZCcAI=w0JywD8PVS=x{_Y3#PqA^zeDM=!prJ~xj!w}
z(0shw=oWhEpd>a%D}NgEJTHHPEc(wRjz(Z*`<Umy``xx2|GCp^@9clJlD4=1=NJ59
zfBWHICt6RkgA{Ynu$+b$bwBExq*3s%`eZlj8N|d*j=u>7LUX1BpEA#!PXZsbb*MK7
zzu7VKcSz*@VPqHn2qHt{JT-*QV5Y*J?^~l5>{sdh#`dgx(SPS~s_T3HId=p7=q@cx
zbqDnC)danxJNqxv_K$<u6L=67=6hrg0^n1HQLs<ebcbT*?c5;hJ^JA9x)NLKNV7s^
z0&*=`Q=dfDSUCS4wQ9EYdDuArZeQOzS{{}ZJhzpJn{Fk|uU*{BZ(*=fw%Iaazg^TY
z2B1XiLVZMBmwzFdnpf0hsBez#DMs%!U3GzAMUke?aAq$bC8PbKl?-j{y34;i#0<k_
z_L3diyy6w=jE!i@!zw?Yng_n-lp+5C?x+NQEUWMXEsXzml!*V?+4+BNCv92&%a-sG
zis}Dv?@hNFxza?@`dfO6XwuyYE+i0Rnr>G&2JEDr1AiCD^r_`j2LdTTQ5jOm5g|xb
z*>|1SxNF_}a_33zH|;3~Ndbb)bV=v5E0OlRzx~ZaNg@chmb((h<j+F|vJ(*Wydpho
zFm$srjP8s3{d0n)Ddjl4vOKs_vd8^QF_o(-f^$_uH&=Dc=BkRb{A+2J&xKao`OJj>
zAE*MJ>VN-NtpBvV(EmQo=bsP%f61!lhw79|pY=jX@ks(va|HkM(oQc3=0C}&n*PtL
z`r~x@Z?`1=Yj@%Q_avXsK>y#Ig*~XDr0eEN`b|{W;S|rx3QpQ-?YhBD;_GB&qB9d0
z3HS;K#7z%I!6bGAfTpqjjXm7b)>BlwT#)e`8Gl#KczyrlyMce}hY^B7=}8W|S1q@h
zUhqR)`6eI49BOAUC^|(dtNvZ_{wwf*&lhLFdE|kZg8#QRw+i(iw-@z)pXT!!;Q!ys
zbCNP7%6qN|ATDe3Frl)=U_V8Me5ROlbl&v1i}#+2o(<#fBjm8485S76#38-HbJ+@I
z-hZnEFYCU`LZ2ses!W-YtAd>aF0?Asy73<+KFLl)$EIc*ESJ-u4~-9i4q#f?r9Xe`
zwObpT&Gn_6R^vxFPyxi2{I6vuuU=+2{NC?}(b%qY>3%n9?Pa|SX2PkH!}^_x!yuhu
z(vafY#JxXP%6XdQvU*9v&K;j{WBuo(1%KuG6lYUUNOe#M@jUUbufq<X-crTzJkD@*
z6@_W<O`M$ues{dz?PC3`$p=-{M@BStw5lT$3-0=!@$9dfRVRQUm-g~>G5I&3TNR=h
zN}`N&5Bd#Yee7B;B{<K_LGh}eaX;`V1M{@Sy0f|q*7u%Eq@zP9oI`xEvED8@Cx7|+
z;rVkK);Uf%8ile|B*7GlcwfAqJD(zNTZ!Wr9tQLHRP+Djn{+jvg8(p<|KBM1f9~vV
zEcpMY_$>JU9NrVKuO$FTpU0E{WQv6dP!IuT=JeIgE?E5qtG{6Ne-Es_yy&Oq^>foM
znEl6O_Ss8)!R<fNr-J{NQrz<?0Dm)$|8H*;>c8!5?JoHLr})e_|0i<zai;O6q<D#k
z(6tv{XW~xs;4m>4i78kOa{T{S6l8SbXT6d{BBqyVq&o^)B-8~xCnV-lT^>VtDVn^!
zatf!m!Z=eg$CcqJxeb1c70U+MwYT)IY4cx!$#s5R;z5@jdtz=FB7(&ec7GTGeYTht
z<6PpiD)yn9=uRIDcT4@IvA%g%y8%~#Lm$?>fA=v@y0Ey<F+mX4!>hVnJ_46#Qfcfe
zv+&s5bTP-UK!1gxHW_JTYAqSx3$~_ubW=MZe}{DgorHYSmA*H7lzc0=zh6di7F2SK
zo|H0tqb{~({w@d?xqnvgQGfpTAoA1HjFkVjjN_d&g0pm;nQ-d)IY+}M$TQ==iU)+e
z^PWCN#0(_mQ)(v*bqisUv`*F!I(V(UURZSg+Lj6PU>`|T<t<}ufw#1_w6bD%p)5U=
z-G^?~`GpsGu7rMr?{clK{LTkh$)5A2=Lyoxe{JC;2R-KorRh<ED1Uql1C07tNVTmY
zT<K*I%=b_Dso?*GU^dxT?XlzkwhH?H_RfO;f0EDK`Tr9BRDg-qT$5A_HQ2T{_Ly@>
z*LeSge08}iQ(UE6lBMlarU?`hz31>`lde)a6xp_Nek2D6+?U$(zZL&5%hW;T%!{~%
zI-d&sKTL=7s{lL||9|K6|Fm~^7x{mm=JVOa|B<%C=za3;{h~_3LiJ2Qs`MLARmc}s
z@-X@T^B3n!L$seWOZYq=sQnxRwJ|Sgn2o7P7^KgwxNZFW{Ct!KPERW-X>$gey%0I(
z{h5OQ=TZT9D*oTu$n*ajy9@vSC;2S!|HC4x{~5@D35UK{pno$T(JYbF^DVr)pcXTH
zs`3APY`^%Kmj7dWXEV?LudgrkKTq=cUE_ZpY0K#}bhz!A@TpIsJ^D<Lc$wu44|78C
z-z2;ZqX5R;^T-JYzI*1K2EUBL1g_2sj}Fp~AMqIYbrQ!}3o(8a#djxalq22942J>J
z7XRPT8CUslSbuIdJ`5B2bC|?P9fGd>&89K=qZ{81?);>?e{wv<=Lv86EQ=F3u^HT)
zU|NKxG=q)4r{x|*e%LRXCeeH)N=dUp{POtZ!2ROn_|SZjj0XGZJ6IYYf<9o1G=~Gp
z{BVFl<}tP;!zvb~z#}#nl(wiZifiyF0im7Zpl{;ADStF0H?mjZVDwSVaNY}3c^aOd
zrg#H18@j%w9=e&1QjB%q9}f4Eew=uT4?km|yFc*Gj%X}<Mw)GZfWFD;XgI{G8nEo>
z2VLW=ur&UTLgSUD^O^U3oLq%n&+qC$d)g(HN^420rq>Svew51`#dhy`JKNiv+wj$O
z${fZMPJfvMe)sJl8skZS50@dC$K`sz00yLj{=*4m^HKi&VLJV9?`-Gk|K`>r|JRdz
z=5GI)?E6*UyNe;Q;M-N-MXQcS6;Jw<{!~h`f_YsLmR6!qQDoPJv(n=_EAgq%-Bn4z
zs*>e0&M;-mAqN@uRf_pm+^`}?G%oWJxeM@(1Ai@BUvJocB010Vb>j^+$sWgxLU$;0
z6nqv7ACWKTQ$ha)dVJQpG?~?Yr2L=l&2~Qj^TyUf|NAtbC#e7AYVgholn#J#Mhs}V
zMpt=8PwH1)y@Q+2MkrHfB8wn3v-m?Ws82bakVHb%4snwCn!Yt*?Yxe^bLz}dlM~NP
zZhz+=pIJqvFY7ZC{(o%$zwO<E{cmFt|NkVPC&&M@WBeI#yki=A7_MK)M-}oBTu()0
zk2*whw`a#iUC4Qo<S?PTEmbvhVpUT)_)WRfviSam<Wcdd!vAo9!SyIgADH@=K9lkP
z#>VbuKL79f_9FiCX+ED%{uk%hDOCZVd4FdDpl6(^7mXvRzxO-Y$d5RNJeR1~O~MN(
zF*RNw)@V<!Tl*47L1~PuIkX8nElUqIi?fK8C1DtMU(?#qo}_Y-ocM_!ML|Timmz%T
zr=`QHAN6r@b(k|CHCb>o7R6UZY8JQcxs#wpsgWO)m?f`oF10b92KWWE=e<h=+J7uf
z`9w--?=0QR{rR<K^C20LA0cW1KV_LD)Ks!e>s8|?a#mc%z~z^k=inZ?)BEnVDsRRF
zeyyBAo6Mw@b7e1_{w`<6-xM}pL=D(bp@*tY*Vo}7%*M`%m9)#^VI0Lb<Fg@JVh>;r
zST*2~bb7}qND8YeZAx}=f%#n9GJk{BFbQLHF3E-4;-~Oa8S<IXzYx6&xUwG(Xd6Ey
zKwnM*=#1_y@t|9p8fan%Gp@@~SK{tT!jv3lne+e;DL6^uPQd#k%4p49_Vb>qwJO6p
zr{EGNHH$@^lwUf)M+R`+0?JZ$k<(IF2&S+dJ&Gr6{XF5~9M6{uxRW+Hq<^843dQ}v
zddSLG29`7#JaK*dQRwSDP-;)|rMsk3)L;)`p@!<+mal{`%rU(31LfvottfQ9pJ7pD
zqs_FqPRT6lkm({EbXme^NDM^oo?r`o;9W|i>hTBUP~tQMoPv4N_NrQC{*4unzC=P=
zwp23F3Gh+X3EOzEp>E?20DlApxIiZsz3DBjU4?_Sw72Ab+YCDPH-2(c&Vb<$g(Io`
zQuXB&h6)C^Zj`&avzKqr&M%HnoZm336dcF*N!%}n#)B{ub;ZHC^tTfV^~Yt7IDbKI
zbT#wI+rvkk7?4)Qyzlqly*j`6@x|E%uHeo7>!Z1^L9tJS<EJbF7k_YevVZW%t01~C
zVJZ8Eho@yL*z=Yq=egTkTWfFZw$|bQwfE2-zBFl;ljE|PDsZpg0vQzZ@VT&Tt*wNh
zOz1?&OxLr%*H*t;X0Tl;*=h;4bkE@I$K#WWgO_iAdQ&mIO2=Q(_3Y^UV88UmOzewK
z{F8$D!K-&?=SQctZhv0X5cO~0?pVl=Voy665-1BHUAQ{FmDcR?I6_BzM(D_STivIQ
z`lNnokYVb@<B3J%%kS-U|NHZcH*XJ*E{+eM5O}7%qL**WK^ZP>4cWXkx|yZ2GtM0m
zh(fP|+aQ{J3a{S&aPjKs{n4vxoKZb)aT(PRP#op^IO+S@^nc}j|Mv9t{&}7C>5=O!
za2a7V&qyM~gAj&Z)1>pXb1===_Qzm61rlE!9~`|oJGwa8KYv-iO}_QDhzDLPZhFGx
zW!o)1g~Ia(wyMas<<i(nOJul@2Df1n4^Tt*-cQne4qJ-@Z*R;xCcAFje`J=MUZY5w
z+E2DrK|RXr3V+<o%1K%Hp+5ZLt=DNavJ&f>;WQ)bxY^mCDy45p3f}5L+ogk+CZMez
zWaAzyYl1kFWArN|KAfhghMFYRaS!{#3qnN!xGS8A11#egr0Gc#Um34rr>EOyZw9=U
z8x=Et<?jk_;D?})m&+s(n?7PC>90!2oF62Y?2A8qhkuiA_g8N;90mohrHbWv<{k8c
z&IgfO{@oh^YVz@zZL3TQ=bVj_fw!LPd)^DY;A5BpT*6wC;2ITgsT5xHBN=rs*UR(P
z0hHBDg&*4(O_U^YQut+q0*MNpf{#W$sXj_d_I}o)@hZ#1t8!+tIIo#SX*2y04x6yk
z@On)3>wj|xSH#BGei)6C;JlXvX)lhtGu&yuOMXbyqJ(~Q7)1Vff>tm$YDusBz{6>Z
z#ys$q>lyizjykC9tF!TZm;8`f*bm}SHv0nI4n<rtBZ7&-+h7WQahlA6UUFjsWF9ai
z<~KbFXbY^Xo%V3X`3fuzeyTECPC346^idO4x__&^AEwNW@hFJ$e(&8~*_@ucJLo)K
zd+q=q`q<s!9{$$d@oGQyD7+3j<4zRhsSekBF;SY`I7kQ2GoV_X04qYC9sh8Cbo$!6
z2C>rnQCs?Qqu@&hxt1a<1MddSGIHX$lysGP0+GVS!iYZ}zk1d3D2g*TP{$vkN<K_e
z*nd06wa{oF(tBxdlwpi)iWkuH{M73PNpORvV3eP|FiV5zIyWG#8;xo(!1CYY{#6(#
z(@?t7azP{s&a!xzf3;;O$)=<w6178Ifwq=3dFJhN$fob5Q4kEhUVss^v3G-~j;A=p
z!-I9Aq0942hrrs*oq*$*<Dq{8V!^7H#(!{mzrgWjcz{tvHX%6uzTeHu0XzzH&p4j8
z>)rLjD1eiEo*Kj4;HGSgyy`OBAD!YE{%qjW`?r7dKHy@S3ZTAP9){icnmMYKk~1nY
z93_UzIL*#7zliMg5A|-d28q!#JOW86X7{ZSM9R!g++~t5GR3@9W&KhlL)&Ut%70Cl
zoKUhI<!(`74D6t{M$xPB0Z9+@{(op*O4sJ=V}@RSyW87U{@?gP|G({xjV%y9+kaSZ
zZ@0I${@`uTcNyiMe{%o7^7|JrQ2b*KLEuyT|2K>E|JFAb{{K(&`K<guOFTVG9sf__
z?){4B8L)0VJg93)`Hc1A_`}kkM}NaQ#o=Z{`l7zf`yp6Gx$>T1xsBlGNt_KH<Y?d+
z>?fLPjWKMp>2m6Yx2E1}E4}TM9EUKu1yS(fYVa41)1u2aH9cW{t#6tg>yKZpLkc>*
z*jpk^8*;)_hLY86;ov%k|9H=Boz!y=M4sWuu_EoCpC7$GIY0ZhZ7bmh-+$VFjo`IM
z-p}6BSA!+539Q^#s+YrKc4Jo)L5thZ@Ol7%z8bVzuDIZ;%dXjWGv-QuHvp_&^T>Pt
zzj#A?-ZI+uex;l$E6<S|zDffBgEQdZ+pm_F2Y+g>thmx9G1}YCN(VM44_N1CSYLi?
z|Bh0`pkz-dJa+Lcy$D|YeSc5hV-=^Zt-lT%joi=b9?A_G<(#eEw#4_Ql&^LA%)rz-
z&TEsFQIR{Lys71M{F@v2Lw|zsj{<|jJZ}Q@dtIa#c<3k3|Bb>q6nxHortyEk?&b3T
z?Cc`{zu^BK|MU6qfBDX%u%d37{(-)of2rkBSf4q3@>oz_<tL8;8h?e;3nb6KhB3@4
zNb2~cR{7$|9Siw;CQUi5XmM$W`_wC*QxVwv07`kFiS6EH?UoZ;kxCroGfaxNl1sLw
zm3_Gqug1~O+4xK)k742`Dsv1oDV%jOONnD>KcTE~5lo8ZgiC7?PwL<tUm>{7^vp%H
z)htgv3Mcf9V!!*HAAccSCHXFPxX^-K`#e5*{_g^)7sd#-vf+G~zduaj|Jv(2>+QDI
z|F+jr|GTr$|2@%Xp8Ow<g!!2Q&(}&M<gLcuFC#y~PF*BJgoRs;p8|~O8g!_A=Iv~v
zMJ`FbtAOm7UK#@-GDcJC#qPG8q&5osVMd9F8)Si7z8aJ1?|<;k8MZ~y92t?7mUny&
z(j!qf9z-;4DNUI1cOY(~y{~bF*>7>3FbOSQR!e(Cqy-xb2PLed&7lg`Q$M~1%9(^+
zQ_r@t!LNKIco_K4uzxlJ4E)hsYFY^+(Pu*E!5l~eOm*I^1Kd-~aaJu|1FTb@1CQde
z0D7&?x3w3T%YTLGj>hxOG-i%$<p1qJpLMOsq})nPV7OAcT7eU8MT~pp^$Mq6wHf=Y
z`QO5}!bUIv9WD7we_HaEE|zNTl6Q0Tafr*O)XX?Vd~McUxndU>XNHRUtJ}xy-kdYp
zdRrXJnZ;-`k9lxF7?Tz&a#Uf(HlXmRxzJ2AT?H@z^M5)5Xb9!l($MQBA!=g*S%_y=
z^~I+~`qXdj0v}o$z~a0myTLN~6*?gc@bjej25epkkEra^tVo7GVS<&F*-j-K{EdW*
zS<XbYoqRBbRwbvS+SERx$sHf@oJ5a5!zno?tco+rwJA9v?c!hWd?s~!{L^uh#?5|M
z6$!#79DiMT4>=MNhRTj57p~r6YEhE=pKS=s+FiK*)f9R?_F<>JcocQLo_~wn7iC8D
zc!OOcf)usDWgFBWR(`)a_fwI;bLQJB??11*Td6k!FQ)W5inlT8I<TG*99|UM_*s1a
zr?3yh9I8<!9;(}N+VS~z>q%uVH0aOa7HA}NpnoGZ(8Q65!CAsb@Z~(c+6b=jR?71w
zmZ-g}AC(~@6w2m0P)xYOiN`V9X^g^IPGB^Jks3|pqek`FsH!fHLI3a=`u@kTKk9pf
zQ6FSg<kCk2|JDy9s#2u#P?4D!o1etp!!S)oL&SdHjk-4hpkFG<BCIdf&{-a=ZLBog
z-hUl=whr*1Ne<9+^aK1?s)Pc8Or7d%zuQIUSdf21Kk_=rp5p@4YQAl+%Fv-E9g6dY
z+1F84x(lLe!D!gMYQe_enVmWkFdj3AN+rR}Y6UA8lfw>+>smL6f@5jybT@xu?%Zmm
z`*zI9tljX|TTVw;-ZK5GkKWHyceB3YZGXW3;J;>&R4Hv8+}o|6gtU<7s3m`HlV`Zj
zK8HY&Ke7>AL5QV-KxqirBfK6rG#ZKGo3K-PXKamASu|(FK3ZXo6rsq5i>8>g{-}6g
zDL$`a6Fae|g9~_tmTAzeK*0v(=qb91-FLXM`cT2`Bmy~YHt0U%L;ybzm<NlO6hEh_
zqT3muNk57Q6Y>7Nx*}SgwpKGnVa?OJIvplGr{}3CBj`nX%y(V+sPKt7H)J=wz6O*B
zU-zlf6_*<uC6j<K9)C1eAGt%cVjrg{O=mk>d3Q1w^XRtMQS47`?dIpLZfRXiE=mjg
zZB{4ewHsF*g6px9zsAu}uBPt~S#C+0<p?ph1><W_y?hJ*H;m#j`rLU+Pezx>cZc+^
z1Jp3?>x<@EqaFp1;6Hs-O@|rgfdg=eiH#qO8|2ZaoSY2C?SK1Y7O#k^k}`W)#nSjv
zjE;kD&R?CaRAOPB)yu)Ix$1|AL{^v!uYQiatzt4sOc}yIInfo$`pLgpj$yj&o*Th2
ztGk3A&rZu`LO;r4DBkD2!_4aNsCmRD67)eX^&!pD%GiGC2KTeC0X{7Hc}Z`pm=we~
z)|QQLu&Ff~-+ym$D3cpv;(*0i6?qr0;l8=2^@ZhxyS1@C-8rG$>8_5;-HXaOo+?F#
zlX9&oSud;;<6e6c55LALC*8*S*4Dav8j~mvCORYLT4Ngy&c&?6&_}}hbf}=gM2%|<
z7bA>ue1b&?#ccsP_WchmT%e;Vu=rQ;M=$t@L4g6rtbYZ58UmujN%6g;+7}hNqUnrK
zCEGV>cnRTqiH=ECc!~41+4N0#i6V`w^y^SJ`KxobouSHQ!rNaX93YPzLkyd@d~dx@
z<gI1>;abY&Ik^db{qN3zKYPuAxAfINB-7h(OWt46DHut8^C*O+{wlxxs@weMZ@=Cw
z)f$|$Vt<v4%|HCATGSs|rC+L8H~#diX;puGm6EJveD%|>rd9p%&rkQ?oE@K6&0+ui
ztJ}K%T$He>Vj}(9uU5O+r&t@M$yyY5{D{2nyK(13kTd~lB;#QWd{-;&xp~Be(tTS#
zco_mhINwL~!0)4!|08)};`^z;P~?uLE@wI;=6`EG34=FOfP<D<Q<uHQ?NnkHPAgQ-
zJr_?PA0Kjf^#0=X?c4K<^S3`9y{X9ERYn3(mV^Jp>a6Fa5}!KFtK+kCm;yoR=<KX~
zo~57n_Wr8V<xM}wyIzQFqB%`Pe?{|x@x`usUdIA83P)^-EfXYtPHU7q@1jx|Ry2Dl
z<bV93QTN;lS;>)#x8cmETjrs07V=Xp<T*KI+(c!k;g{x8F*<)t*t^at*|X&isc=lW
zBYTJxF{>D1Z>=Co<TmG!{f9~j_QX@A1pKJl%uep;iYt)3Av*L;R&M6O>s@o_nwcYa
zqj74-;YhlxPsyCyXJ5sjm*0JPyTaAXz<+CxhO99)Wed)g*COh&2lUVoYY>|8gg~R_
zJdv99Ao{=DZ}iF04fTk~DpM!bHVu)x7H%0jM&XBmR0PkF)&bcabXUDze21||tAhVj
zUmg}vc{fPI#MRbLQ3j}}{@FAFGa#oK@cfD$%H^J>Ny|SmjpuAwaYfq_tK^8;aeuaF
ztdtr$n}x~_UK!qXe3kj^@pr2RMm~<Akd$HOfjAbVatyojf#>;@+Xm%MC#P9+3Slta
zY^;U;?>{AB7Q7vFT!N&tl-rZ2OeZ;^nx~jXn$qy^C5nzB3UvDL|59ZGyRZFyl{7!g
zIHk!qN>kB4oExeJJeMyj0T^m97k|(zjPzKr=N!(b0X}C5vqGQS=>gz3(?C<;Z@Q#F
z`XniRLOLZ(D@1;zBzX~;OGbkMWo#OF2A2|+e!0(<jcOf_uBtMf)a3WCR;72QzHw?Z
ze3cE+hJ!lOx5djSjA6e=><ZKY-`Y~~P_toyUDCtZ!2Uw~SMzfeGtE`=VSjqy(y;vk
zCpPg?Q`gP1`f`hRrmd_M*H*B`KIo1njB>wQDh@cednyh+x0|XgDD>dRH=$Hf?blen
zO1=5YCbPfS8D@FV1Fjx_-Y>d(rUw8{)f=y#tj?pK6<i8$;*nva&O8r998UlrGt4zd
z)S^m`JpyTW>Y3dGpXlB;lz-?iZIN&a$|xCVIuM|hxePy;!6x5$*?mvK24>vS+byVC
zYEbw|w><H=SKVI;s6O<vCJ$Bnx=M$e%Y~JW{O~IiP8;K^b$I<Fyh*okVC_eV-OtqO
z^hWJ(XMUFDL*4gXI-||=VLAiP{bf$M?g@``!bKJ!bso1iWw84{(0}>gT=~#*zdOs<
zi;MGmsZ{5kaBZr|v@28XcxCD@mBD1n6}g=!Urp7u=rQao*>bKVe;t#qLJv2&j_>p<
zU{5%FC6<P&Qn_F&u}TkIiPxr~C8_4KE6#-1N{4!wQo$OrHIetLqfoF0osFHG?Pm1z
zn0iG<VxD?SWlisWPk)mKd#GYzu6I>B?4#V4iXWQo##F#gjhid!!b>gO-Yf{NYOv|I
zS9x<~W44Ous_gbABEFJgs|KCv_HyM&br6s9@FJ{?R>A~Y%PJ{9JnaSxT`VoW`(v$l
zIC0<yzQ?k$=lCwmhM)O;+TkN^fJ#Y;=gI>HVPHRf6A#d#D1YZxKtKJE#G|2OKG3Vb
z3A>iHq`khr?wClh_q!Ccs+4se<vZJbukSPM!@%B@yr>QQRz=@>Pe6Bc0H*S)?)e_f
z&YWpxdl|J}hndNKBjsiC$}4-;c`RnOsdL@`-Aug@ACrchB;jos1vkM_+VLYo(|aBz
z_jTHKtki({+J6$=q*!VM4VU|`UfmbARTXLsKSIo+q8>_M+c;58t}s7|37*pVLCC)D
z6c1vUr_C}qCVJXLpFJs%ecXo-NY~nAV9JyaekiwY0i=69m1zW_&JZ<F(Sx4P+^IyZ
zIp;_(YR&t3Q;sTNo<R<iEFHDvF_pQZS}dEW<DFr+2Y-ufm190!aw{8pega(C=ns<P
z%5MKIxWd96Gv2zi-mkoE^m1G-M#xLQl@)t4D<z@y#R-&W`V0`T{0OtJ)P<Fq7hut%
znU0}8U_IJW9twreb9!wBgz*)Aq4ehy;LvSo!{Ar92oO^N!5yFs7V<6ZC=!@Nw(Yj6
z0!(Oc1%HxHh9UwY=z!O)T^C)mL`g8Zx^n0^v0Is`Uj3_pBu3$EO1knS=%s9o+o(2f
zFY8_(jps(WKgP}t^q^-USv&K2F7woxV_PRBTFT{<D$U6{F_D!8stPMC=R9t$;P-;T
zwk)TW+OeDK!g$TfKMF}3CXF>I4Tgf?TD(o^5r5v3u_<5wLqLDV5$nH(=>y;YflMEJ
zehkeG29D2i!_stiQ(Z}i`(9t=Q1`yKvJoGAVP%8P>!v_F&t@Vh)NuA&Dm1_E9aRi;
z?;9$P_u%^}4mq#eaYCriW~ctM+vi-IP<76;Ai?=#zehoPPj^qtTufx8)`d}*d)!;0
zUw{4Un>fTnZm~G<{4TRN_C4=(-cOGl^RCAAud<|L?Yo>Z#se<1Y~;D!X4&A6`b5J4
zr{Sw}v8qq~n=R{E`)a2R@_@T79eQq;TRQq<KGs1z==sjgzKOG7&-*FxI(`&kn$hRf
z<~gSp^#%cFyU<DbLL~!EBCC=~BT=>%e_S|>LLLZbkv>zwidIq|rV8C^1JuM39so_n
zapwj~#i1XLB~Ie*nJD|E{@M&UVVDkQxH2&@<Qmszh$jtG|F$YdyZ;?k3^*_RZJYRJ
z!Pb`bX!b`{-s#@jfk~6_Ivyd!tOzqCsL1WJBuT{NMvk50p0H3c-UDHwYSahALe;?Y
zlP^0M9?tK|Wx%=Kwv73>kDk-vOup{P87b;tdU?i~iLK_7Wji2$Ja2wp7@%y>IoXws
zua3^SqN{bl>|PIqFJ|h-l~Iej=M<&0p1`CO$B&il#TaKR`)ZS|PI5LwRM^9IsqNg;
zHd<_0XR9T>Kfz|PrrflBI&JD~(d{_5-65JfI6DTA-oL@|(y$wJ{G{ftee65a-g7PM
zo<P2P?Q>w63w8{Dj9JhJ>_1KF!dbcLY!X*x``UDN%1HI`Z1sTmN3+#qKAft$w^ZgL
zYx|B*ySmxE#;5i(CsOK0IqQ{982MpWJF{!}J+630Z}7Qa^#s4?$qSt3@;qa2&p}jk
zz4yW#^S%9PzRYs~g2`^nGr_`qQheYtp~(yxK1y1e1E`gM;A7%Q)2@<8R{k#Yqs=9G
zK-s|aN*#dDcbLStAy!~;k`vUpvl$XU*i9dr_hIr__rACJXMHFg`QA4-;o_?E<yEkK
zxT-1n^775hVr!(!s~%*Qiz>&L&UkZ6aa9=k{t2zhcvgK?Q*#jLh0MgT=2}{plxJ6G
zc~PY!&GMjsDsHKQQOyJX>@TUDO}#$~G#6CM6BL&-vmdCvhdKIt&NAHn7?MZv^qeyA
zgJh0lVmah8b2T_pOi6_Z6HsH{&%6)8c<&aMw2J34jE5r>LAsR{IdIG)Gvs?1(e;=v
zYoQx(>i(}_(pB#(nig-eybp9~nwncfxTx&fTl!ajm=62H31QJWK<nO8Ysp)>Sb}dx
z!y$2Qzl`Ecj-Mu>5oA8=*Gj@N^MUH~!o2OA1V62DkX%Q4`f--F%N^>ZmhMqvSrt>w
zicaPGB<|A#(~0~~gKNQ)re8@RECe6xH|RL&Gz%x|oppLZmx)gI0zb-n9(>XHKx$$t
zUW4s_sa}m&Wk#kEO1<{Q-knA1VVK$#Uzd7WHeAvxHC0^smvm`5NQ8a=CO8>I5ubSK
z-2?+E2?#eIDPZuhQk55k@Zu7Wu?+^>V2#3CUSwn6{N?pWDOCf&xBrn=EcE~o;-BM9
zJTKEt=GI~kgX(zYj-#-0Y@Gjc&xS1fY!T~!V%bQAIa>@0Hh4Mb3SDS3Se%n1APVjC
zQ3`bcsG-WVo+rqubi^?v#eMn8&*(W3wvuLOj~G(rN;v9P;|%aeoZxE?2g4DLkYEY6
z68{#0PaV`!9>7fHvdgBmN?KEuK)`@YF8oUObNtn9`)&D;x(0Gq+Qs?SK1(skl&@2N
z*I?jrmR`kv_d7rG2c001Dh%?=8(`>9;N+H6_+ROGf_zG+viDI93Vh{}wGOv7o{l!h
z|9hvIn8`Og>Hh4goGao|0QOZlIscub@~oS+2RuFzYnAgIpHi`1?nwA$+s)2MlYEL#
zHZ2Zp|LQ(&d5_M^t$u~Mum7<4{4;)kxJr*wSf^`@9h*SHyHSv)P4#}p!1CUAj&=C#
zY;EEHws*JJ?f=EkCj9w__SW|H#>Uo08~(k%(cWse|KP39bE8!spwoWhd4K4Kz<xwQ
zWxHv=f1w|az>J6Egz6V9cUHWYe%cEU;$*n$9S=Hya!(HbM^oxUHIGr0!Rp6<$)5N6
z<W+N{wa!SlQBo<GYk0RTv}ybWOjUOIwY(g?5dK_MdYioF+fajN+A|pmi4<Rr;I4zD
z;Sa<2L6U};JmR+9!1CF9s(HgM>N0BuWaVuwUD6@QGSn{@JF0)w%$Dum(8KDiX>X0{
zww86LA9Po8er|mjUBT2rh6d+<cug<3Wa5b(!vTf^$f{eX0Ox)hv~2mH*r)FgfYa<Y
zuf}dKb@0-W%Y~^U+LJ0ed5u8HA(uLUx0t!FYFi#JfSpw38-bkVH0T559K`)0G7w9D
z{?==^Ha45<(E7kiJk|OU_AJoSlK)*Xg8PK{gW>mnKa9qPEAl+|yRt-oJ(GGDv<6cr
z4;A}h{+?mdkZjnZ<S^Qcjfz$1Kje8K-}5FOpoji&bQOhZ?@gRxZJ_bKs&K5+B_Ss#
z(67XZr6Tkyxe(!ZN%Sz-bJAY$cguF-CpSTMGNq4crFyDGktk_DbF+jO8|&?oS>)@~
zQT;#ZgY5ul!!-<GF}%-zGRAMg_x-bfD)_&7uzdhPK)=8GGll=#+SuH6`M>t=4t%xX
z|DNEp;Qt=X|1H?Q0^9c(yj@AqUI}AYMcc>2fL4b8n8*a62FPY^Y<6qGHO`%DoV+B>
zQx;gv>ILQc6lYV9WQuCHe0Uz`83wlA`IwbRG8MrkV-)ID0DM>A`L});f05QdxD5v4
zxjKHH1e6XDD@=`P6fQWN^}^IUd~=2+hy5s}JV#wZTz`whffo;zb4+U@Q$2wjuIR&?
zDdEB=GvQClgS+ttl|ibkwl1$I?7VG9yKB_luFKA}WvVt6=K0S@axhl%szXsUK)LbE
zQ2O>hgd}%93+d!D`7r<Ae?l%KycxvFV=%Z=`2Y2t4buN^Y;U*Q?VSza|F_y(8w>vb
zDL&7<6F)=jMC6M>fD4~pjl!slR&HQjKLE=I)aRLZj-)DO8yx%tP9*Zs8twJ{tkZ+m
zt3cf_Gw*Ex{j#3*J>YK`U=ZA}fp2-31lQq5Ks00k`<IoL_jVACe?6?OHsmFF=mQdk
zgP_%D9iCla$W#DB0Q=R40p1^+dEGEc8?Bo#TciK-@*6Ga475B>`tbGD-xL0?`muMj
zhW}B2rniGNGw2oUbu{#@!w9oTw9>mF{P)WL0RPSU@bCW{n!fjwFdn7e@!=6nK1^bC
zDQUFAZs4zRJNT-Be`6jK(E=O^KX<~U0~j{smG(wg{14y~nw_vU?ne!5xAxQ+kKg~n
z%l$V$9KCw`L#yAN{~VLw|L*$ccK-cu?rg3v-v3j4o;~y44H72UT>#o=-g;|ex3%sq
zzlm>yJ`j1Yy|e0VtZ!_tG#UpzF*`TD_6{Y5<t2g8rFYA6e~#2=qns@5R(rd((P(@h
z_}M6teoXH{;$|#@9v&H@nad##0Id7Kjy*jM@Cz81+44)k55#kynFI>n&p*6uezUXv
z*Ja|i_SV+;fwh3iSnHuOqZ22?H8w;bp<6@0o;B#PGGRFqm<iLJygx`~j&Ewu@y(<;
zRO-fL6iM70e{fWHaq>YVIGpsw?rzOVp$A;mF`}Vca+T(DSCa=HgN||?<b?r_1t|p=
z0$r{G-s^6=?p}A>D++*iT5WInEwGaaKbz|se!d&sz+%4kz7IbtIiLKfuDwfPOF_g(
zZ@{qQr<Y8JsLnv>d$5@#0VGSvxdoIc@Gfbp^-GU*e<a>rJc_!ChLsM8=-7|${BbH3
z1-(sm2C5NHYV{U=_*-OwFTK$K&Eje?U8Iv^<YxQi=Y}pP)IUtq5$+5R8IMRc+4C-&
zO^zqZukPFbNI`VG7>w}I{rR$mheU2J0(-UZW5>Rab#osZyT$iB`*Us=+BQGDNGsZJ
zmNoCBe_>O3jaT&BqJHN<5EXy$qn0;Rj}&z;TTS@S3+su!9R`Clsx6>W?4q<CTF{*Y
zfQz8_#`+fD)o6fz@u44ue}~!luy<-7_Rflp=gfjY*j5Y^C*K(P5hmE_d{F8PMlLTl
zH|xIh&CN38a@mX1Y(EMCp~JN(KPnqv4&$yMf3)q|NORjknz*^koIqJj6Ugr_->xJ9
z-6fyIH+4@RdgNCX#e<tB;<au`BIyqSYE_60rDNErd-UHp*bD%gC)Ju>z)?X&uzZQo
zp2SfghoJtv3J1tsr|`~c3G1~<%lbD3EdRB~o}qFv;wGwBb%_hoXjG#n65b;&r(w46
zf1q`lyBMW`=PJz+qrJp=k>BM>+8cEzX>T|ej>SPdtO<fR_vOAp=CI+v2T9D+Y}LNz
ztxb(Ww-JT@_XrUDMhQRkwfD-W{S@&O?Gq7s>J4C(fUkC~rN0zMD-ESgzS6>TsnX$H
zYHq?JZsau^W|(X5lIa#-X6<ucr*l>`f5D{%TW}(LeYLS=d&dl$qX#)U@SrIQ&*R|i
zc+Y$7e*pHt4qcPCsUoB<jV~&ya3vps2?l<i8Wj3sr|y|T58S+pCY84u3{k(D_|dDd
zA7-*3{pD%!%Lt(85-*eySE?eAX`Oielq>-qq*W)NGL&P)O09q^-u>o9%@sore_Ziv
zIGp~d?|mqOIIV?vuq1%*^!;tD!v%73MgV;W(ZK)L^e>JufGmT@L|6&`gr_9$M$PdM
zI8c~c)5?G~_lifr^<M(0^aJ>Il%66#-XgA?a3-t^nAL0y44$B@7cXkls24jLmuw+>
zygy9B$ZPKwm}5;&PQTkffCK$ye-tJhmvW076&<J)Ea2D#TK>z|&=`XY$anxvR2YM5
zq}e8xDr$r6?uNDgb+!IdTzKRsXb_qW8*Wr07~me|jn!t2b~Y^pL;R^T^oAa}?puH!
zv!Sj{L0!9Bbtx$HsNf~v1b2WGFggfr1+Xb$Vkogwmz8y-n1dA{c)zz(f3@049ck}d
zbtMYuk!Q0UL`fErHzdCxk=Km(3Gv-5AhDpy-{^{R;&YN;;AZUwZnj<2N~qqQ6qk`(
znX?I^qWPVnjwl-qPqcXaV!QVH*(S8FA2;9>H@ywq8Q&MuniDIkmabEv%p*mO*YQcI
zDw`PucYc&U2-^5vZ#sIPe~lMek6!nN`?|{?tA0}Lt-2@E-kSJW+wzhgI`V|a`oP6k
z3V!@pUy&;5(sD&nPtpk+<rS>gCM@d(;ip0*6HUfsaZEQ-d<Gm48zW(eXzX<*01xpE
zHt<c_WjVsyueM!4E4js~xLW!1Fiblr#uOG?xmN4gk;m?;0X!7NfA|&QKSU^dw0%?>
zTkQ=nuO!<bj1Cwe9%ZQ`v@y5EN-PRs<u%tPl<mzD_UQkjxY|o)D(?BpsRE^rONnsg
z3D;{+xUSL7hOH&s*r|tY1ShQ5-tqcm)?i(sg8PlEw+5K>EEr~tN^MMP;|he46U}zM
zB}We|Olj$hI&q{Rf5E{W&?gByDU0d5wb{Ad-O_XB1CfIe2IfUwoCrNuM1AM^H$DQr
z%?Sd!-G11}<uCy}mke81s|7vu&9#ZQ9o=C3ZhPH^NwSfh<<H7m1Axvh9Gl!oUG%ZL
z+n$wJt<PhM;_+=fY}hkol8C=2)}-{}x8!uTYTx`8-TYxNe@uW|!c|}D42#Nvi{1yJ
zs20Agz^K5AEml=60jeOtzFTqDBLsV_5<QXiR#MU^j!bQ!HjHhN=CsJ%4G7z_JbL+l
z|J|$ei~YmH)60Cmhmc4atW#ppIVF|U)NtvW@YRZig@aHBfMlEMTRmhK)$EQUcUE@u
zTwX3$2gx~Of4Wv0$jf|tS?Nw)D;V@}`0dMy>B63RSvl>GRRDJ`%i69>mZ8TAjs2iq
zRr8+8(QYE|X&NCPHw-%AHRnvY9Oz$2)TJS5B<ZPHP~QJeZMI|w*%D(Ty{78WO08;=
zxrp&uUDxxpjD_FbuFE+<4^4lN|5$$QkG+j;LwshUe?2?Gx$JJ%mH{`*YzePN8JlNS
zk=na3iU3`aZ3Ph!c`ed`P!3d+AP)hRS5jA)fgTn=st8ryf+NZ!R)TeHA6vy8g`6Ii
z3e1oU&|O8{DLNEg1=naFUT5VbFS9nhZ|+(bw$2yU-l^ag6cJLqKCT_D{3$M}8+S%{
z<ha7Df9K=oR*g?YzAJ2q>YejlDES6;uH%f|tjJo5atx3dG&O2ZOPEav$QAr|1T?ve
z@NAk!>~OGKoAKRcmRgy4Sv)|Se)H0}GKV%%m0LoOGnl@^rGI>aB~0~35>S5ct%t3S
zDWp>PQkE29eAZi=LYQ?fv$AFw=pv*1_#!Pff1ww+UQ_$o-hmEe4clz({E5C)3SXDZ
zD$JC{!#Ij>#%DuRVgcGuvjk{CM%kd`Sn-54MPY<kTV1t->Z)@42`bNviVbZYStYh+
zRo}DyaA_^y)JD$VtSjnbEUW}OyvJq)M-e1Vm52~!`Bl%dvdUUW4NgmVQ5T4yhfN=b
zf8?LDcH72MMu%aVj7WU{Zq!AL2shz!z3o2<MJZel!*p$Owaes+)SJYhvUu)^RnS{L
zc=hh={OFW8$rV?ZNe8e|n?$%~UACcB+awDHG)G6Y^G#j$A9@rGzC4LwG*0-^MU?7$
zf7yTiN-C5qS0_%=M9xD31GU${!slyze{S%98UrXg`4f}L11FD-nii8sUEa2@g3NDU
z$|2N#liz3)O#2%$NBe`3p8%^+A*a5#FqB$tyY)?L!@*?k@9SvT-6*Ijf}BQtSOWJB
znrF0A`<-oX8o&;cemJ0G{2_rSe-b1i6%LCBAU2gkSfJ*u3*OLUrF^5zV`0WGfB2u9
zamglYduHwIw6$o$F=J!aTxOUYFD8CI^3#;!CkobQV|(7&t&K@{*GsUvvW6PuDtxYS
zraGn4#XM>4v)xr^D|JUwLV+OOavDR}I;k{?$0R2T#Xs)s)`p*513%}l&WccCwnUYL
z<sfTYb9an2xBbHPmfe-N*mmFIe<@rac_Z1rV5Gh!0_Ejsn33^_p~KtwS#$mx0B2e?
zbXYMU%OPiGC}cTCDcy-tC-j3(&mV+opE&4%Ut%C@gwcn5Y_*L|J6qqZOu$R))9_Ne
z2)z7cRnRCSUs6DX9nOGv8Vq33$GEjy<cCRdZW&IU)ZR=SYd`1>?P}THe|41F+ZHgm
zEB8Ep64pwN#U1#>&w7-Jj8?N*n@(+RS*x)fKig@hSM%eWw?Dn{j?d2CF?^ywt+>&m
zXmRa_5nn#J$;LUBrv1&I7%-J6uj;0|-m+Ig$43t^5E?Isva3rG&Ss!gFIrpEAY#1)
zoyiMR#|glIuU}lN$yMg$UYO2yyEZGj{f(n1P;we6DN5r=nK{0+)5wVq#ArJdmyGd=
zf{-?9BczR;vW3aD7;+M8DM1|%16gfKvbk;v>PLfggg)2k8Wh2ki{tDtL`xCjdyWLc
zP4`g>;GBJv0Zko$jc>|vb`?}^PKHYKde##;b|9@H$W3(iiHQO|dGd{BA_d&7l30bn
z#n&9B%qU_$M5N`N#~vdL@y62D%$T(~mHWqo8j%_V&cUo>oh^gJUXT=?kS@i$gtiB&
zGvlUK0U-<9;3xvfnHuqNUZ%l_gdEVSPAP$`^7fqo)da_Xwe=Z0sL${W%-8@RC(p;`
zu?bmR=eBFRIzf*WSz}%O81&F@ZQC-aZEPmp3VO)Yu#nQ$;4AGeyj|PaxxKrgI8dz@
z5vAt7rQLN{1DdI}jJW;6(B3Wf7>>rqlcrs?{}!2-;A5D*9h?SPGX5T@Fe29JOw0C8
zZBn*VDhmjIRN0=TRMN<l=vZY#ggDExq6Zc9I%b{pnk0hr%IX@KwmC8@@1%L_>f0#M
z0?F0n6ro1*;^YRf&fk3t^6P@{wlQbe?0Pa93>3BZI~~C4KBaE}z)ZEh)0b@5mzY=P
zQu(+(d?9&8i;W<Xb>)%|M9h6k7p}s~(jEmyA-?2)rIYzYaUJ}mYD3TNdVXajP|dO~
zYWSF|Dg)xnilo_>3`4%k>Fp<pKbGn1GGWjIo|HWQO&u`ch=k?xi_ao3;Wz}fTiexx
z7E{|9a+{qYd3?Ddv@;~bBuoRz=j33!t=izZwQHs@lC?5erZQ|@DRG-z675*QkuI^I
zxMq)k5|a3GHnkVNNejoJjgM0|r_XBj{g3YkCY6gbV{M$axowV0XipP_0l*x>B=;pa
z$<#Y^@Oy1j{q~l2Y9Xe`H7e#Q(Fq6$wojj*+>lv{)HCHiDJeZGWO2wCu%FyW0M~YH
z>1BJPELsBz08_pXCZCdW&_z8R{?>%sqkLq4f`@4VwH4~y?R9fKqO<*5ip+;~>9xJ<
zw%eqQ+IMw)cD1Vs+P&@CYKZL(dhzd$m1&lcpfZ-`Z2()fU(FU-J=MD;TTnGt^(ooW
zT`r-KyH`Hd+UTLJJ(k;T6N%8?n#g2bY7}Tpsli7K6ALq7(b5m$Pz9*4?Dam6g12ga
zYYDerkWjAuiOAJQCC{LR;8ZALDD4DKRNDh<i#@Q8jRAhr#lNU~;?Tnxo{xsz*Hv(l
zV$)K6^Tmn3sr!JS2TpuM<yugS08BcFm^k`XAXvbOb<ix2#YSw^W{tOY2phbLZ$Ol~
z4I;uhQf9}RA3?YqCU7RvSfN9KvM9cP`JURl4lnTaD;)4rE~2hT20bcSh)WvjlC=1?
zbyS}P0R`VfU0MP?@-H80r<fg2(RZ4r#l0RXdDnQySfRHlS`UK+4vaFx*fKwj@PLOV
zC_(%&5*WOa+T}U>pBZ{=(SN2D*c5R^fUWl1-6>-WFWGu&A{29QCl;E%^3m~syZtaF
z`l!5hXf@llPjXwI<Tt1!`#!iz*v2?8lDh(gW9`Lu4bWg!nO7p4KghzSE<A?;b-b+F
zp-0eTWmWptmHwfJ5+~Wc^6=>W#jE49^P@LpA3r)f^T?cg>rrY_o~8D|ZCM9r*=DOi
zu$(A3IFnOBpe{_uGc)0?y|&GN33SLG!K*}D8D3l;I)=k2Ff%e<%W0Gzw2%U<AF7jg
z)};xy%Uo{NW{b9%Ez+|jajcR6l#xistN}oQ|A#8ObL=5&XxB!dZT9{(2=hB}O|g9V
zE^oy(V6!%Y-u#Bf&$%L$4!*Tso9e8;aKJ}lb@#d~AJ#&0SD1NgqxPA9ZEROVt>gV|
zJdt3U+Pm9$VOal5ioQ8X!rL$kZh|AsDL`A;W52sg6Q+l>POnXCrc+!(ZT@P5_^UU<
z14{Ov(%0Z52x<ky?ZCD-Yx8uQFEkhZ!Z8vmUy?HIASuX&C4S?iD#CoP!+?{%0>U!N
z0D|Wib>A%XDEG%;`U1CqB-va<R^wUf3N+AzUJddlsO0CdN8ONb7xO^tAo?n9db2iD
zyU9$gqj|1iYAuFdq{7YGu2Y-rI(2SqjIH^sAOXUBKAC>uZz~7Y)_QFYdfk$zEww^f
zOaotOLS}k$HxAL2RVD3aA1~f|-KV|Di3`qhT&Rh|MDrcczaC|O-UT|?N4Ej;gjK%9
zY@M7CYNA|?d4+X(lTC8zvQ%AUd?P6oWB!JtOb9Ufh`!&@sitVU-P#ATt8JjWwpnJ&
zdh;csv$*YuEW>}%qY>XvQeELHFZ{vyg6!Cc1Vph#ORXJP3q4j^<t|y7wi=q04PFMk
zNgs`jV-)MLL|kHjT{O$8$F@dov$h#&bGOVVR?bLR-q*lkTo#tg?y~RY7-{y}Y|JLJ
zF>iICsDcx`6x5=hkaHY`gYesZo)&e<1?SUt?fi1>UBa3wR_Wwe;+3i}<VI~Tiw*X&
zP%cwl6Z9pzv%nh-D2ui!Dr$#m&;i#@8nMYqBP2NAjwsH5%7Q@h83^0o)Fr{t!|~#E
zE-DvT!s2zVNTQ{@->hw0+GN|3I%Km$vV^eVnB7)^0lqY%(PnM!)aGt`)`Qi#7B_cl
zBaEFb*WQ6BzsNegW7nUJ+CiclFSc`5iQzcw#V9y3<3n5!n{e1jN&Bd+W!*HkiH`r>
zXwZ!~Yy4GzfEboa9s@q~nJfVN6L$I5Fy$cZk%%})6z~FSyZ&!-rV3nu#uQ3D$&T-`
z7ADz>Nb0tP2Qp9P5$8qJrc~RSQtfC%n(`i~AX9{7j|X9<T|GFKS!#iz62fNGl^tCe
z4a-owQG2-?+qMufjMI#wVK2QXybe0!4%{ILWF%fXkl2?>#Q<X+71B=MCZmDEGrT-v
z0R8KX13#&h03$%AuC?VwmPfw}GJmgNzf+nq9=f(*(Jl)nJ7beeRV#lRY@1Q&@A%~4
z;?>)OAJGGwWxrIsoYFggh%l`J$tZJ`CGIiquM05HW96@CtVu;NOU~CE1%*|l0S2gx
z6kgzIHfkp-gdQ{v2TV|eGnRB>XS~8OJ2aFgtj!}q51z1;ZBud1rvS<9GorNBXar#e
zFwI*#(=PO&dGijCMTdWSxIUJqm<-h3;0t?$wh~#{9!z~9@6tG(wm!U|QVAvogr8Sk
z-Uxb3IN%N?bZ|UMHJ*F9U*=@7*{)5X+PejrMMuNQ8IZ@Pz-(PY4n1gxJhBawl;><;
z1^uqMyHPh<+s_Sp@KY3J8K&WtAVzJ|f}>@71sr6^u7^bHrEGtiTxRWLnb1RHf!y6t
zXeJ*fk=LHDo@8xqdUxGA&#Tc54hV=8fAmy!`#bn%@LX{j#i&ig(QMSlbsOJkTE1=U
zwcnJ=oEowTMcB^^E}nT%hN{|&*x;jnV{6rzwjOD(7#X~F_&oHm9wllOl+NKaxCtqC
zNO|tbHqwVp<p_U*<l(yi!_k}bi{m%{eRObsA)?v4^OqMV`{yq&OMC{2Y}IChp@+56
zYHdyw-`to4Ww&uhCw(lJ$C-xLM*3~OQ}-yUSLK|5ojZx9->gjvHf>U193mZGN#z}>
zEO}1;&M6D3jX5_NbH4WBov>=aAkPB1S0K1imjFNy1VNK_R~LVtPwWQ}#=9UGSo(G4
z3RU2@cIzGu^q5XI*<5m_Lj7c_x?s_ESfDftf}sjR9VRe(JhY?&kU56xG1lfGU$}&e
zeWg^%5h7Yj5M(B`_G|w}zjnlxR6eR&6^ipIZ%!++fI>e^0vc9wFyz(tD~BEkdCYr=
zjA{rP!;LxHJB)t?9+Gh071@bIL<^i+>XK{gZg#)XZ(y^vY3#jiTbHWzaTZ-GF>C6i
zZ&B=br5=K%Gq)AtBjq?ITfo+7Fi1n;9f;{oMX^`ox><PuyD~ZsOCS9=i6byaeFq5k
zrUKI<E0O0T`gl61S0`05d`Sjps<NZbaKoJ83+o7HSPXxTb%y?1@6i=-O!tm49+)y$
zF{VGi|MA6Hb939=S=)-A9&~4$PpMtdAF-K^;qmr$hE58f!N#cbpxN46W;Vc*he1c8
zfQ0pFf0Ji@j&k5R#oGy|F2QN+Z3sYwe)?o4Gp)+VZwab?O+vBb-A8b$z0m0!v}hCN
z?4nvt3mt!|fG6rP$km&V2t`|;xlC4FPz=rFBH@>M;XoYl0lz#yKUu^7oOvP{r#dqR
zRolyN*!8H0yCQD8xj3=%>(_d7Xc0ODa(&~I=Z)yKl|IV=RRLH=!<z(2FM<j*qi8Bp
zUl3v@{}@R-rmmRti%G1N9tXs>7<r{jR|$OSEhB$ut8c}eb-AMZ>AbdUnDaK`suy@z
zVk}jU0TB+xFDOw;y+X>!XhNAcEI8F$RT`5^oDEBMp>xFd_>}2AT<S-n6p|>tC_N>7
zZP*+$t8IU-d>nkAh$Fo#38hq*uYcA4f4T3g@=-|4<??|l8oKH!5A#*e4%%Gxf~;dJ
zjL3hBL~^yzW>z_S%V<F1FAQ6#<tt-^XibIzVqufXfYGY52Ux23xe^B<N%?}puL&l?
zSPJ8COsR}vZy4fWF@wY^=X!SI&WAurdUm|am5<B>>9q&m0o5@(IJS=>&=vz!(E(6)
zZKFXt!aRGaJwHCSD)1>WBcT@vtqMJim3x0gS-bp$R1rz|B2%tR$2gSuB7Ts}^rcwb
zmk(rBvGQRc{5#@N6CGgQn;}8$G@yJ1@Rb^sy&`#7_kxALk^wYA$Igr*J3&a;<Lvl{
z^P|((zzp92JCN!C6Qr2RfGZTN>d~-joPD#84AFk?CpP<`b<!M)pi~2X+VILry%~Q$
zi_$~Zj~0!e!dxpnl*OGml8h(@o5K`rM<M>lO4;HvPF4g+F1E<m4_BU(Djt<-zg*}{
z0q9r;I<|_xmb_4ltSRF1Vq<-so`pq;^nMBmhr-=2i?(0O9>Et+8)ZYeL_}Q$us{Kt
zmZ#EcaUcfsY-@N^y!A`s|B37<;w~deLN^Mp!9bfLR9rEOV*OR9e%ME!QoK6x=QQjb
zR$!KMS!R=+TPT0KE`3bsMe+e*7qeuIB19NgpxJ=mp{8aih&8+M-QZG7X{`SbHJWE%
z5iCc?>I}G?v)(AfPVzXZa4)<NApV#x0p~(9LO+Z+!Min!dB$!1jCUuKzRMhAqOv}b
z|F!Zb)Mu0Ty#~;Q<y`@`MSaw8h>dxX=m3Lm6mhqbR^@*)HtHhVml7XDvf;QNU3whu
zA-roA-`qq9&u%$_kP~?IRPmcD<v*{VJ?2LkV3c+hc<T^*%a3KpI=^GC>E%gn!$l?G
z@(<&agSUrAZ-07obb9s}b4;uMyI!pSxwXEi|M?`Juf6}uD+Gd0%)D6h8d*8v*go|_
z7oSJ@sP}*W=KS>dyLacuZyuop@Z|TuvDseV%GdwiSk(W1nh#dK9)R?AHOd_B0r@*1
z|6iYQ!5NTdg1xW5_I?7ojqYmHhyuJ=!AW9LJW81KKS$k7N+qW#H8YmWj>fIV@wGRO
zN5D)*VE`-`{=4VjqOge~qi;qd)q$s+fLFaCuL6JAp&{U+@G2TNu!ctzrvcYr9b`V&
zNEiW=mg#{EZbQ{)3pezAn4}qQC8WimBh84j7ZF36_+b}SXXwdF8FepKy}#jJ{PcrI
zr5UdJAvrNLc#-IwJtDE4O0>a2jIjh?%lixL?k;AVsy7ZI)E)V(c)DT14#pYdnO$Ll
z@Zb;{e#yA5?OmK;{j;8g8}>+((p^4(uNz#Qm@10tY?`n|&e7v%aH{9HtQ1aeRZf+M
zAU|C?TGsu!2L;=S!VkE5R-X2Q1SE^qM&?H!*p%=ubcT2WATJ?!WdvftsE%%WnaUz)
zCZNN#ch%tY??eCv9!YLqe03X=5&*zP0r3DMH6sb-B))#%yFveN+9nEYF(p42f*U8D
zCFNb>XM&|@MjUtdeVmN?fBm_Wrd}sWcVm^dpG>MS7}=6yO8Z+FY?UMyKTHFbcMv2x
zq?X5{Y=9)w`GAUeJZ_H*hmp#xaC$Iv1Gcm0DI-FcH`{U^)mn$y24csLX_FRTBYzze
zzzpLQUq1>IcWB{cJu-`b*d0YcdDOwjAt0V$(4kjwgek&BaEEaON=ZV&$LHxqT=wCA
zFDY3#>5S0h>{^toHzN?^;OO9Zyg_hhD(YdQcmPPrGb^W@+}<@b>%*D$@G!qtl^@9J
z$9{eRh+ExJN33ReO8gSTYrR>34u250r1%eR3r!3(Rm$<!c(-Wm)$;9#<R1F9<p~B?
z1;nsSz$$5{(oTZb*0cu_;lHqE7tt%F&_&1kVMdt6tb-~cjy-z5Y*Hp=_t*$`DCh+~
zCHx|Aq7AjsRXPfcgDN90!rom>$sWdCj=E?u<PflUuaq6H(P%ST6snNQ6MqT1(0(KL
zlVpRCLJ4TcjT5Tt49oN_+D3JC{HvG>?zCXt-hpbY+-VUTa-y%yzk!2<2M)*Y_lKBW
zS_4PlPd;$k;U)ZT3D&gP^4@Wo@Q|Rk1EdHyxN0sLx}g`X7X{Z$5_~xb!m43E@RkXO
z!@p32f%da8+;Z?CU0GG+Lx0tT(r*?sFEyJu^c6j?fB8@R(-#Z?mx3dy=dPCm3*O2d
zqO@V1We#mquv;H!pxsCA6vt13Yjh>*aAz(<g3STpq$w&#(^%(vho8EFyYY?b^NKKe
z8@?v2sQ!WOc{{g6h8_SdbxNyjW2k^K0LTwPFvKCv9b}158gHC$kbfJWy-YEx?V|vb
zNd&{16z_V33K{^A;0_SMswZ((WCv`<K(PaQ#)AOe9sGo$o2nwAF0FynF(h(Iy<RvJ
z?`?9^91SE2EuU$s#a-!lw(~R979|xuQPFW(DLa*WGuID67|wzQp(r5;wExsnLK@@k
zwU1eef}neaRm;1aPk*V4c?{wq61WyEsE`p$FQ{xC5^H8fpHcG2P8MAX7NGJ`?}+3b
zvSmWMb@K^uodC|+q`VGNU_3j<zouZpQ1Q&Z8dKX^dDdruq61oZ3Y=AnSWy~Ev<+Zh
zU4sMlm6vdRK?gAavL}@K3m}(=!W|&X`9_%M%vrQ{_ckYvUVq;@qnR@a^CmF?5pl4H
zfx?KX-eHyD27jbo?=>2imzODw6*a`n!`++L-dF!P`RVYtHEg%WzpdfITl{azmtNAu
zYpTqHxWFb+QJA9fhR6#%n$9Q-%mPfp%Hjd+71oC5&;;;qHj}>By!DoN0eiH9rTn~n
zySzI34?YcA%zrVLYBuBxi8PJQ)n&p?5i*3#BcUaZ3;7_g;oyFE8-!`tUmtl{v)d)*
z1hb?tAzJ(%Ww&^bW;)utc|)(o_u>JM2IwKtbE;axHoR8ZbNSl)`8()U>UV;}HGyjk
z%)eFujlx>5fS*LwbQ0(q(VlL@O>pG#FJ|1~co??g<bP%j7!}<0+W42X38QhOPILT=
z84VBAjE8@<(%yt2Ox0_;3mM3M=;s`^kvYg2ULKGNKFgK`o_6az<}B%Bnlw;~F3muQ
zW}H<qud`KFs(uUf6|rywxezu~n!GGT4au2-gh#+T@J<8r<3x5$;gu4c4h#kr%2gTl
zXe2L1o`1e&<H2(>(jcD!Czm8XX4c6?w(*i1KVJ%*ORKfZ*<G44;BMEDn_qLsSTV@7
zp+#&(?f^$90qH8?^bD}dAAUT_5m2F84NbH-G?tOIPywW<VOlkOI)pva=!84f@Lb<2
zNAZE3)WrS*gi*M%3yZv}2WzfG4JV}ZCuBgO0e=mHz?$mPkIJFQ;Y1WYLeo)y=nq2S
zpN9w}Nyzb+YDJ20a=s(xZJOT6NG({Pk5e0l?6shiKgS8C6%onBxR9a3!%tL8ZC>*G
z$Q?ATN`sOPKvph>UuG?OoU$Zi-NZO$*&8l|t@2!nXO(miB;D`Pqr*py|NE>thYyeB
zIDbB<IbatQjiQg{ilj!&-$Tnp%B4yv$}t$!EvcxMDI>GubVEE0WDSsM4p!Xl{1?r!
z^dG5mX0y)V&wJi~z@1Y$S&#`scBYmL%+#*~Yy0z(_Ybpr{KrpdV3)Gv+ToO3JwskM
z-nLLnT9=w!tyn{W+<(k<4Q;5wAzBue^?wcnVAs$Iq8_19;%`cNt+5KR(>xf-IYgBu
zLK+zamQf@OA6pDmk^nSi`>4<yc&sF|I2~HK2&ugLD=OJ7f%_6VIU))3XUY1>4s&KV
zz!{`1p-DuW)}9Fiz%5tAjSS0pr7}1F(q*qo%mp1&(US0{mvPJ&Z-f@jfa8x>MSp#y
zTs7#nwRDE>F&>f6k#a`0p0f&lVSgpoLWn~FD=FaKj(l7s4$3|cslHUvWm>$ia(gm{
z;LBzce!puXV|D3WNB#|+=K#gTKJClzl5W;|{bWlPpv3+`#yz!~goPEkRAIK^FfN^&
zxYXChP6GpP7!DbKPiI3~jmz;bmw)V2gIpzLJsWXC2i7Gs+r_V#Q+DAcQ2K7E4>nj;
zWj@J|kVR_N852hvT2zv6mr$$DMrSFRt$F+_TmqclGGRR&D+&fTS#O0;<+7RZX*ooT
z6C&Z3NMVIAheXG}Q(=S1A_1}`w`CQe9Fv0!!YG_zK<qa8|H6pZqllezY<~?X;SCU5
zIm}9ATrLLVqdTZaawxofgD9oMsYzMN2OCh)Rz~&cAot4%Io&Ig_0daDugd2j(j-h7
z-64ak)N4XYQ~_847id%f6b%@7LbC45U!g(Zt$~cZmSzCfiH8kQ5g=DYQo0m4imc%Y
z>~k{^XMx9W2MEisN|^$8+JB7$avUQtx+W)Wx;R9Fmktg+VnGIw=u7fl!=PG>c@qIA
zW#d4<FZJp$m=B%zkuPm}2Pp0;g+8B>9UN<W$CePFQMe|NQF~YvgyIuT7e!(`uY<|+
z@l{{Id0onvoLHOno8Nx5>>QK#Kcx|VEWBY5)!Ha*D)$w7F;173SAV>-U#;KAzj)2W
zd)`7wZsD?@7dxy-`=3#S<7NJ~<bCTc4dC@Jd4Hv!e{+ebLdIIS1XiKP%75)_rBwpj
ze^(>lWvr}Xqq!A9k$3cX?Pr^i&CNL2Fw!CI1r?6GG<&-wg($PHiu?&4<R^nFF;SS8
zyqe`p-0-EQgvdUuD1T&yuQ?%XbXj#y2(5WY)Ay`FP7@5|I*dTiPJ>fGPg=99b?^zn
zj;_voZt`2BgW|Wg<MH#S15<n23UDQmU^V;Lc5GwY4IHzE<KQDXm;;pE1{#umE1AD$
z)fK5%Ff1Zg!q#4-<S3QO2(}G`2Wd@%6;bh_u^N_5AxOw5=zop<Q2>Np+}6k?-j9HQ
zHLVmcd&-Mii`57<e=LB^AE(00AOBbdDZGHDs-6u8q9H~)A*`4h+p<ij=F;=h#(L2$
zQRAnre$WRA_}h)`o!8;aojSu2^jPn!4&~s8zqo)XTjak?c+1c0f303xDdhgK1Z-&w
z2(O?0;YaXbYJVQRba~W+ca~NE*c}8RN*)iDR3g6iV>ZwO{=bV2$Ci?z`cCoxH!=J2
zrUB3wUv$R>X3I}Bo1{2&qcBHWm#PG%MD)nAivI(*g@*Vz`A|R?z<3TaRHSGyVJ!u_
z@GB})Mp4r7pmX4700%c~hdQcduZ$V0M`FC%L}mi?7JrD1TUYs8%4=DmGQWC3rx$xm
z&1Q3HWjfJ$&T@qJXK%d@#i6;2qz3<&SkpV^PCIg4fru-45D*@Pphs63Q4TyduVC>t
zX*Q0?Bf<;(G>pg^n*u$8xx|ykq9_U?G|wR-51aH3i~-hDbv5>Hl7PIZ8x2yTvaXJY
zBX1DPW`B#m<HScz9LQT<I(W6ew9=3Q=Iqa*0=YyO(#{*`yYVXUK~$sX$CBS&Z|uE9
zUFiW9$}wK;9t=!W_fCoa_=UI~SW1?=ySu#eN93<8TtmO$5Bq<<IzBjhb9VGdb4>RC
z+}z!0=lwr7*EhBo{-00rIf#ejgmh`kofV9ocpPCc#41Rq9Y7?n<G+Vd<a;L=s@qYR
zX;qg9+`yB+Y8rok%p`dIzy}f?pmq?$R&K*Cx-4Pdkl=>0#AXz}NY)uj#0t!U#%|hZ
z!DCSa)>xAdMtlcDAE37#;OVpYI=cfB(!vF8<QJp@nDPq~+Hxh;rxm$5u$|*bV}u$y
z5W<1t0JT|Rbs6d(c`$n>UumU~g$X-kVs?(^|4E(kX~BP+?t)8Jn%^hu;L7KqA-7~m
zw_ASLGcM_IfbKbH*TDl9jdPC^>0xM%y}up?cxIW;<Wt=Za8MZP1ET-Y$6j~^{N6sR
z#E-~9fYi=3J}jHUMDr7qGaQfgI_{!?@9WdA=nxJVuu$tDG>nVbCB_1SYe<6lnvP_f
zjs!s6q?CXA3FT6*G>-WJ1maUXCUZ)1Vt&hL%x5_nbtr6XxguslGgIoAzEeVV{-*xj
z!+3padu2^rfCCIcCHFkzwlo^BJuEQ3rYi7UO^?B7=;^?<GZozH2TzWVaV9l=io^MO
zpu*YFN$=1}=k7iad#D+`7MRG`8Tx}V4WST`zi|s1d6!0hg=LQt?<bRCY$bnHt!~D%
zDaAZ5czJvjMQmd^3sduNtmb%5`5rz0R@q1xccXK50us)u0-L`7G3<}}ly+s1X&)HW
zeh0KYh8uYd=x-QbI}l96iNkw}g83kesMaI9`dd~nS^*h}Zi6x5KlQ|5TlVd@*J)eM
zJ1)C?8CRP-_sl~h*bp0X5l3m^Ehwj0c0m~EJSuQ7=o=9QnGNsQiik$vT9lD41{qaA
zgTE&~LtGX*1W#U?)<a?QQZQ*V$vpAt(hed&?BfYBQnzr5%xs<6kh^rS%Q7l~4dO$X
zCf_ua@@a#s679LFaxtyScyzNvlWuJqe_W%T2(9giK~&-^0kJ%e84CcDR$7K4n;@3*
zrQ%$0W7pT5E1pt0_z2kYCJ^VrlKVr-;D9s1Ea^2NGZ{<_YiRw-QS{uGhC$%lVg8|j
z+6)XUz9tlG6?i|qdFTBQ3`p&mXP@31_Gwi&euaLwi3~TrXWR7L$1{m@ePp0Qf6q;v
zlh~3m`P?VQnVl{K18X9odc1k&Me>kc*gL=69QGcP1vAmPfIhHV$if3W2Qw#siAM<Z
z%g~hnLdJ0=5A!+3(RW$L;A4<<LU!n5{G`ZLn7U`ee%)4Q%KBiIp`>6sDu*#eFo`34
zAZkeYid8>!zM+~}>}k@12@TA^f3puq31H|TRaLfSxUS}>X+hE#7sZFL?5}tn337)C
zO2o2A;UxTTA_o-KFC&r>Nrkz1oR`VJ2~^2#dd<8?Ln$P_D)DJ-8Hi})U5FqBqby&o
zAluDVy>TF;^1BYN;lPG)8>GV6UjNq>0Sz_MC?jnuWwPq|37dMa0Ez)Pe~=P616wOZ
zBN4nvr6>6Tu?fcn9cUFJwg8;UzX=49PlCgs0V0M?-tYhzazxBR)NS5{h)j}r>_^$S
zd7T8os^V)0&EO+CS)rS?JQRyg@tvb3Ho{Z~2&3#@hgGl`9+xeaMo=qbt8RcH1uL3H
zO+&a8Zog_GNmlWJS$yBBe;$cm+!z5R9Y*N<0Sme&p1F%TDoM8D=o5XtR3b4(xBM*C
z<2YDTJ1S6VPS`oWYkUHJ8lt@&LERzxjCss>N~`O876bS1#QAFy%O~nkMhy?S<G}5&
z@}VHX5Ne^k_UWTZMvx;I?&dY^s3IA9z=@<|10~NRSOk0JA0ivce?8GzK%rR%Kn|NY
zlNXBlnCSeHKpc`{;U3H)Fmp%Tm**7dS+0qXw@*hBa1sts3U+(J?4)HtL3ZaJvD(ol
zzC6WHkb^KiGViPdU_NDc#2M->YDZ*t&gR#lTIaF0M%r&;J4K%KLPW0S({6G7VH7$>
zbhSav2<mQ<d#@lCf0$L+3&`+hH13l9@Q844h!g!Q7zs`K>V?bdkSwSjQe2XC4Hg!;
z76NUeWc-3;nMnQ;+TLU?l>-f#730#rL>h1jd){)mf~b!b6~u)LdJ2;+J<u_#C|p!x
z3*-5znJ$FkN|`dH5}DWnSgKBcSxm_oiYAyM_tx}a^5#~oe~ov_afjwf@d64Lu6z|h
z^g%D&NlR{NU^mb~zBnWeGLMVrDIluc=M<h#S9L-Z`BQBtif>|;s_h4lr)thaqR4cJ
z5vN1~h#zayx}%7(^Of0nX0wIGcHmh92X>|fKCSnVEyA0#*MWG}sTnO46!je<hvD)G
zsye+m)FEh|e}!bqwHJJ2z9oEWWuvf2YHd8;GTMFAW<bu|SV8bB(@+#O6QsTyqAOOG
ziJh;kr#Y%kKC0~&hPc8$VRZ!ARs2PwTBWwW#{4ef@M#r!A%G<87T%D%n9_KHpvQ!V
zFhM%HMvjSU@-nO`t$+ao^FvYku>|<M?7o4ToA3QFf5AlMW$-S#4`g@-lBJTwO&jw6
zqN4rfa)(r4l7o5iooYpNH}0TcA+y8RKBrq><$rYpUnIap&;&yCEs*m8d7^KiCdlUh
zXzVj(6y8LEX|uI~|Jh_}51`LBM%_t?E+wSP84j^LGNGF-iJVPC%DWfhgV{vB^UxwS
z1Vb!6f1%(cE8CAEhai=bpAwCNE#Si$muW}|)+m6UH0T~PN36xAueClMI7akJy|Pq<
zqQX(Y?~*?3O+DDR6az!TVdw&Qe!)U%ugl*%(nI`ipujIEpPR3&7vE_u?wE|A@fB)T
z$fI*Ou2`^yx}Yy(f5@Cvgo3Zaw<?PvE4B2Ne}L@eaCeCUauYec{B7s-oO0vGgb{5F
zSa#oe{W$vGS)76JWVwEHC#0Lb3i8U|G8obX4X}r;jka)In@@bgjXT1eS6DdQ)r4y*
zRpDz5B3+7~#$4--WnSuz3QMXWJs6<iON<fvRNSC)-S#&j)+5dIa4@Cw+C*Ebx04e(
ze-zwUmqjbiZ?c43I8bYg2`TAi7;9$I6P_)3cxT*yRYfaw&3jUPY$>M9kfJ#c3(gr8
zQ`t<ZALPQfIqivXUd9F^=x-K5-;w0xJk?<eI-+zV=3Jc~Y9@7<77HO~=^hZt><ITc
z-pA#4a<`)Nkjhq<)5m%eW@j%;IgQ)Ae{8-Z4<|85r2Von8@k1lx;Y6->`SZK;ao-)
zdSjtUyxLhzRjck^nZHTRO=PzG6cs_dQU)?GZi$D5`AG+DNBV1k(+XefT>GeuP<rEx
zDy(po1fcq(gvk7C9Aj~LS{G{_2ED?HRTD&Sk$6YRab4JDk1&+D+~<URDhKQdf4{Dt
zEA!oGB39%&&+SNyRV5<ozbU~H$SP=IhEZXc$cC_5(dhD1O<1E)(*CYk*`=kHYUy)!
ziLnc6+J9HSFWf$FxNLudNZH(^=qbIuE_>qjgYMY-Fu+uq*OH+G9#N+=N_^m1Q#y9w
zsP~yGRF7-l2p8vgt$9?^i&0UHe}UbIK;`+wiWc~ow189MnA4L)t%64|!9$;l)6=Qy
z-06U$Z%nFW`_;Onuk`R*-plw7eT`QQ1&Q%BkcI<xM)(Ym;wtF*(X}cPl6kTEO5bWu
z__LTV(()mTeU--1h|)k&;tb{1$hty7M}_U1ov&7H9nlS)E2A!$Sojb0e|t52fv8V?
z^i$)qq%`pLSW@6PDkj!wh=8l-gvT*TWSW9TFDFjcyh+9exK7%Nq3J5Aj=_RjG%b5}
zwB5+ocv&ybL?5tzjz{|2C<)Up=f&nEE5`#XGxq`0szc8FjjrY+=F(3o1A&$(kFO;y
z3hF2&l>wfkU~!w|S=Q51e@3LCD3hg5q{tsBsa?gMcX^E|uMrcXbxAkhAeN?!fKGC*
zS~sz)8dCSjP?0Cil?$9~!6puk3=WE8752#7jH02aHfwkyCHSNmMePQFmmTM-M4w^g
zcT~a~%#oywxdbJuHg-f?wpqxu^3ckZhDU-_wfmCVT@sVuhdcoTObg~rSNUa>EWJTg
zSPB0~%PB@ytZlwadf~bN?_%)A2UL)9>NN@f#DQqlq|^kcle{||rp5rd-I8QXm5N$T
zW=R7pF>YCqtFIki8<W9y8U<kcB}`b8;C2=(t1vEQdZHrCgDi{+2u%2pk4V@;N~wiT
z>mjpU`gl?%3amm~)j-Zhm3VNIA$J%PK~o)7hb>9kXiyNcsAwXNv$O7#Om`d;@^R-+
znl>&}(B6INzG=H*kWSo_dv`AnoB8ukcqPNkY!lZ*4|SuHxpyoa#z+fpsFmLl;~u3O
z50a+%kH|y9n63nnxO}~WlL2@a3DwHy4~I$TJyw$;coP@Tx3L~w%w~(jJOkv2L;^B6
z)g3wYw%L<QcqTAcK_D-TGN(mj+a^UXNkGmSuLO@Oa5YLpwKYDCbd=npNz(cS&Si(x
z2EuFMnfxS^p?Dl1BCyuHobc5jLadr05~AdLLMJ6L84^>&v={*0(zvcFliheLe?e0o
z0Ohwlr@(g%W5Th3@BBbXHJFw91*9#NqgPD+N>;5}q4rO~;m$ZoLz&we-AN!D!8;ab
zF<~%S09qz}6tl(FV_QM&Gm;!AsHRi*V$4}=8Y6{&5)Az?QRXoU50zxCoNUzrC4JK%
z38#ST$Y~ryeNwc;pjU~BBxBREe{ERCz-bKiFWqp+RUjm*WDydXt0Okg`q3;8Ab;1k
zo#RZelpsN%|Bkv1fUbr~XVhoKg5ogbC-zr@gCodPt~wbeadA}*gWv|_IkaM~tZF|V
zV?JRQ9)6}dQB(PcaVCe@VSLMcXVE;XtY`{zVTQ|4B^N<ZumnKmqGX(ve<Vu;y)<~|
z@D?J@stA|JRzSSDu8(={lx38F0mOaS6?xpKCtCVGRadT1niAg)FAcB+{H1h87>J0h
z>ndyS(kvbhq1P(W=Mm*-0yaw$M)yHh9}PM@yqN37KbC|ex)w^Hm2{lN(*j6OhcrQR
zHDqa*`*4snE8c^ydbBJLf9XnZEF19P@**M!#I&s1&_s$}<#5Oen2juZO{GY&elvQe
z0ns4!OE>^=b}Vu@d0r~U1_#s*0v5cvIw8y6=SBXVmUvQLx>+n^9OTk$`57Ig#q~U5
zi-ITqSM0~;Zq~q$Mi(UzBnnDOzMzJ3rF>&FQpZFnvGD>Qu;Q%ff6eZbPE0dfRB1}`
zsXJs!4E9$ErLbm&kWQ02N-_n6zO#F)R1jiX4rayFX6#Q)Ibjmq^bj!{3bJ?#SLihh
z7_TAhmmIWSBtrp(-Wmlp+)b)7dpm1zD5*~Js!Yk45e=?4YsS}2xn35MQc|V%bQ&wm
z^M~dq=t-C_@+~;Be-tI0h|Ojm87bIYCS1xlE$=m8SzvVhK@g8vSLj%&9YcJe)1VqI
z3b)aLqfpNE>4-|OVJtw#te1q1AfruOr`l%0xB&m`1yNT7?9m{=_uC1Wy6b17yX(71
z0`<-Z3~|;Ia@;&b{YT`+jNM{Lgd1=bGR*erBv{6*<PUB}4wyDnMQ><VPrV`{p~=XT
z5PTdJz2kwbUBc<dHh@uZr<*8eU=^A6y^}$F83B@$TYN4U!C(lOs_|fiMH*XlJleky
zCn!6p5=-Wclc9Vv0j-nNd?f*Kllpu>8^VXbWm|>OKe99?2D;5+%`}%ro-5kyV}bMR
zlU0350_2sGpnV(-*4FyG8cL)GQ>?+{Ym>=+9e+V1Z~4jh!Xz9-LY8&KQcnWob!3-M
z1s-nU{Wo+L*%eg-)Y7!;*e6rs1hd^4wBQ@fowlxayS6ta8%Hx^W2LNY%51EoA}rYX
z4q#{YNY+`QDL0}tuO4@m-HEQlffWom1?mXi7I`E-!H4rdU{w|b@yD5CO8vi`&F$?%
z{eQomMg6ZQ`J5k}onIWk-v8m~KflfA^Z()P+aF#XT^yVq9Ui?oKi+?JR%p}uTMFFs
z!K=6L4$lsMyf}D!dUSDe`u4w%4$hsn-Qc#lv9+_^-fBF<qP!{rua8AmZz4(c+4O?e
zjg|gdr8VmL%>acx5OUL?*-cuQ)3ULDaDQ-ga=!oO;OGK(0gJP<q(4KPjS>o_QMamP
z@XW2oyEn(@-0|Z3<5%ZLr~mow^VZkT8)kveIj5IeYChk(r1@sDfVyOzR{ho6gZ)<*
z#r09TBb>l)O>9}?$KyAL7YDE2oxwsb-t512u0wbE@Io^q+~da=XBY2}PS1|tzJGxZ
z?bgOlYZF^@6eti6ydN(G(Czy~eC$-YEkNMBnYGiS{lnKst-eHPqN592kwLQN#!Vh%
zuklC9O~rpTZ@9L*%FgZmS^dSoGk7#`iYAq(fbRe07NDS_2buTPvVp`EDoe3^@b2{R
z_;h7*WeU|wCc%5Q=AhCFGy~R1xPSFjWd&1B!JU_2g(fdR$BJiq*?IhFTI{#y=@sz5
zY-q$Uqyd-d(B1I1O2G?5s(w5YXuOGId?hN)Fo+OcQD)uxXyie4Ya=)7UL(8?e({#S
zS}upjl~siAmBt@Ql>oDhhE0MpYvBO`tb3eQC;2}ce{2R`5odh+)jx_~{(mOTOECxZ
zDE(e_`tjX&M+a};e1H7Ix7MAsFctqAr{<T2TsvBLxQl~h7&!kGk9p_08*!oHf65Wr
z=Q05K2d}P+UgPoDDG?wUtX07Qz87hj2hLA@nzQX(7T;6|4mNIdS5vpHn|^MapBa>9
zJ0-nO`<zH1%FrK?WSM+<o`3wahaN2SP=<Jk*36YE;^)pev{_hn-n}(jIJk{J1l@*<
z6b3V4g_}+kkGfnPoa#vdIZ>Hxo2saIv-u$yHxU(=-;F$!KQdx%X8sWW8}?PrfVHpw
zkzc@X6{n_8R~?-NclSOu1I5KdD_rN^ybk4$`hk$EhUXS2v43X6Lx1zuPZaL2hG=Sq
z<6U&3kn)jwO?0|yQr(W*AU{n7aH1Y*o=2=OWbuG=SY^-Nxa#HX0GF(_Z4M7L?OEx{
zT!zfSbTkAmN`^_jU$O8f!00dD(*OGE9|flDx39ih!rYkuQ~Jtc)G82F2z|$&@wf*d
zO7F=?7PH3qr%4*QvXkF|9DgyRg*3~iVCqE%5Iix5f#vU=W0Iz7tCQ9a2ej8{v`${W
zee;(+&tV@6ERbQBbh)V_K6AjxeYRG!!h0={txqj%eTE;F|26ynD057a|2H?<n|b+#
z-9vOHU9<+^*tTu6W81dVvF+rGZQC|Gw$ZWebZqP9zw6HLs3x^)cB;<VwfFM^ew(`!
ze+vwsWayzj0)-5UAIxlT=P0Pp^37BLeLb#tBUS;$(j1NWN(1~C-qgFJjENl-&_Q}{
za7;`301S2DUn@ualC4@@8ejL3H2cwNKJ)Rs_^w|J(&~=%r<St(dR4&~W!m`zj{m}b
zufPqa+@=C~XGH2%YGP^Z?vI5oo)<L@Gm%VMfuiChVzd?Wr24{gB8L>e#9MJrtVXz!
z&WT{1&z9>t_W-1zK~!`mN1@_yFYn|BjpUrwSla{4X!XHbm?vjb)|m+iZ4s3za1s0T
ztGj`!&XCj4;1hKdjYgC-Q7z#Y^i+u35E-e|t2FEHvp-wM`r@*r#?5-qK0g|(cX!q!
ze~oCCNZ!8HZyOb99wN9>Xi=o>Rp&W|xdiI61i{=V!UBMgMT9!3a~gKF)RKOZuP3-Q
zex*ArD(i}GB)a;i<T+dw)a|t>xBgw8&g=Qo?r9jY{V^qWA?qs6Ipf`dO}%Av&|uXm
z8Bj(-iCbY>ok(XLWR8fjDO6#ky4PuIdC4MlXWfIshG~7mLIO_DR9nQJ<i?z;SX62f
zTflU>RRQ_?3HlRV8eXnr)lMj$*sqB)1%+Y4c;GR0vWz$l=HgAjVwGMe(s>-I4|y_&
zi2l>soN(Sk(QA4-%OYC9CfqGDAU2E|-SJiKxt!PG=K{{MCY7^674;WrV+Wa*%74@F
z?hD!Mb_WTqJzzRgt=Z%H8Cx7Nb@xO%o{Ng_wE+#xP&BBx++<>ZYAbm&=Zj$PXDDB9
z*kL{l=d9WetQiQHTDeMZ0GE$7Zn57Rme&__FTG_ihL0dTpdS3M&#c!Mhc^JWVf77O
zik5qJ!zaE62n*%2Yx6*xS$m2-lBjUEYO4Zea8mRWWxAC9#10C4fB0>XhaBPub{yS8
z5P*!PRs81tSW$IBCEh`tv9h5(X2|n%R|#30P;W4^Ixn{2Dxsnjky=TMF|axP98?D4
z#T5$0mK}$L#vY2YDwbb7zJL#gd+3v!wMeNU=t}mJG8b%!hwC`@16f3!NoGObWB$>)
ztv5YB>Hbqu^>ZFke2`>pL(-02wLLw3J>c&8{a_a`X~8kWMX~?=<ElKpG3<Z;fYvoJ
zPhPk;-#?<kG04wS3Y$cs_Z`;g1$z<9ZbX6-wUmg}`j|17!JBCnb-mAbm8~^9(~)w5
z>0<aOr6K5l&S7)uDJKyA)@Dxr%29MaRak(`b4A&bw<4FbIh6HAAJzQusc3uz*dNjE
zuko8j^yY2K>L;@jj_|}>bKoN9u9;_g<aazqLt3u~c{rg+7@6~`c$<sqhWzomKV#iP
zdPom_@LP8ULIw<h%i1V?o|92U?&C553Gk4~>0BkB>K7Qku{C96#<}K6J-YnN!S~W@
zEi11ezTNK9d9XZ~qu1xXg8AhF5Dr-jP^`FMO}-z$+MZGX=%V*so6x9*6$~(q3!Kvk
zgNK&88p(Z9ZzilXHE+N=!~*P|a~NmqlCIoX=LD=lO;^mc10xFT9#u1RE~Z!t=Eg1u
zj5kmO0gW-C>GYp;BJLAer#AhhB2GKsFLwD0UVg?DA)_CgZOLJZ%ez(p)xREcCs&gr
z*%Umo05h*1DJb`W3XC1OQ|>Zp{DtC}MkPuaOy^@2D@kPMeOU8UjAND^I_3TgRKDFD
zQLOyR<_HDX&P2DpF31ZH##k%KgY>iyi16>v!{4>xZa+$WI%uwyLnLCRXSg5gR#^@!
zzAMw%M+G8wlkITP1@aT%4Tvgli0-e>Ku4*vLeoKlrR>@~ki(v;xQ%+~B{Fz@h|PG+
z39(LL)2S9xg6~BhVj_!SV&bdFyzIs^n##iq&@)nSXvDfAP22~Y@4>S<(Uw{iJ?=I;
z3&U!lM5bpy#+1=KWLM$o`fkNomyKow$=V4~Vu;nsPw4#NGq69v8CRmn?*^yNo%=#o
z5mL55GATNssRG2KAa4!__Xwb6ZD5>M;Hi^guC~3X0&Vn9mivJRv9R~dfIR9e9elhm
z?x)n%yHRrtel2z^RpJct3~Rv!Z3cA2{YG+m&3-~kSULzU-NOGYS`n1dJk7pIMBp#q
zM8yZU5CNMBtZoJnq@Or)*d8;joD~4g&4EF8o`p-Q`diTEz`sO$1}BkB_H4;k#k4_f
zmMN2G(c?D@7})B!QRwJ2T!nqp4Ech7E<f>^&oPc+k5=(qUqhf$Jyppf35qj%a&y2j
z8GrFk?LWr_Ekl8N%orw!XkQ;ha3(L)3}@pSsTOJ_x7h<MhWJjaOCO|ssgAwmEzh#U
zGCsE}o+>T#+%|3dWPBp{k1ovle0R>}>xA|DApH#^ms1U#cKw6c|8hzp0}Z*HX&;+;
zqfoZ{73f1xpdw89cV%w(m+U@psP_-I!bMAKK3B74Z8&$VaJ%2OQt`0Q=8bBCRm^LC
zG%zr38ha1${nbo(MW{JeM18zCBQSqREWxx?^{vn7So!?bEq)29+50)3o-%V@+AQr^
z`T4DH;Yl$Q$dwMB8>n>5b=;6urg_P9MG$JqQn-oupXAIwz;BjKlwmX^9d$-|%bKq&
z%-Z#!UFApCX@_F?r?WNar`7d*#65`Xo}fwmr&mcwHH)ioAC}c|3WfNV%kC7oS%eo6
z<B9qFzMQiA=9bEj;IywS<kE*i)emE5xZP8a_f9^P`R4hciMRulK#`oOTJ^c)`kbNd
zZ1@%~GiW&LkwRs4O_jIfRTnPbZ~2t(D7Y!=cZen7J`jJAMN-~9EO7SBJg(}^z?Zod
zl@%cQ+qARQ0iklB@>?rghkqf8w&lik@B)tD3Dqjg_wL;f-#u^4>5-?@TZvEOkkLfL
zbt#|K#<~Mqp2N4x_fbhW%R*sA?!>qO{`*VykC8Z0an}1uBSKNw5b=#T$Cp5jP}#Zp
zS70C-#fPxNWnds3mE;i?EQ~RLfZ89!c@9v9-La?`j)o_+D)1xA^l>zC*Gxgy8K;zp
z&`hWVwecRVI}S9(8bqb@l>)>$+I%aULMxbzHatIw%m3`4AN$4gyqgdI@?rLK?U1e}
zqXW<Y8HG&}22m<AZV&d}E9Du-Y$~;UVkzuv@x~L{@OnTk?y(>y3w^+9o*#6E5&#ef
zE@Ze9MjcE`0=RHWo&r|F(@QM3XRsRd%y)CYO-S~cvj2hQ<UQT*kyD0XI`o(C?2Vj>
z<^8Rv)H;Xj%rwIrocVNH%2^thfA%>1*MW`QH{f*qQ#$K&DO$MJe@;iPb$zc8=X<}m
zWEthRUGg8wi)SlfS}Hoy$^~aX)Bvb}%9@FzcZ||eiTEBTnY`Y6bWlS<IdX9NExPg!
zRAroP>1bXRtv@qcSqQ*1yzS_=SBXu{;+?$P7>63}lBMUP=XBbV!`cTmQGa!Yj1!8Q
z`;9)OC@3C7UV<v9oIoOLU1pTtKpJ5@n47>`F%v8nQQQmpIwY~Sx-F}fAp!c~4%0>m
zrd`@gCNrGormgs)GcaU1_=Y5&(;*A%EP;LFS;@Dzx#I58$f~FRlokX)D%L9`u76r0
zUkezFtWvTHE5K3EO+DnxffEKz3vFJ%2jO780KK(KcJhQt5eBCB6l*>JpJaGw$N3vJ
zUMQtM0>|xHB0sTJR5ERl&I3kwRLFRtPS>=KXHdTNM4Fgo1Dogwa>az0vO|S`B605&
z5=Q;{LHW+6VDI>T9_Y_ONZScw^8l@vfqC|4ekLv7E=!92VVIiQssf&%sjXjyG9kb0
zrQ$LtFRY{vA#$v)IP~=KS#uLzih#oSW6{6)2W{__hii$0MCDy_0W=MN%6<A|zUwe?
z-ZxRAFz_faJ@wotKYcmGn|<v9uQBxSc6>lF?m?%V49=;cm3DJDy5YQRF>_Z0=5r6;
zPD839Yj<emb)~-r`ev;j+?U~J<ZXhjjW2ZLE`IUvxzHVTd9F(xIr86D@7;L!5{e&C
zlI!rE(7hBwoG=HS14c+XcZ<~*@0@pcxTO@U{>%(+_2)Kfvt7r6Cg)nj1yNS}3)%1e
zm?5{eilc~+QKsxyG6sZ!j$VE!*<{SxT-#Ini;en$zsV&0&=7NFTVLMc9K3?raGUI{
zDX9Fa(dzw=Y9;2hVuns(6E(T+qEAO$!z2(nGnwH%{e%n>0f%f+O%HIEldk`LwfTV^
zCj*NK5&mI+#{=o{WQ+&x`Vr7aeaz&&_lOTNI87!h_!JtvbZ5t64DX$^jc}#BStWm~
z$>w?!hyte)(nMk>o$f5sb=>eoZ@`M5o>Eor@!X5O7Lud3s;8d=+f`MpQu2q)48irW
z!JNPgR0|dZSb``We{#+;`?1?oU7o;86uyiTH6!rt3-2ENY{dCc_qzXS+D^{%wSZLb
zWK<UCg0g3pFXvuLo3`Aa;FvM_Zz3w243AQ>S{|8m9)<P7x=STltinxJj2f%%T|s<5
zw~i3@EY8p;hPLPk;DB3NUpyB{r2od}=h4x5`3V&RT)Msk_6&5gHh9hf7WTIG_BJ-Q
z%_|!K|LgV6PQcAFp%Hz^3{?on;eWDT4uJz?%4O;2SBPJ(C*-X|b}&cxl+IPP2jgcm
zCc)6S!x9gHi*}6p_S*Q~w}mwK@UbJNN{)V*P~%BAzvt4XMGZ&(-<}DiL-@}j$XIqs
z<rx5>3!kCh;Lth53X~Z^P=-4`<x9|y<-KzHDz$9IW>@$!5%;t!#dja9>TM(q|ITkV
zKfhDzZnS*b($z#X2~;MCYJ=&m#R9{N^}ZfA??2KGTO`@Bhq%R50(iTjkKKrPAM^m?
zkuD&QX4x&U5ZhkTtmy>*J-+G9CKUuB5C%YY$-&I-#f2;Kfcv)c4BJdf1HWVdc6&=B
zcpVo-zLhCujIH|y673#3Ap9MQgs9@~k$sH}iCY4kV}P<5?5{jZK*2uBb2^((f7VWj
zoFTEyh*LKY^6%ds(df3?ZpmPNP}=IFPZvd8d;z9`cXY7|UdUZicHf~5ku-4DR|)`v
z@k4OOOF!wUezcdvaZOJDPxf*ZtF{Nzzh6yl(BGin7eC}W#3WFKSA5|+EZg6o|5?}L
z{1>Eqy1c@g1W|fF6mUprxx)>|{x$Ry!gMU(Zk+ufL-S$L!GYs$sGuk?#12vE>EOam
z&Nvjzooi>!Mn~#4o72UAq*jx@2OvfVgupj`zxNsJSH&ps+D;ehJavL{N(J4e8J4?>
z1-opRx2Or$*Att~0=xBgRtFk{l~kwmCglfU=X|hn&<qU$NI&Qc2?#k4Rgb$5qRW%F
z6+u`uc?66a$Q6k6Kkp+_qUq(6?^>fE*kR@+SzDTG^RCEf#{NJ1&=MHHBB^841>r!r
z1HP3+)`L*wUoGaX&vE4gmB{XCQ8jMi-%opHkG)L@qJBCWf&EQ0W`@(_)0L4*t5<#d
z)D?MaroAJ3z|PB9rns8K!)r_?&im6m32lnJm}fx_EUXu}1Yf+Og`^loN8p7l-hLc5
z+LYg43&P3&!U&|?*H;QK7-RQ8rGkF>iV+r;D>2gM;}?fI36CDMw#SR>;sFSb$uKeZ
z()6L+(7Vs4pZ6Y;J@HaN()V}%g3z~`Pg3zLeCqnsMai<!FP&jQ#O;_MydEW?v=T)X
z)QX9C<119e_Y=_^<@y<U8UtsPVFe->hcThs0tMPd#eg!cc?bhQhO&;a9G>YyYv@HB
z0|T>viHpf+@$r`>T18U8Y783qU?;ivudi1L+8hBxAP-bKAgn^@zUOmM2T2a`4knlO
zv=Qwa#M*^Q-K`l<<4pNr<%kHWLkKcL*`3%uN7ckqBq<g@E4(XD2*;-bz-*H_1$czo
z!?Q{-pX}}sA(#Qy!MigF^^50MNrIj}tty9gn7GQHn9`_scM$5?t-YAczKn2Q+PBti
zT3%t3Xsi*Z(T7%1fvEgd_342xZy(56tyMa7zbpxV+6Y^qX>C2DE5YT#KVcw|i~0ya
zfSW@@5k4?$z7_lrEQiQmOwlNSbGo!{9#k9^io3VgHCX`J^5BT0VTh_j>#5!3Enve)
z)IL9F=xfqiXvh_`r8r5bFMtFAvoRq)OB)PifB1z25J)~YDcRhjM9j)$qftlepHz_!
zM@qdQVjf`L7IyYuuDa*%peCvhWO7Ys>^RM=c-=7X#Jgc7myeHMiEnpku^f`O=P|aA
zt^)t6{#^dRS9KzvHI`jXB|Q*dZmXalSuaXbl;<lx=C69w%1I80!+IUaW^Mizz^O>N
zy(_?{6jxcHP`WS))K|M?@(b~EEL%35|3r%z?g{`h2mL5QPbf@~GMhp%Eu#j<D`Y`X
zJaW4?yh}L@FEG3hr!Sq?2xI@e6)dc7n5VW8<P!kmzB2_Afj7ay2bb>YpnTxb7-XYZ
z<DgBrQ+Etv(<p0q)+Qc@blD%jUi#wEhujZ7^83yxc_j%e2-rr_E&YcH*~6K8#8@&B
z%bwz^%OZ2PgIl3yiil$}?K@9w$87AyeX%mJ9RIL*eX$qXrK*8(^LezieS;a~$o8Ed
z{G2~EG2t~(th!HZCuJD}R!3JPA=36TP5z+s(&wMO5M>1K*GHq<Zj@==Sf>{YoE_}P
zKMMs6Cgq#MO5B{W{4i$ZEQe$6PJ`!4WE&T+F0vl{q5^!3gn}{6es@Y+z{2NiP4j$1
zMY8^Xp<|Bk%LCCk;Qirgt{7o8wfbOkZY=<s{%G&-Wg$sVn2=N(y@Z0qlEgYaVbBD6
zwX+@PpU59CIENMK8SF2p8`q9C+))`?H0X|nFC(CqS1?>14Vgn`VL~8y@DbnF%D)qV
z=~40u3?^y%?w0<UrD!t86MvZ0pMgsWD;G=0i9Q9Lw|U`D4WnZu=m51!KPT&$&+7rS
z(Z!2~n;c^)JB5s-Rd?1dD7Jk^6(m!o12<koh`dJO&L5drlb^(^A5KTyL525LuP%4t
zdPeK$q$FtGDo?EBE>vsPbyAM$_Y>2^LH`=kTjsvf2vULlLRAw59#D&}6t5ZO;(FTt
zZAxtt;5nNYSe3?EKEDf;F5!3rS{VY+)FlHKL^NF22fcGAO{(=xIf6_Ku^e{bPaBid
zYiz3%m!R(l`{IJG-LnKn>>erk$b`xQeY@USQEbFT`d)qbQ7wk$kSKG8l!B`tSh<=h
z>H^A|9aAy>*g^Qaq6t{4T`belf@TQ>OZ+?V2CJwF%I4FzE;~WAL*jW0&wB-U@Hx@>
zlcq4=R;`d8;z4o<+(zK9lJqZRLtetE&&sBEDr7yx`0@rHN^+k;V55Ymy4oy{UwBFo
ze#)0lPYsJmdtRyFbK_P(`?Uf~EEhgv5$lO-Kv3j#XhEFe4#173nRN&u^lZ`kB`&0}
zN}6+y@vd*{YCvk0Z`V#Mzs3Q=VF=jE@Ri83n!wsbedD6Z`!<+^O7mc*r(jHQlMtZ;
zU`1K~wxY?4edhZo25D5=^Mzz)X><I;4$0MEDSVFm;SAbZE>0Xlv(t`La`>-L{3Nb(
zhv819wQI-A@^DqH?=7c_;zXLO<8uvq?7av<1i5~S4wbfD;+7(R5R?G0y%9|Z0bjZ3
zpx$rSrO$Bytl=RP`Zlp!A^pks%T@}@n1>16H(h_zh8QGK@J88x0pMVZ{SE3&7VTbB
z1#`doHG(&Vv}aOqSZ9KHK^U20P}8R%H}fDpoDhI+?a3eW{Di=p_w?tx>fOn&zId73
zx$YbkCBUZ{2Ju*T&!qu2e4it_st5Wjx;H-5so!u8AF^qxLszJF7Tjht2aj5e<HD&|
z@JqrScXgj6$6_0)rOKs&B^{1nj3E!ny`byUimU-UM^nGc(^4Bkr97f`fIJ5t<0BSY
zJ}kSUQ&}29i#7;f#a9c{PlfD&rRNAhd$S5X2#QJy4;n80KfnNQ7A8d@%9w<^hh{`Y
zuemSP1^L3dZFp(95ML17VQ8%R)PgAVt3Z6`^-mUSkvMK2*Wy28ruB}5VtF|=6n(68
z73Vp4-9I^GGnbK_RD2WtJ*lxiXeIU#Lah&7r|$2Mb6jQgf3zMYEGaN(U6WVZWeED-
z`<FmHBWEoK2`vDf`TS*6V0-xHws**sHVXr{{9yfx#6aDSu@gu-p>OILK>xxG>9m0|
znSlgfc1S*v#8sHW%seL%B|-OE%$6@y3U2B8bi~Nm;kYlHMc{zC=!qUJ2p<;G^~<6c
z)TV_rilV#dYm*6>KX|zL^t^+B<`VM4VZ+vk2)IX^xuF4s4Hu!k!2&pecdL*AF5V73
z;zkg3LC38_9FstW%V59mAOtSbqTYgJl(49=;hz>bZh<CAtzl!n_QJ>r;Gg3cth>!I
zMQX4*pgXtgyb_<@-nbon-FDomxieB+@sBz)b61|TP~r~O`N2)4#RyRFW#o5Df%)wM
zi<%FbzL%wQkIcpUI3DT-s6-8XVD;RSJS;vVe6GK$G~gKl#nG61)zCWg{#Nub04tdi
zHcvC(A_RG;gp3Blhw<gkhVFar#T~a$(hsX{#w4^XR=}wH4t`D#7q<X+CnpcLFTlsa
z<@WA!?KRhY&iiOIZQIS`^nGQee4Kz*gGrtC96bC!#Y27%79NNmNL3fS7B!_!UI_Cc
z{tiu~PoK;284hW{S(Rkch6q}8D^(K3cN6Xrf==*{j=Ca9yU0vDGp)U<hO5K=fso*u
zp^0&4H2^(F<0jik^Cfaq2yCvj9Q=Aux7>ELh~%?rs?<b?Gt5`Bh?}0gi~2iIgk>Sm
z)l0}d_)2(caB@Y0P|CfI?g8#?D68GL`VEat>z+D|^Z5)qej!wqddlB}=!z3QT*L~w
z`{lB=tE}w_Z_D{m?yDSWj8I9}&Ah*l4JA!18*mW1ZmbF%+E;e<_i)c2_&*0>f&C)t
z`)8DpO$BC56hU3gq!t^CgMkv{lr_lHw2RU^Wnwb)_K=S#TkVOMQiTf#9f@ZFxBL68
zCW3-qGwdXjd_4t7^bCm-?oLjuV|<f{e_D;%*JR&?$I)|8z1!LyU&mvfLZ6?(@e=zB
zu#zC9i#)d;S_owNl_FKvdh+^tHH|S5=tfCzlr5?6R~HoVDsx>G-?8&zJw;?T6<lzN
zG&dakwZwM9Km49z%4`O4UxkHG<hVp4og&+X9S}Ld57SlwG}03a-a=+w-MB<0O--fB
zco-c<M~9a|S5hibeJC}KVvijx%$Ao3ShERk7SSXl;=WKv5FX6>?L#UdkXzFir`}w1
zz~oVl&lu9V!om$|GpN#Q!MK7$M5I^s=<|9?&Zz!KQ``@VK}xDxXSu`bS{m><D!ee@
z(;!#~KkFiP7{rjAjWinnjh%R18E!*0l@E?O#tYIW0JX0KbK{sZ<ck>85)dN`7+LOm
zfIGM{s@-ilrkV6Z?b=NZTFz~)5FK8KqD+uA(uhi7RcOhKy0hfOg{>@jJe$Jor77iz
zjeqx$D9j%od?TC@AD8o|JMUfJ;pSoLEkNDMb+<xXwqRm75o$@Jr*o-jANpFU&1z)x
zupgzeNWvNQ1Jf(YG|mlSgSyECFn9^EiRO*lU@>2blGX6x+kz`^W4>iP-y^^E0=t1%
zpbq+cPmKOGA}l^JzG>-3w4sOXuq<kp4r&l_N&_HskquK|^%Rsva8iUP)2!kHBMas_
zLih{7LYMM+5AOH0@e%C;SEwtNEaSUsQlu$KWjN#RzegcAunG+sBNjFRfS)dY)w9EC
zFyR^2m6V|GmClJn4;D=X#C;^cE~{RRayPi0he(L>CUGKuCV}x&XXhLHp()pL%DK?)
zVd}Z*pJ;E9`6l0qQWH3U&^AIzpw;ax`XlG+=q@7C(`(5Li!`(0JZsgk1K&2u+y(V*
zRfOkjKj@<S{5b>HDl2ILAl_kd&xH%O?_Ti)2*G|dW+)SnpAWFRvWOgFMITMIEKc5`
z$?Z8<&vac!M|}~c&bbKKUWm7(?1a$&GIPUYbWS)v@Pplu8K~u?E?-+y!z(J`orL0F
z8`Z_lupk=|&6Vce&!IIi__&=q{4+0ElACQv+pJbf=fPt=quI0!Ky$%O{MKNGguxr!
z=qF|h)QW#zP|6kJ2#1eOOFW0L7p^)!t7LPe->+ah7alSluNLK^sPX#Oy6DiIn#wOB
z_m_D^;dc%2Rq*#>2heSyil)GEs5sB$GBQqN8w_k*II4VQJk1?Fy%+=imZ+qgJU-f}
zP{a!JbddXiy4-;hfJ6i+EK~A<V5FfqV1%3)WKgn)sAD&jWiRR2HWi|IS0iCBS<4O(
zDi~^n;q7%^lAUe!S@or%pCX9bDhacG4*}##NSkS<wEn;o+?wF3Iscbe;hgT6t4mmY
zXrrG#?iB96#V6$vlG#o}C#KrD-iOL8NfEuAU2MW1dx?J;keflBX$F%?+{>iX)T{8(
z03PWd*Q-T-A_#u1s+(0oYq{^Mu=KFxNC9Lue1j1Y+O+Q=j^;ZEY^_f?ToRkdoy+UY
z38|}#x~7Pc6LB2?c@%6eiI!{g8&ULXm;0l9I#@T#;HpW9M%HzR?W~pAMI71~g>TBo
zG@QWbP$nA!u%(7wagZ+`!aSRjW;`0qaG!NT#%kpdf!ZQts#Soi8nWq;yqo8Z=dcB*
zNjnFkN`$Cjs|HRuIFPI<Zm{5m;#8zaOQN(q7uM|ZQANKxvB!#PpD+Ibxx{{}FI(W&
zgrNBz&+EF<V^@ypedNyHr)(pUo$WJ8xU64lxd?UxAl)8%%`isEvFAmGdv<_*<wz8J
zYBbdQ#qlrO1~oI&u_nu-w6^Gi1Pb-{!6%hyy1Uv(kIy*S(6w8Je>L#E#Kd&-Q4ZJK
zG2NEYb80z)iS7?3@-RUBR(JisiQggR)PF0)-YKdzP;n5tZ7Q*33@pT`g~pp=O)Sw0
z$F=~;bYa<4#tFo`CDo9<TMzLUzq2Y|#z%c}y%Z2VvQ5bvqHpB<8fK929+~%U`=0JL
zdFh`$C;q6ekI{6lR{d>=H6%;GFsqA3uIY-#YF>|$@(?;`{>U$;#WS#3W-~3^i892r
zF6KL7&^lnB@ETj+&gaS6L<gx)H1fBFkVXa|bfDbE-6*UV2>vF;tsepx1ouphP2AvO
z+Ak`Q+jo#+!@BM~V*1cC@tgasEeT0gr@U&~9dMz-RGYoolv9VmLWSTZ2wn?_O>mh5
zS`W*XT$YOa(jp*@5;jD-`J=>o>TO909fn=>^74x;ugxdCnQ~&GlPnn0Ka>sfF-i`Q
z*ZjK0Y#3J$$}*^_gT93yVGlkSTdhQ-E49^@V#Ed#8)d?&$#6T!At)-YK^DKzQWrCC
z5<@Vojizr@;M5+B6}Lf%kZ=#)<EExCf=ppVV<e_m0uyf%CHsNiTEJpkKF5Y&PQ0vh
zS40fgSloN<km1r-Z)v||?Z(z{^Kl3mDFF7T>fF{|CiMD#vPXdK5RoehWZPy0UO_S`
zAp-46kTzi_j4S?<%(9BHhQ?i-XJ1q+yl8jZu(NGmrgXP<B3(p{<^MJQHaqcA{CIn<
ze_z87^ugMyFMGD|;lWoS^}Srh^9;w4l~ud|YI6N~dhn3jk(C3z*p1ucrf&y0y8_p7
z{-?Mkx-3)cHN3C(>t19U-Yh#wF+(L0Tc31}_}h@Wy`B#`un!YbkUYdAB1_t?5C(6+
zx0w<pJkc*08aHrRE^3Y%?!?=CRG`bpoy3YX`37}RK80a}*=kn#X>aXjF5*gCJ{m1=
z%WiBwr3x~%Ox)<af}aa-n2HvVJ_)v6w-^DEF#uVprkUQ&iKB!{Q}iaZs1izNX^9YP
zgCoeb$BUD7evU(jt%+>P_I?ZWXlWr`=sHchy<DQqd)m-xgl6lj4Saj{N7efL-%Z3A
z(7^o8pOtyXj%C;ns`JmX#lZ*xA8RafxGV)0+d6D0kQrN{TcJJ_e-k2rzEz@=i3s5m
ziQUUHK0?Q7U)S{XJ_SjA*8@!=a<WA|4C8pTv|<gEz|Y$p9b;eQgIbg>+O6Pcp5FWp
zwCl^%2b4CKbE_lj;`N_?22};;KRk<(f$(ALzNy+0zEAh2-+soCkk>3m{I)d$>a0wi
ztq@%XGVZ0TTCOZt%0D&YDm4Y|+U0bh+MJi>Gzvaj_kWv{;;L1t123&SgNc6E;fChE
z0nkqA`9{_T-L;7-Qxz5(dSu43xhbmWTlvsnzmQ^DpgqmLiBi_Yzfo7$&+}QYM1@ed
zR>rVxjE6xvV_egGs>TX`ge_uQ4EJK$Z-2dMrfaNOT`;lNd$<k2G3n9$2hi^n)yY5{
zhFim3U*ZgW9XbVh8w`O@!G?^~)}lVk7xx2EU_)p0(Q-TNL;zRgfpnd}Gu&P)s}FE$
z;KVLx%wFY9R@4ey*|XxPR?eqfgWXHb9nW?6erBo4C<z3eHPzABco$Q)wlf&xWSp5p
z=jZ=53}zDmJ{>-uVkVZ4zuf+>H}JXZ3yWdjUi>e0?{!{w7dQW^Ko~Fsf_xl8+;%qM
zbuae@EuT1c|3?+{0FEwF#_m*wlX(6pmrei&uR&GVw@^lz6grYmuq9Ho2RTagZ;!8e
zaP9|G^^uN^&%D_ZZ2994<L}+we-{_~qeZ<IfT#84yX`ZR;A2dd<upVg+=@sDl$fAc
zAghc)U&e{>!~<0?7|uR^>-Lv?v>X#t+Avfh+*>n4e8}75v|*WV#AKqcF1K+AoDC*Y
z1W>nQWv&yol7@t8Up|-U`GD9bhHO^z9m3lPP4RC6{XuI$TXSNP#oO<c6;<DvF7S{)
zfPcFPyv6&u46hgVlL*Sb5e(3|Pl_nk)uf5{bNgQ?(!S&;k=ra<ADF#_o`UL<Dliui
zB-^FJ!FmYwb0m-NU0xAe;-N*sE(h7_t#L#If!T*;cm^RXjrz4Ht6SOjt!MFKy3MFV
zIG^CwjAI+0OwAvXw(yc`#N&*S`_I0GfV>OC!qi)E{G@WP&8AGTq9XbF58VXmLfZ72
zF?ulm+15DZXeR5;fP($!=e=Ast6T3#%XIFM?jWp}N6lUVrqKSEK1LEOCuF$SBCR1t
zpI^7I5{0?ywKpP3aU0$2mPGtMYG)b#pK)+S$eIXJLvBOjy>aT-*R!w_?4Rz!0NK<H
zeM+5|xAl?KJ?{OXKZtBf>*M?Kc$c0hkd(_r)#j_~>u6G2+F))Xf0jnfkBq*~+^yB^
zau<vxs|J*vVm4A@PD!Leq&8vGam1C;J(-Ul|Khpr#j4<VGK+i&o?7Mp${f}c_N0sY
z<@*e@CYE}hU#=xN(1oL;4{1J<3z!}A>`$h?ii07?Sv|+Bajpdo@_>=_gW5Qc_W?5D
zy?ZLmIxu|VXX_otulEyM+jhOPLleAMOYYq)xnwL*S-|+E=(q9boHZBSl0$fsykfub
zG5(RkXWsOjSnWe8LPfH@bM&wi`SWy>VU$y&-r8d62q{*rl{D%FUr*sm6Hs*()<ZB9
zl-v6pa^)QQX*3M_F!YIUp8%Hz^5=&+aOoDtXikQ>c0xHZ7<e(5U^6j{*Vxo!XTeSl
z*{isqjB4Peo23@O9LUkF4TI#32DO7!#(1JYloca=`CIwE;Jpv&+jsr(0(Kt^A1Kpq
zy)CMrNkfW_&+bo2443?<3-B<<-U>2Mi@;JPZQIsjiD#a#S^|EynPQ-yae~(UD+cF)
zXp7WKat@2_7)h(Cw)WxJTYPyO<qw_hozQR>N_g4VR*c{w1)6r!J%wymf|}MJO{>={
zfaAcA*#X&MagaB9Wxu_b#k!#>FP{`-#~M*5oU#sK%62^wchixm4)~IPQAT$;X&koN
z?vFJg#*cNbudf1KKDX9PxXq8Me5Yh>`kHP|3N0@VfNd*9aXXYP{2DMRWR?(d`i1rT
zFBA0os=dvjgyab~p-oQ1`t62axfOJSzGmajV2IcRH_1k~I6FZH)Pae+AVQE%gOwqh
zEysn);hdQ#1r;XYUqEhVAis2z*mg}ttVaI=n+I@_9aT`?^NIaNP0Zia)dLFs$@@i|
z89ah0;i`$nfw4slwQ0#U=TOKNO2Amd={qmxBnhuN%vX`HE;G*^_5{GkcpytQKMcja
zZg9xy=2z{y+cTI-|DWoXocMxwBs=Bh*18iu{`M`Dv9_%S2!PamRQ+g@;J`d^N&CtG
z(?Kf4crx=pHMqFx92H_J?G}&hFp<uSLWHv<^6ZKUQk-Ni_ayY%d<I1>MMo?-P9}`W
z2Kq-sUFP3V-G(NkS0D&EWEOi-8rB9;sM<YE+f1`(;H3znxK|%c3+y$b#ze5WEL5yo
zNw`<%RFeHBGXPUI23P2pRU~|!*zqWes*$q9`aG!vvNRj2r2a_m=90?Dic7k`FD1>z
zm0lEqw;_*;Y{0SmDM!pP?xK52$X4n_@p-qjg7rJlekBwzM_ezgEsDYnq2Qs(&}vy3
zkIbe@G<RF;tSx(`U@~hFIWmYMq-IeY#G7%69E7upwSa?;NPbuD%ffY*Ysr#{`8b2u
z85&wt-U0^R#v7dYYu6Fv{zgxBw9?m*8ML?$g*L@h$8F9@TR_hwy3(-Tb?5<EnVton
zyQC%==KekyD)|-D$-{0*tcK02w#AhuDU;zuSa5H76?No!G>3V+(Ur1D`;=m3!rpNE
zLubARF(6dIF^2LQ(V|mN;D8L4`ep?y%VypO%GXqjkiel7B-3RB=r{bNQ~orP*Y26e
zQh5CkV$e%0i^)KFTL<e`g|?Op#+Tk`;K3g<(J)uw8{A4608|MxiMCWCu4FUZlTy5#
z`mdu5%Z$y`#d#y43HpneoP6cwnKvmnanMk7eE?BLfXFxmHE?C*4OXpKfz?{IgqLi|
zbbcKIS;s=##+7sSrM1s{yJ_Dm=|?6fG5mVHmXeW?`9<dmvD7;>DaAGd_po-N7<vIg
zk*dH$rLIsVw-{H=Kj^#Smn)%VvUAESz6<ZkStD>sw6DNt(?sx{Q4dw@W&Xv5rpuO~
zBml=_b4;LTzsv5?yp@8Q_itdqX`~$#$U*np<hfbvPp9Qu(vz@^(A>eS=YV$O-;QWI
z`GQf;b}Z6V*nlMui9NzG=XxHbpMB6dF3G9(EZuavF1@l`IR(#(n)+Yw-?E>wo^R>k
z%dzHXPKk)P5wmGWnnP|mzS3;MGTOTdo`C&?g}J^qWcvPrv~XIKft+$x#-P<s0&>xQ
z>P$QIUgBs&@>@MyDt;fN6J0Raxk1&z7gDcsnlxzT;v40gyxVXgY<x~~miW9m8hloA
z(}D{sdL)1j6&K1HX(&`s8t@p?4tr|8otGX;0Z!py|GUw4oc@|&b^<o%FMYb{3BZ+1
z8Fq&7M(K@}Ck_6le54cj?V@+@_tnzt@ZQ{e)IzKM4CD09m&e2L{!2WzycJ}S;q<CA
z-5e+)c>sVhWsA;yBYa<ISJ&a+vDUb$QL6Oj9{Y}{O`yG`^?)?Dix*;{AAzy1{&*8-
zN`i^^a70?XlD0BlqOfx$qr_=5CSdzP@w}L?9jPbSba+RJmn^c+WJIAMySi;ka+*=z
zzvL;8$64yr1PR1jn*1y0*O<Ziz2hJWeeTT4qR2=is~bL!!7qGyXJzqbHvQ4e#!%-*
zFkJ{=Zlz%La~!EFa@_;E^W?a`^YSzHOEub~R;v_uKiBAXMnwIVMdSdoH~`K-;y=YZ
z)T#1l_`Z#RyLXue5Bo^$-EmbjTM17lqdq1Fye*V#c)4TI0`1E;OV!Lu`m%p0=AuB=
z^U@WT`OYwl9vf6iyI9tQ`i4-VixRDe<`w`%s&+q>>(=oJZ%7-DnvawU3>KJfd-{@a
zN@aY!0p(?E2G8&KI_jG@VL%2_?@!OFzq0=iGV|Hh`n<x2wiaELXkpDDt=%F=Yg>v3
zKMTOUB|M>1Qi~&(`r9~N{g-?pDy2zdDm|k%@e|Ry@B<B#WjI9kwkB%=yo2f*`mq<L
z1PXyUD2ei-m3#p5$@X84w5$`uBDTtP$$nogUVF;%Ll~!cvlG&A5uo<@;G8un2oCZC
zxQDoMs3FO3Xr0T+RDX#^v;?<hq2h3U;~W_pH4LwgfHHY$lMLo<Z#Q^3U;99~yCiG6
z{=OhD^MHsD^Xaj)w-+7IMgd}n3f;4W#7faeTpoH6YscY#sfVOY7d=F|^bx=MmuK7~
zeHb%cpr+81Y5CH;1AwcivK7b$p6%~W)lTp{52+H|Ywia81WVtdt9Suk?d;6g;zk^I
zDa>_I5oX26qhM!nh079^%|Q9MKt!vWC{=NIOIZ@S|Du;sf$9<3Op?O;>x_1oxxu-~
z!~?3qW2B|<*FOyo<222Qu=Ely;$M64G-KJ39tTomMNw1qW`M;sha#LYSv_}Ms{T6p
z9+9u^AY@ZnmMY)6N)aT>V&u*}_9e7&hdir<o2bUQv~ZHr_|MY6!gCD>BEml8H$%?7
zn=5=*bupf$rOaNU$mD7<a58~S(usLPCd4R5oJ~)I@sph!rZkIoHmdSGIDG4|7Zp|)
z(tn?qSdQZXO@Qw=ixRc{geYcB^-{;n!hHM<lec{(Dh-<T^ZVp3TsxFP)v|I&)EfvO
zAC6i6e`_94H^>!fNsUM}q?HLy_VOooI_eiNL7x+q{i1B7-C~mibb~ls!EQzz?#aWy
z1j5DylnUjSCrNve-?pnhyix;a{^;J+M-D*A=L_8~4g=((vO!jjqmFR=YhvxGLw*J<
z$d*_XUE9qIOt_rZYh1UT7UydZ_15#F-fRhggR$01b0A%?+|eBoS!{eRq{W;~g$To-
zeUWhApt0siXtf8T<qajOu;(r5POD{459&+MqffgvRie0BG-abihFcE_*1-st@B_65
zVJXv=5&>#+t4;tf>DQFG{9{U>vSTfnm^6%mLxCbDt@wFvFlJMy%oG$(4vt1d%uz~j
z#y@`_-W;dC*f92Uk)Jbhb$B)|Yj$E5%MgdA^QNCQ0>3N3Gm6x{kQ~{({<gcyx>;8>
zb6{5#5Wcx@hgi-`2q=ri550=_^2kq}8vs{576Y89*HDf%>4bt#yC=v!mUl`?K>T3F
z?;J>4#{>&fckc{sf0wLb=*$aZ3aY**C?)Hbqg)82)vFqi%aWMBRffX3T?-0GFs7Ou
z5>#lLR=mzbQfRFdJb5#LW920NY=_vCIzV`^wx5c?VmTOSoNI&uv4~L7k_ZZPZoJO-
z(g0BUQVwPP>;u`AU=ID>SL3MA#PvUXU#$m94%?Gyd336_cqQ6~LI=9p31i`7%2PES
z5vm{kCk4CqYHJPF?;7F%%1xzlTy{&Z1QaoJrAYiu1GxIO!u9!=RN(j#M5fyUPShMM
zl(;BObz!OsRqR`T{n0*`_ri7^?I0kB9s`s@6=J@it?v=Ul&~d8RTIydC4=EdGF+89
z!8p)LEe|zw>b095=*lnWt4Pf#bjqVC`7d+Z=<6m8TG!+&C0T!oN1Em@Jlas-I)70&
zU$&SxZk5`!O2MjUfS|*k09nZF3Y8QD{RLVbZ0DD_>1&3eC~IfV6iG|)s^A4O=muCf
z=AQKzZ=ah;P+(v7B$(bwn<QH{m@bdkhnDk>Sy;{L*LF+~k~}*F9SuI4$c6NkkwiK+
zww^T;i%b;_4lm^3(Q>84sKgcplcP0+-&$*}y}j9KfJ{HJ+3{<}*dq=$2bmO;)K(I&
zBcrZlYrQHf+A2%4RzobArb>&yHv_&rmbs;kILl6o$1IECxTDlFX(uu<EXON@kq*;C
z)bz3*tSw$zq-<(p5oJPup@HgX$1J^7XyU0oIH{E=)%1jTRnNB+;?O?RRgH2FCchm{
zEtjSlJ-V2P#Hi5oDFlIX%Ok7%5s<s;Y)#aVx9H?>+o+G(s-gc8_f%s?uK_$<wK2o2
zonP<@8Q7;1U3~<c1D6IO`{OIzm1u0^qoS_VOJZq=Q<?0P`ok-ULS}=>88f8USP`$4
zIFh|iS56ZOFT&#|*t$QFa}<v6Bg}cmK`1APZL<vfoqL258e~`KPJMi-(@CMGjdjvk
zIG4TL(^4><Xvx+>JEf`95dgS$9KdQ2(yYs=jNXpPQm1IG{LcLYW)_4nWR58hgy?Iv
z&lK?ljsvZm^xqDKx%h;VRTxH2jgaNx=3NW3qz5wjck)YLL)rMG1e0t|UW$>HidVzS
zqRfqV%Mr|+R;<L>{*rE*BlPnxi1-o+%$j?p&oqs#&tX%S%0uHVZUC$@vnej|@Aa&o
z!TAsVw)}<XclORcNb1gDwT>2cb%Cd+<Fz%0HwOogRa*Lz$s(KP;IUl20C7hplXKLO
z)U@69H>jlUo)u1%HN%-ce-k3SFEa~$JMRc*$rP4R6B$4hAyfkk=Nk67sjlYq2kth*
z*)FzL1LaSO$YQc?sstqHUnxjWB`)oHD`l}AA;;)PUr=h_iUv7XK+I7xeM0ZGyhn8K
z+I0g4(ev8IXjx;dROekv4ul}rf1_}EA9k_G_|fjk;;?EE6elTexJ)A1wG4SMx7Y3p
z{9YDHagL`Y%(zGo9m2e`P);E`@B8vxK*B(*BWnis)3y2;Km+ja?RLWuE8hyM+|Dj?
z+Sqr^vLoEPB9*xq|5CRcww-ZQa!8a{-#YAHV_rA>R{=cwa`*TJoTA(U5|KyEM_s|@
z2{#;_*sHN~o!xG#HK|4s9d{3ds!Tct<G{HUi5#L6u9C(|Q(-vOd#LuUy`Wp;Gso(u
zycDH140cq|K?6w5ALs0pJ=2g*F0*&BuuFE@WSvN6RFM|!5Otk|Tcat^><Ho(9=fLj
zKOH}PNBp3tF*Z5W5$J!&vA&D)235<PAvxoaxD(`~f;&@#)2>DQOWSaf2|gk=t>zQK
z<v5`Gyilg8U1x=~%&M$3uK+z#?;nvlSgD&ZjWBWTjR1Hhaa{Bn8Jo{eSgohACeynG
zRS{oK)H@@OX`XuUCg)-H8mXutolKHQ?Cv0IzrwS#QFhbe>8;U{w9PKu#5@U>TXZ0|
zMD{hQs50)Xsg#7-rMvP-o!B&OX{Wp&mVY%<Ti5bsd@P>RswBqin4Cq^%p_4sGM7{>
zF$;4}fC0>SZks*zz}xP)E|^U;Wv8<?Z4P{Sv;EqB_MKV+I^|8lu1;`ixrP~La&9TT
z01>Vc_xxMEV-S%cR#PF>QVLhEikUUwC|xN>FL?BfNCSUx<gZ0kE6yQ#Z%5{o-Qyrl
zm`kK|n^c8#gR0x5CNmqXktCx*0NAEQ+PY;7odf8GGWt@e1%|t@J%U(JxW0+!k;m{A
zvaTcmlIjM+KSo%SP(`Twxzk082V?b(MT*ZLZ^LC<4|mExxsI4xwp6;jWG&ijD`&|8
z2{M<GuW>sJ5zj9?XTdl#bm+xRmONB5VSCrIEvQoPm9V4w(*4N6$jsjjh$l@WP0;$g
zEdbs=Jp^6*(rqFdFUl4OL-O_ZH}4q`Ra01&2<ph5M*3^RWJ5TDv$9hPD$9x$wTJ@~
zIGkmtpcEvEque50;~=55Gpo8nRDp~NDh|h=Jmbl<j;K&5br-@~%FcENb<K8$mZ8nR
z1e3SXIm>yc8sey#L%{Ulu)252b_CV}hJZpGy}fjgR3>)yfP(<Py?=}0C0!(4(@yp1
z8h31e5Cv^}z>=RIcmr~5%Pxq_Zs|%xm;8pOq4CkWn&o_zt=soYjbDD>Hmg6}Zi4q{
za#;alByQOWgH}n<YG5X2gQWjpG%mm(^MYs;)=MJWh$y%Z^_TzChXBQor@X0<Bm#`Y
zX+-35gQ+(*RjEZb)7Qi{_zX+lfMrV|N*1$Ix)n=m>8D}w)G<@iaba0Yl~nUL^B0sB
zYfX)y(a#t6?=Dda)rVHzv%i9vUY9P#TwF%}J5E^kT`8O{xaiCzJzPE)_gY7H6s3vJ
zmb0N8<GSr!S#ugb)J;U!08euCH2@$pZyKdog>Z7yoHSMDF!EMGge3plZqm;#|2K3$
zETt9W@s42$pvVq;#G04iM+A)#4xv6kNGDOuo9ALBe=X-YooQO=Eg_~bEu1!sC@Z3x
zMW;Ugq$4~vlK0E(7$+`ka2&_GT1l2o%}3<z{iKp?TuEMp0<+Jvir?2zF9t;Xc}NTj
zSqM1m-^VFzn1(9lP7T;~A#zExsWB$OlMfzJ)+|mDWR;sh@#cOLSure_%kp8E*nVc|
zI_(#OPe_npVujZO5B%h-G?_<JQvq{`a5*7Kzilxhn+sXq&^Ne7HGbS<jHZrCQBe)H
z1pEQEf+(8eC*ggF8x;Mahyl^4@$8lO-ozaxfDe|t05tLbR+;mf%Mvw})}xJ*FU{|U
zhpcDw>>YwvoTbza-}kC9YUM}S9Co@S)hKtr!h09LOi~-b#J$MLVi>+5<QL@c7hHg*
e4@Taw`K{Lff1&&T?t%3A0u%#T*#oVD0sRkjds$=v

delta 47997
zcmV)4K+3<s{{pi70v#WV2mk;800003>^*67+c>iGS-%2LGy4)xMW-c^9U6ajw8{MU
z*Eo2ArzBdoW1(hZkpvnIpwSI9x*PY3XSl5&9yPTg9rpY5Z|AVzj{f!251n4WdvMs^
z?|0yRrwjl6fclS%7EhkzDmFqtEOd2_4V;;;==%#z_iX%+=Zft%m&(F;j5_E5AM|=z
z<KOAPH#+|Pey7tp=)(B#AMSr2{D9hzfsCA9`S>fQNnFL%iRm2G5K<{2I89<<)0yj2
zx2cnssVwjj`lP^%V`5wAGbNdtV(Fi;?LfgJbl-(XD|qZQJN;(2reR05b<1V%E~isn
z)fGdAgBa=6=7iQUcU{XlYPB979-53WEt~uYs}zfxu2L|5j+ySxz1x4LN*1j-1*ihR
z7N=!fd1y_$U9H>hsu~7P@_zc)Ucawl^^g+Sd*!dU?|c3C2e|#d+hRD}jBI_O*vm6A
zBR9Voih9?y%vtRYFCU1lLBBK*0}X#2ta`TYF5xFOReQ-=$KTu7b>P=RF_jr!V3TH7
zJeMpKkw-VDw&J+9r@DWhjca$_Ee^Wu&EGyiw{_dicBB2K#(SLC=@8FWF+-xb@ue~~
zfQ}dCa^Agn%4Jj?y#a%DuWQ(@-TSR-H@k<;cI~NYe3!BlpEE9AScc+a=TTMytIPjh
z8~*I%{}z%w{uh^%;kfC3aVxB&K>oM;{jMbc`@LRwC;zvRYLkDtV&0)8@z9jmAfuo=
z3_~|(vY`H-TJ3^7Aa|~~EcaZw$4JALL6%tKS>CY^&YXCLh73aP5CKsDMIa+l9Yjpz
zIRLuGCI1766Z9KMLEFSYdPuofbVIo{Fq&f<AJuBU+|lqoHeg9&Hv_T5gb=4)3c6OS
z{SI;x*)T$igOPvkASy#O^z|!hUh$XB3wVS6{IiKB1i>5IL<?eLq}&qEWk`zB?~rRR
zp?ZXVLR3^D=n~g+(qM&oX4s{oU!P*fP0jgCrJy|jsUU~-iwPo~m{WbWP^^vj1qJiJ
z+wOPb^B>-{d%O9+jr8?v>*v}rv6i+zo4e?(x))CTcj$lARGYQ&=;WV`GhKx(0dAaX
zKpXm0$Mz9AADuP2u)h1bMd|zN*9P+G2-O)~HG!IjCY{n+9W_w{ve8`n6e*^L-bOy}
zp||)Cc=K5?JnYa9O-6-H%)g^=$R%Uf2JW$k>ad2!^*shJwhigj?sQW-LdT4B&lRh-
zz^<Yxu0ntJHhfhLb5q80>KO+8NOAo0&)8ZvHWvg8$5K=dNH<l((*iibM-B+G13SY8
z+gKsSCYsK?#kN>!#o33TC_=EMYTgCxG2DrzSDb=;1{B8QP0@rDj+R!2?`pKh?J{0!
zjO}}%3|i3dX5LrLxoRAtZwwqm5`AUAX%aNx5B7h|Ah(Lq#9v&fP%)Tr7-*X9V?$G2
zffv|u>gWTiQv{03)?@X-FyK6ZQja<?+5J8R2~<cl%|dEuI``^P1ak*^4kVhxJFsaH
z+f5=3vqa$hXN~<)6+jGq6;FolxYz^{TlY-;OFh!XqII-!ASUgW?U_Pc@@eG|^)9T-
zHJpDNO?Q~={ebA~5_Lw9cxpzqOOKM$<Uf!x(3Ncy16QIGEYknM20)ho?auyA{%<2a
zk^GN*Nr-X#R#BUZ=gx_(|CcGxns@J+6bc1Ar_d{)(9K1Bgxn>O{lX-$?HOEA2)+5M
zO+1S=qk-y_(}OthHHq|{kUNU163=v<mP>!`unAv4Cf$lGs*RxscQW9+P6hn`7N#4l
zxi=F7Mf`vNK+^woJNv!E9sl1(dhz`K7fzv-iUC3OFI*ZxL$2_Y;_l0XoW6xzNzqz?
zKy|!ZdV<Hq60bm@IN*|J%{o@yitmJ2MoQ!Vnt~SuCVN#D0r~vD(>q9<{~z}Dcl>{U
zE9n{Xf8cgb$m&lRF^;jjF^AtwefPq+e?-rQqFPnW?@p>Svz0T}LN)}U+Q}uq!@Mt1
z>>Dy+jDR3eF96|lTK*gxp*Wz3<%#HU$HFS@Y|nyW#$%|*#j_>ves^h!E=t8JUZhEL
zOTAF4+(P+sZHDJi0s;s!dLnks@*aPQj*4e3k6L;aF>Rj%!>PK&=2a~eSDl|lD6uM9
zT!$L{!4#-PW+c-`#<0xAQ=Yf^h^{wrvgUwAv<&LcnE`U4koMol0L1B^zmetu1(l?J
zn$@2Hsl`H)@~x1LiRl7P6kr5MD#=^6PFN8`ah!N3B|asHIj69srbfPEK`ejoF4p7I
z!8j!P&4op!o#?l$+$PbmKbuNqSEf_lgm%WVs?f=bZh~|Q3A=&Tn{cV)8fa!>)viba
z0hS3M`T}IdQS8)&f?}_sZi_fN^v;qVbfji+m09dyLO>kB0FH>EtIGtr@N!m=A&!q?
z&muj^d$Z918nTFPx*uA8m$iSyNeof%61g>e>&-sMESJ8F*OfXI<_kp~GkZOmS@_^-
zjs`dBYtR9eYs!a^cHEQ$xlxjYc-cF=OjZ`1f0@l@%xeIhpO!a;;f47_R@dpKHdd}5
zoA>ev^ZD|5aD6tp8JwJ4rD41339yU{J!yo(NBlVKsMRWQ^c5Sh6%T(U<8`ijDw#(r
z0o3PnGFd$8_r&lP_?+pJ(}&+DWymQtcR@>y6n73C8E}APUsXUPJ}&%VpAt%gQUrFh
zF^ZGXn$s`ZJIUeBn1iuG(P>y_JPiFFo7iziHo3*|0il*vzhd`D!ouRsonyst=Pes6
z+EUIzsO`f0_WO41!xVp(v!0D7bC6|oVrU7G5W}S@XP5hf3SnI_POzaYfzJ|Ca|$4)
zl#qd17*;V_IdHMOG9brOL0CIw8!Km*!MXYZ6VEM&SUhta6df=9xeRz5nMy`n0=e;!
zOYk-ua|zgngDyeK9`y>CVyU$(16aJM<n@+VT1GRjzQBx@&RTzFCf3fpQ1)V5C5we(
zYO>^#d4AgRRqh?O*5h_iA6nQ|#rh+(j4BcqV*FNIvB{-YUboT7o@iXKvlww!&}~Oq
zLBUe*?DE%}v*G9AS@EJNY=J>$XVm03v0O^R{&;zHKA5Zs{3Ed!iYq~vHdOIOf$$$V
z7sR|G1iBzFkn(?%Vi@FMWb603foFK=sEVO*x2LHBtGhTTnA(@7v813rLVjoI0G*})
zWp!RVRMFaLx09d5i4J^=ek@*uNfwRK6kYQak}YM5w>)!Z4!^M}&8vPLw!(sI)#X-+
z*^_w1fu$%7(pSNA;_zn1B^YaXrf$&(<(%mDBZ-9!a#4SM6WchxRoK{;rw^#ZT|(32
zI4rQHdoZKUp_lAs_5kHjO+v<I5=%@Gm`4t=jea2DxE6s4qY%!)7EdhG&i^Vi{1d6j
z{^PLImd^hUdhOl$-&WEyJpU_U|51(MpB>sbypBV`6azu@uX_F8wWxU@yb<2a>;pFl
zgqJhy#&UmBY(zJdR<br^QI?)fR*N;tcW7Ko8eyV8qBq>2@eSP;E_8<yn}bw#5QA>1
z_m>00P<4SKZ<j$UIb}g<-x)35>D2iQ_RUjlV;HWM!ghTPO1vif_rEPl&8;6<7Ak5R
zE@=dPz2->pcEGy|WJDJKuf*_Aq$2*`YxiaQkHdf7&i;EV>E-hO$_)SF7Jsiu8mwm^
zxQS)p&Lr@;r8NE@_YK%w1QhZAZtp<$|LGm<*8f{c&yfEITwY=eJNv&1?Em8CIjb1~
z=9FE-5>SGcG>F<U=q)6f|Lf*|n6*?x#kT7RQ<V)xKw<p1j?DkzZ+pl8w~-!~|NGRG
zAq0P<&xrsLQT?@_w+XBcxap7^_2tHgcsp}b%G=m7bXB1|OE=v;)Y(JX0*F$7is0cv
z&*F3C3B(K6jr(Y9SHMKLbNKVAsd<-HP1*dvx*!0B>;HCw|F`=){=b#<?D+qdBLT!&
zXw|U*o{~YQEBh5qsJ?AH(;e52_G(i7yzqbMlH8m<;M+MNcl?Of^X>0LrL@q}voiw!
zHw{h`JUmb*mf*?aPk{JtegDL%4FBKsETGW;|4=&r?RM#rz>fcKA$>>uf0F|NNeomN
z0N_bQz&1kw<VeyAHU5e2Tv6x0lQ{8|$^Ut1R~pCsk>h`M+lTu-S^s}<xQqX}mGpn?
z`2UaSB%nMNl9)#34d#1JoPeNI1p?re>2hd6l`Je`0uDz=to8$cd|zW0Gek}5(>C^9
z&+!RQ>78|b!c!V5olXQzbA;1=Fv{C-e@|`d`VR1^&5f9(M$U(VcCX|dpIT~7@Av@L
zith1Yxik;%^sFwih(Tt{u|=)akD-4iKwmdq*{?jkY?c>#TJBsg^oZSDP+)Cm{W1_r
zdF<C$<(T!{9>@q-(2#qAn&L@Lw82$0A;Q#D{sOxX#J)>!eI!FpyYn3T9bLn!Vkf6z
zRtvNJic(yqf>H&ZQc}JWj#4?b#2lsS@|-Rnv+M{1nLa>+Uxycyo70QG508H*H)p5g
z$?zhUFY4wD6l=OuR6qL5eLaPqsS|RRD{s7-e2=5F{t5hzz99`yS+Hv8hAGMP9gbC)
z@6-N7{^V&~Wxcv{i+{)7?D?a8J^6Gq8caTwCo;O@rv5!E)N*<bFIN~L#*t4;vXn^X
zBwxuEP3)+%>EwjZNNLXGY<z!nJiMCRd^|nNY7lcc6DyP!tEH8OHm{%lD{4>o5KL76
z+wk|wYQMwF)XK91e`Fv9WOSKHK`W|TrnB;O-h8?oPsSD14D;>XI)#d-@*{zz9AfSH
zU*vR}Azy^cX+*%#wY#R+S~($eHT-<}+wkV{;%5BmdUA64j|@SY$`^lZd{6H1r8%B^
zu0|fr2pY^kwP^BZuf%dN9uMjN$JbY<lizQSFE1v;e`fjVG9*%_Qej+;poOp#vvt)8
ztU*dmz~R~Od^oxKJ%^FkTLSVb*lpW%rLd*f;~^}G1}DR-8))<K<nk(`wXE_~co&27
z;dnGSPUW8;ZL*LfOCWzV)v=)o?Q`lk?$qmVqQhCb_S`%kUBg8Azw6<+ghzN>5T5Y)
z0FuS>uJ9ioy~U}NY@v0Yot~d=RO6Yx&`Z{LK0M#JjSIY3sg1PG&DsbxrnfO`LdT0^
zi>?xF#R$<Z#(FsV1oQi9aJF%OrBuHWx5|L-_s}X$+iX}8RhNHiRw_y-!;fsuIvJji
z&IXf}m#qO#fxs`fv=h})3G?yv*PG!#PbXALUNOf0ad3KeeYH6*{5~nz0qO3gc?A+-
z`H{!7S(Bb6xb%KGUARGBL5E}e6t>(p;8{|Ti9Q%l29wicDs`dx&;=Ki<DY`$z4|;T
z5rCrtWXn&B_zHiGsSbzcy>1hes_;K6wv*HX<c4JMyJmEGazmxn;|i)s*35t~Vp%GE
z>i+G2JCRq97o;myEts<VMTl?0kI<*dWE9^O<c4_)mo=3J_sRgfQMjiJnCpjp$^f`Q
z*ryDLPZaQLd&E<5ps*~s)sRnRA;YpDRzX0egNGq{v#EdWde%#(pJ)@Rqn;SlYG@}0
zvI5G9!K;F9VgQp=vz|t<I3AVIx&=-Y(If|?ifQPiyi%+w$v<H=%rj#*Wg*Lf#2Xj_
z&RA!q)L*Y97EP-M4qC;=Dck->cWlq1N1V5wHrvPttT6sVU$+0D4gfp*pKYXS?SE1a
zvx#;R(9(Y|jFx1FD~laVhPFJTWRWK~>e<fqz0cSR=*3$0WLvDHk!HwEyHVe^#&>En
zn#uot*N=wi%E#mX`};}%-^0Tl|KCb_cJ`nCw`0XpZgm4z-Y{baqf;R)oF<@$a^09f
zj?`rdQ;@$FJ-S_?+${*DPISq}<=45GJOAKQ=Qw}rHdTq2+VsV{CS;l&33f9`7yyb7
z;&R%EA9iz2304JyZGr?~D2aVwBz*MS<Y}4!xVP7gWsjVWCW^!}iuN;6ShlK2=ICkg
z@Qb3l!BH@^J{wM_%w+;yfJm!l?BQ~&lD2S>+V<N)RRMut;d>oF__K^U|G_kR2UNp}
zoH>8{frvG9pczikzT6k4HR0xGO{$I_%dfal<H-{DM=;S99Av7>FP^DMS9HntBq9%V
z(jOji!<)aj52e2cB$jXWN&DycYB-n-X&+sWPUx?H2bd(I`UUT$9uB|794}#I;)no$
zzzm6<au^)+!dNWK_JADn=pm(mXlCNe5#4`9idEB!K=Y<g3I_Bfo9|s?Th|QcK$suV
zIATlN*m?DAlrq<UCbyq$@V(haK0t;0|IWU={_7p?;y-RBJ=gVL)P5#mf0Q1%Ji2ZZ
z)JwgVWsgx|7|vyIHEM;DE3wsf!K*IC{C&Db^~x`Ds}7?DLNJIXFpZtoHd3S%`Wk<@
zMMQ6|Xr$d*W7)(dDlv}G<aiX5G_P8CWb%K@v8oCLU+Dk8-<SPAyZz3N|8FC`ApQ>&
zDQqT72!O{7A}{S*0I$td%j<03x4T<UjV1GjFAd+wQDffF&5LjzVp(+Tyom%br|DmB
zJO{^0QXB);zp@NYjYjr5Ir?g;kpF*I5D30-{lDLl*Z&9Y9sl1-dgc7T!k96yK@5cP
zWY&rWpW0((BGZHcWT<q=2qClf2JSV7vdrWERowwq!2i3wPDj4~W50c{<Nw=8-z)zQ
zOiK6>U0_!-77NoSQ2#s=CZ0A<v}=<gHv)~4f3u|)UTFCvqRue74Ws4~$bo<FsS+Ot
zS6@2xwM~fItd+SRGiGqt2yYh@&;CV!;?c4R?R>0>XKq3#9;k=ogJNrg(P>SJ72(%L
zU!IPR<1a?1C*h0m@=XRcXf2CI6huN`ZS+j^po7fvT-M&Ox145hhD48q9rr47izqXw
zInzz=i(kWJt~-Kkk>WV)Zb5%q8;c%-6sX&CfZ)-<vIh2o*vMAkGmVd=m}op?u%b1x
z+6E@I&viV@GB9<lPz<qsOGAynQ_NX-=Jg}`NbFl(LyAV%Nem&@${7XI3>0n)9R@S>
zYgi~>j?h8Bzu$*fQ*l-47OTv<WR(x^YnJzN%9Q^VUIJOP|2x?4%JLGwx6}V^Cp}mB
z|CI6nx2QYhjgz1h6bHUTb-qGaD3iMs9e>ag#u{l@#4EL=N;T*XTFVm(q+I@A(It?D
z{67)@xzpb5|F)BM{C{o!U!m?$5(7_n8|4d(R=t@HGED$KuC~!Hy3R$F)k}v={_h7&
zt6&RIeEuWze|Wcx|Gbs-?D&7)O^{WvT5e_hn)qsVP*y&}a}<BRRh4gV&n`h{n165!
zt6p!Po2Dx^taL{uT)*R9WKY?bDJE#I&~%`P|5tGda1sA+_Y>#;{qFAmudSpP#s4?C
z3HX%<_|Fvqd3W%>Hir1hlFa`to51XvW6x=XKbekheGyP}{@?D%_P^cz{T=_`N~)6o
z2YQ=$?ClArXOFJEY=#td#VCr=)qft>hrW$Exrr11?DCh)6OZ}4m90!@iuTZ64bW{g
z8Zl9`ASMl$O|_jWu`zL|FKHwqMGV+F0;u)`;Uu;#WVlmr>u1E(=j`a#U+_CfBdP<q
z@=$!7ouG#~Ht{{?xBLjdK?gxMkp~1lV9sz8{oIOODgRRl@#q68JNjXv2!AM`*Pl{9
z2-nBR$LIz3k&MxB-!|`(BNWyh=Ho)t-&oCpL-+>D8pZ_qNbaa9fh|hSw`9DaSGVce
zr6A?Vf3Y|eobeIkf3$lE`QO>!o&RhlRVx2w3Ai9y<mN@mk-Z8TFG%!UkZ2&{R~PW(
z7^IzmfA#`i8v5rY-ybJdR)1#MG9I^~T`ilIs6JOBS5L628j9-b_wq#m$y-f$X5HlX
z0i|X4;}^mYi|D4WL=Iwu=G+3rz~~~RbWEFEKmocGGuu&Z#ljOF1Z5RKv4SBq9;P%8
z`ELlQ8VA=ZiCC%kotCq7{EH;S7h72bv@m6NgG8K{<K*QUPCVWUjDI#YV#eb;-2(Qe
zPyLXWsewEK0*pA=2^YKFWx2Z~umAYmsPgvrV*P*rP}cu<J3Ifs?W9Lt|8Zg(c<%fJ
zx^AYp!Tp#12|!AY6{5i98S2zmyG=eT09;<7jOcF_T}dxyV)|9|-{I=A!prJ~xj!w}
z(0sbu=oWhEpd{8uD}NgEJTHHPEdI|{9F4%r_A$?Y_q%O5{&T0--r4_bC2ep2&oB7J
z{`SMaPPCpB2Px*DVL1)o*Zrt(l19P5>XY59XAl!NIsGOS2+g??e9Am?J`Q})*5Te9
z{AS0@-yxItyOCY^BbW@0^VASJgSiTOzHg0MuwSL)8{4z)MSq{ep|0=w=iCkSle@Gq
z)g92kms9kX?(Dxv+dmFsPtZYFnD3D}2!Kx&M!`N=(;Z5gHw%NPcj$w^>q=~`BWQ)n
z1ms$>ranokv2gx9YSnD(ix4^gZeQOzTJDw<I=7Xnn{Fk|uU*{B$1s>F+r&)RZx<oP
z0F=Nk)JMd18Gn+gc||BgeG6>QFnX)$stXJ&N;GvwGkf_Y8EqG>WMpI4UH;u6W*9EB
zmu%4H6|YcdtVdHGR{8nVGVnF0jP)PTj!NLivI;-Y!uW58iTIzLo&V={(w5hM*(<z+
zVmc)dMEoxI|8MV4x7)bV1W`2qCY~aia<xPk0TLW#c7HpoX_B_s*1$_r@~P#{Lk58W
z5vc$I84)0bO#7^Ujl0&lFV|0UziCe~00<JKBqz{aP7&Di{`NNyN*I$rj}*vGLC}ke
z^sK?q&C4*lFYb@e36`dm<M7Jz;7Z9J_bbIzuBiylH3{8Z(=nTCD$eq+rCC0gT5abu
z7yf^s3V(Q}|6j5G)6P==`!t__J^cSQtCk<CQ!ahhOC`l;2}I2i{4Yy8y(F0bBA;sd
zzo_buv*o|NlK8K^rT^cPe7*qve{&x8poWsJn=9!zRbhuyJS!_WX{WX81~-YXlaYze
zOk5=3D<BXzeHaCk*bM=iCi*w_a7$ZHQSEX`#(#5UTsh+n{7>(P{;eNI2nMAmIqF`w
z+-7>g4{_z2eh>?&oxz~!6sfHGcg6d!!2f+;oB<b+2Vw^P-`?6T)PLMr*8hE)&liCI
ze=pBT%8)4UxgvnLtj)uO$`*tD3>os7V$RWd)8j7Q2P%3tio1`H!-8g5V)zn=^a{^q
zD}R)EzY@Hx`z{N8p3<o@Wk#+Fb`H4Es!Z#~f0XznI}IJ1nr*Orkp=^3d<b*^)55O&
z<$JH)+T3bxtmL#BKf{3vAhzUxEi-xbGQ-i2{veDdcAZQ2yJ>4L>s>Gt&YT?9?@Sy9
z=^T@W6yGN9{kc-kvn-d@OA>bO<dhrhKYyn!DA%Vrn|ea3gF=WGiQnsm9X`F4is5;j
z(fB$F)Bf8yI}7~o<e=Nd`dQNts;ZBSXzFNHM<y2B^*!U+Up1>v07EYA<>_MbZ$P&y
zL@|^^8Rs7KTfq9*wOmSYo|%K<RX^i?;86zVS&MaNbr-DfJ(oyFhfp|&_;PcjU4L>;
z^7X^>=QONyoN_b@WvfVn85Hrpct3YOMc%d&$1gn$7V)X(|H(J$da?ikU?%^+S@8ed
z-P>I9|4;E*^8Y!!CtzPo0FXY9DFMh7OA(+T0?f_ntD9Z2`b$=S$?E?RSbcfXPtEJ+
zrd=}okIC$_m->?1f22<p{|^Ww0)J$&kTlRU^S^Ac{dae7V{50qLGfS9{GU(r`GfNR
zE`QE^xsd6_^X3+2Uoz+A`uUP%AvwN%P6nJElB(LOX^Ne4O#70rUN~QEvC40Os!!!v
zC2+2U1znlWgRVH-(_=HCUkU^F!1U%hFM%bqwEXB#1^)*OKfcw)6abv1|9@?77V7`*
zZtpGmzo+;tHvc<vcyXo?tfcshN6@t&_A;-Wde=@9;Nouut3gix`waz|pZZz9B$1ry
zWg6*@LJ<g^LeD9QS(}f+yjHqAdgU4pwH20`75`Nko}Am@_gJxZnDxAse@mPH2JDja
z>k1FL;`o#0h9Qz!JYk0x>wmMwtY{Y!pI@;L-9&f#Xt*%yH;YBX720h6kShRV3{yV7
z?}R5^dR#6rK_u2guDV=40#|3I(im4}VYC^}VvPxb{t89?bfl4~wPbuR*qZ7Q&+LHg
zA=Zs{5;99y`rhnO^6laN{yvVgTvkR)Bj!md>$mD+TjuWq%bojY^?x4ae-9%+P0dL8
zZ_8NYX(KpG*O{qjo}Y6xe1beP{;POE$a?SVV?@lr(junzv{1JY7D?-A{h*T<v^NTi
z&R^RL!aUeV5|w%{Ft*fNSzlRQwYyN3M#}C;x9a@Di@Z=qAA|35t*-sfM_9?e^QGqr
z(#(Ht;Uot==LV(eQGWm_d<z4N2iHiotsz|P^)i{mzu>2W{}+PU<XDBr&i}Ao@c(G<
zF8Ti_`7E6OFX2xGm{^%L&9qd5ZF_5vxqx)t_fN=Nm%B2>^|~cldOv5HXd%)24o^1i
zDy2h_Z7b(Ta&W+XsXhN&@elJ%9aPS|j9abqslflEbhL=fKY#q0iU0HYAKQC-%lZ#b
z^Z8=(KajS==za3xouWztxD*0XrQcXYdY^fWez1~<$^T!zIA5Bg=Q*>4&;QzR6ZJgD
zL_L_7KFlW6Bn(n&Bzb%A^Xv0*8aO?zr1Z@>X!cU%SoCKG{(pG#_dm^n{{iRc`2Wql
zW&G!pe3tnCVSgEQ{uRi8Nr!W<L^pgy^JLO7IdG61RAj-KU&32bi`k!Q{J$96FMej_
zf7{vJ%Jcsl8%zDqlYIWr_+MvQ;dE*`-O9P}sZXIj`a+O+ndJ-*vpT$Gl!Uio6u`Lq
z9ywvdch9`D;P2xwfvdC9;{<8Pk9Z9HI*H?~g&04I;(xnSHOjGWWQN0pITrul(HZyo
zZ&+?NISLc`bCkqL9fGd>&89K=qZ{81@BE~DaC$Ps=N)hQJc|=Ju{qq_VOoTyG=q(P
zpyeJ$emE$aCeeH)N=dUp{PN`V(EZ}{<j8!HjE4v5dsrGDf<9o%Gz15d`QZ?g48_=z
z469g_41bT<Tu|Dgz9_E2qXdL@hJ(J1hiA}?ywF~U!|^9I!$m(#<!N|+n&J)6Y#92G
zdgu;0PBGWf!Dw`l4C2H~eE1m?9r;7={FuhFXQbH<h8UZcjz=S`ss_uBe$q8=3rpkg
zC^eGObUyQbjFaoI>-k-sXo+@7rE*)+s_6|vfPWw5aYwm*_PyPmovj`Cs+Tf{@q|+*
zf!}>Mj3#)}Kf+~5<r%r&uYdump#N|J*<zG`f0|AI+q*k?`oFck%>Vi%pM~3hru%-?
z_wHgyEckZSchRcjQN@!!r9YLDtYBVOgr$|}Qxw^C>8$j)&Psgh3wKo#u&QLaj5AEx
za(~D{hJBS{z7;og#Sx9myhQE-eB(gNHZ~fzpGeMeeZzP|O|!@GqR<`690i}n(nsX$
z`Bc#VMTGt7&n*A%&8<B*{tx}Xm-fFW`7GoA9vuI-q^z@Yax5gaZx|2z{>;F>Wj2nl
zD{AoT%*OG|`z7%1eAu8#2u-@L>!1_E>wnQ{ggw-d;Rd1I<arWMcnm5HCNxS4i$PUS
zn0iNV&pr4bKT2b7oB|p{#Pzp09D2a~Ck*kZlUODKDd{$R;tU|eW$KSbr~X(<3ZLaO
zo&WdQ>e^&g`y<tVYHzjk_5U`vm;N75^LbSM-(k<if`3k+bO<yMNt(siSF!ce`hQhd
zZ|3InvGb`jk%dB=S^O~=*5~gX_Lmej4z`r}n!Yt*?YcgHa2bO6^r`12x1;^MKlfAm
zDnE1K|HqF1+1V@j|7|Ywzdp(5$?^aE7=I2N@3@9N4A(EUI2HC0xSk3zNF5@D+j8I%
zT~^UrGIw{|s?yAf4owx{GviLn@_)N7<%x<<75;|<40_`zePHP~`b@|Fo11%E`TB1g
zJInkpPxJY5^#9JUD@EdvQ|}9ao^z!(bdEw*oZrdDe#A-Va)sL5B5Z&XQ{x40jrQ~w
zfUkiRlp1Kvp-r)ATXyK0xfDln_YJKL{mGQ}`_xbTC<-F-y&A!Hep))L`hQU$7gq;A
z2U3#-Hxn^@R~Q4_wik{`KxrZ$WD3YD<4S!D&jS1c+VkE;MLADXK9N$|J5TrWcwVi&
zdq_pRM~GT3S0{RUDp{uWs__#!D=uT;@=MKga1Y(-efL_GH+c%bR?eVJXVS{KvX@SO
zmowvU3L7t?25hL%Lsh3<FMk|{*~B@ql6F}<ilg{uay~+%$|1}Fs|FmB&h8i~tIDjV
z<QFS2pKDuYyBZ~7jLzk`bUXMd{8WZ~rt~jluK`>+2#2(dpAw)irvY?E_x5<$Ewu<u
z?O?`rIqFK>Jx!RB!z_~?;2{O4N!$r|e?%FrxyydmDMMvg=M-Gxq<?0ysFR9I1^CDS
zu3JD^$}VzN>N>#`wxf6Pgsq>aT%6<iUIBN~CWkb%Whov6)<agl^01`o;EC%yh(ceR
z|J0u3OLs}7sKFk>LJifsEnf*?m=k#Ahsw>}T2bhHKgXiVMw@GKoswD9A=5=T=(2>-
zkQnIPJ;4?Rz`K-Y)qlbtkVA>n5O4}w>i4T!W&Vwok7|X4v}~nhqEq0bs$B$lu#s-#
z4gdrNxIiZtRnuEpzYd4%X@AB2wi$HnZ~Ww@oB_ih3P)1=rRvKm3>6G--7Ht?&R)Gc
zzqmX(b$-J%)NmX>Ch?${8ViJ(s4D@ErN5n0sxMsTnDdwAMt@f`pT0YK#EAiERm}V0
z;Qi~1%b#DKU*Zbh9=thT_!<=ZL^yuNB5(ocrw50Ryb7WVQ<idYbaYm>f|)s{_t)3k
zn|rMd_<!wv^oL!UHp}Tr*-RC<*KdIgitZOKEL&?UAt+Ni5i*O?l00y8Z}poO47RH!
zTP?ws?irl_e1CF!dHCwxFK;WRSIOQhx}G0j93GUun5lj7iGNlwKYacE{Nnhm*3F9=
zqW<mM9Sivp?P;e&0=c5lg{$LRZOt!_BXqRqgpORaMPAs2EhT<0o8o9v?#83~r9p;%
zJ16BmD<GBc?d;&ki_5p~j*c%+j-C*BX1t<T@5(_LE`Mzu*}QeSnU%6L&K(hmLa&3{
zAew#(uiyQ2`TF?7@#|`wQ9W*P8PyO_9OcJ28Ti@k<^A~X?9IVNo%QLF>n!jE!f2k6
zM2H6=45KDV=V|9)owM!F!DI#`zCJlTetUj=d3td1s(hP#>+2B@yk6Y&l*!AsTY3tG
z=MQXEk$-K=IZjGTWVnxqw_y?wQA78^Ptv^Cq{V@^H|HIbT{rGOGRsYGP$W(5CtIqZ
z9_Muh?q%hqEc{R(e(~1pv>I9dlx8^1$U0#*_NRvDW%Z!#(m_kT5UU5-yvNF#AkO3%
z{R)W>rzxtTrb%_&!@lr>P*DKxieSRP@4{Bo^nWyouT4~;)6;FUKL=jRjfxq6^LK?e
z@KaF8%WIMd&mOUo^jG=e<_F0o`{fVc;q=@6%^QzKL4j+jVmY39hy9@QQRJ5Y=8XY0
z`FPB>RVIaV&c?~m+sO63=m%c#Da-&aVJ%6}L&aMve%5{@qweQ=dEN$qvYM&zV;i#x
zB!5Yq6n@#HL;{6Q!6&1hR39ZJd%tSYc#Y-ZH90d`oY%~vw3&VkM@`si*qf~UbslWo
z^TTMI1Q-1zNc(Zro#RgPUGhVs7A5qfqagApQ?!D)QA>K|2OiB*H0FV?T+hg#blgE@
zU!9HTyX1$=!a)#^v-ub3b|~VKIT1`0-hT!&@Qc%A9`uqM6Cm@DAu+${X+T?GUG22z
zbIw;_Y4B5(*?z|HRilrZsM1~S{V-*2j7LF~_j~W|$`<t8-9Z=e+H(i^(8ul$_wcvw
zj#vAsM`17MOgd4Jr#cc>sI#<m;~*VA#{i#B08@JBCqG>rpS|&VAXa)mYfE2l6n}il
zAlFicmB70}vy7ZLE+t)~o<O8<u`uG#C$C?(Jj&vd8>r)tQ6(RyDeRr&+G#Wp>Akc+
z&M-$#iWkuL{M73PNpORvV3eP|FiV4|mm84QjYc&X;Ke`U!F3oY(@?tFazP{s&a-%w
zf3;;O$)=<w6178Ifwq=3dFCB(%6}H$OQRqddHn!0=EU9&o;sf52oDd|iH0uEFCC)O
z_bK=a^BBb={|3Z@H7||f^8OCTm*D|M5!r;`^ap-7F9+}_&^_aPI$iIsA4UP3<nz=R
z=7u+ATjW)j+5YGh&+%sipWc7{uii&oOj7~WH!ntEH|{Y<wOVpUMTVoqP=6Vx*?Hy{
zk)8gb-fh+(F?xnaASuP_9u<N}nc0cEOcO?Cn3t-oUy5XCTMbLO>57v|Vpq9aR2Tz0
z=&e!oYApNLoc>>V|35S@rR$6JF+(rEy`7yZ|8M-{;{SKrJDY#<b{4yg^3T7x|6lq2
zix(*Vv49j1v+6%@ZRYELY=3Mm{r{il^F{f8mUw!WI{u%=-FqeLwZOXZ@Sv_0<ulfg
z<Bu!*9u4cHBbX2Ai~2I}hhW8G=RLu48^O<$I2%03(ZDg-Pc_vVW7u@l<;)9j&AiuE
zdfO>Ej`9%pMX14FI!=o&-_-Pk^|iifcC0^svkocf^kZ*@G;PQUV}G^)QL}}^UJU>7
zp4&R9=N^bWqp@Q}I=Hwvesg+p{(ak4!VSN-{~E(<kGx;Km2ZYCUK3ckZ&WXb$Lz+g
zCW01skm2<J0DUuTwOnz*RhRYHb~EAJ5jOy=Uh~*{{(tj^_PrNq+xv}jDy}|9ZumM0
z{EyCn!|%U&@nZPz?SIu(SK1^-d&gPn(B|X;>--Aq%Wv(!p%gJJ*%JznT|7%Kf>(dv
zllNG~X>03yVWW}zS=~dqL8F|rwcD2X-jwpSPM<lLTE}^9+A=C~r<FIgoQ{8Y1ApjG
z5dKkMP?+a!uuK}Th)<sX8;6U{{e_=d{2#D;x%{8Id(eEz|9?Hf=gZ;$@}0+FMba<*
z1AV*jbY9JISf4q3@>oz_<!6rp8i!Lte;zGs7R)M0>g2Rm!mQ~XrzNH;^qiF@tF*&?
zGGr|%6VQDCr99B2EFTlX0VTF2l{m;}m=t?8muy!n`)Gkp?%+83IUAoV(-lnoMA@xi
zCWW(3=gDjZ?SH3avnqng+d@vM(o9s-IylEy2yQbya}jMd6QYg7DSe~Z@BZLN2v<qI
ziybbsWY@loPoDp~1nPw`f~{<{80PO!Gx)#u#_mSDozwsBZfz~|zdy-mk^CQyg!!2Q
z&(}&M<gF&&-^YH0ow`Vd2n)9wzXTZ5HSAFP%-h{Ui+@~_VhTmHV|pnjQZz<W>c#H1
zT%;lj2Vq8qNE&2;dvQG>(;p^MgtjP}BO|if@=kgnJrZ@}K}6G*(u5g*2jVu``x@5)
zXJ7PT5?Z{hmiCB93pN%GOISynLlvy2etZX%GYJ7psy3Ake&Zv-!@z%rgYz+9;7{I4
z(@GeRK06aS5B^XR;H&d)9pau^j<ag%8epCJ9C#F$1<-4CzOB8$TrPZfG@f^^F>_=i
z|8EEStZPLk<(64VypusJ9e*qTzT&N1uGHEk@8<Z^2$xT#S#XNDXVzW0Viy?ahKl;D
zJHYBbTr<UbTO7+tiBP?m2M2^PZLuOp6;^Bm3Xhr#%{0?h00S_uV}OQGjx7znZW5w4
z7LbK_W>sH&YNSv7)-Lg(r2#C?Td^CwAiqK<WC4Dj7T<u)3*ix!eSex2#jvJKu(~?m
zsf5G7k#I53nW(nY52nzn<aAV<+DA0K<0GDv=<(+`CC7wSaYnf|B`2g^{Og_1v~G`o
zI&RXq`46iiLD-a|EAJskLc-9LJisbky~EU^B+o6|5MF3^;rdro==Io#o%Z8#)b;xQ
zEplI!8PVenc8Lg5)PDk(ZBv6-`TgqLPelUHxo@ky|Dx`0wcZH4n9}Pg-o~`+z<Q=|
zcu{cUXYu`?!T}6(q(+%~sBX(y$LHIvr=@t-pud1yppnplj?_R?M<NDi1s}oJ^Ym&X
zxWZd0&zD%D_O5<ZhKNuoo9jR^EgAZ><CyO>#^F3CFrL9kjen=|QRDh-R8^P9pnrG_
z1OHPv7!SPRcmT30a_Qrt$^WnNP?4D!o1ezrqcBazBgB3`jJr1hpkFG<D6B8l5qL3N
z-&}3By*u)39pXWg9H8eI1o*F12?YX~I@Q@hw~NlPApeGb<aLle#|5a>eBWM^p+ikN
z6z2`IZ=kGn7k@<6g3+jZ-GYt3H#>DCU_53Jl}dt{)e2TICWjpsH?(dL1;^6Z>2ChS
z+_}|A_wAUIS-at__aYr%doSo;1N45LxtonuZxj9p|22oCN@?rh-fsOQq=h_3E%|es
zJi~PkI0TCPk&WOALM#;oO+&yQVQ<pVXe5en!cOI#v41sAWzn1y`)GwVQiLKKE}CM}
z`lI4~wfMY>P3**;4ldvoTBbp>0tFkCqo?R5cHiO3>ca-N(+K3O*`WKJ69N1@U>+=9
zSe&McZfAfd{U{zz#ryZ_ifDD#TFn@RHP7nmbeQ&>o~NRWpcm;e-*xSy!YAh3klnD?
z1C$3}4}YlAEteY}C;YPTRaLzllT1+OpyewS+m^jQYd;F3woNw+9IPUgRv)=Tv|^v6
zC{1U(+l5**4(8Eqdr|DqZ0+Xft!`;uOfE_b`)ySx=d~MG9fIqzlfTCCNUmn!k63O=
zndJyEwguyBP`!K$|2K-_3Hsc5N>4_Y$ajbIuYUv7FdpcOCV`{nQSb=<(?`{Gm|-3`
z0Ed{^_~E2M9(~Hm$za@pKVk8Ts46M5U#M6bUy4z4(9Ol`^VLc$th0JK*fm%E9FfQ>
zbK%v`k+)S$CW$FS_$Md2LRmlgH_I_hm)&+FIOcVi(Bs)@*-Yq1Sq#O8ymy#c9Ue80
z*ndQVKFp;)q*+vvE;qQJeGTwo(a$S-Tg9Xx#<8|+e1lD`(fEFgLz&zVQwJ=@s>r)|
z1NY56tuHJm-0jVc+0F^&PIq-&?p{{T@l+`?oRn)#$$DX(828$rdiXU~Iqfz!wzoIj
z)0jqaFwq$?*BaY!a4u#ghCUM3r$Yq|CVy)5FkFl<#>pubAs4p==s55{vT%WproiG~
z$Dh3569xqa7_%1mX$Xi8C&l-YYG2fhYKJkZWcvmUFCl!d&@rhBFLAy$o4yGzQKWH|
zejVy2e{;^ZGg7%sc>C*w1LTooh+*@V@2%g7y!C7_T8DE?{F{KA;Mf1n8Sq!HIe+w4
zzWJwQdi#CF`ztyHBdKp5hp^P&<d@%coB#Ozx0{t(gL77_lCk-R-&BkGBdhdF73;>I
zelxA=kFQdam5i@``pvYeKmNtp!Q1nbi>f*7pMP^(*Pn|LHdRcdfBVg9H~$pt<1|^1
z;*KAY*L^qcd<>E%AdO@)ih=KHrGI@lkGN2}@5=`-LqG`U2Z$c{eU$QlBri;TKlK-i
z+|kVC%x1)V%_m{-h6-@dGHdFx*SMWZ?80e<%DLy_3FPBLj*dTEp1pf_ae49X=i|2(
zxx30p0LpUke`j%=U64wA<}|NQ&M#mJ1f}Ei^YVFCe%;^yt4^0U`yB83A%C)o<}?-k
z70nCA7rW|t9ShVb9I+*~Op)|Ctx@j0i%MZw(K!S19A*FVheq9VCuAi@D&B@OpKh6l
z#(Bt(Qu^66=$@(ORz1TnRcQqL%)kFJVedMpWY3m6q{1=fj_e^)#JpmJy|scUk=vX@
z_8%%C*b~o`67Yi=UeFEI$$uSPaRrh$M2Eh~%FR4@z3c8=b93ZwG*0a}97%WeIhk|&
z?5h~`^1Cl@SGbxvc<u3sHKwL)!G-c#L|yif9vWf|LNlHaXw;me1~o){>3OdX8Uu24
zLp>t0%G61<<#N2jEknmB{1}jm;5pJdAiKlvn%9r-F!pFo@Sp0-!+!!Q?*?g@xZ2to
z$^aGBKc7Zm4&*cko?o>?x!lt<Y5Aw7@thAUu4-Fil^iiY&i0IzQbT96P}#vN!@G{J
zGM_#EZq>lZ$1xO=GR!>?$AVOjVOKuzJfCvgpxo)?G;7Wv45pinwb1|lmn6)Bcf*cL
zkaU)EdlHrDBqvn!6o0cwQyTuGMA1=1fleR(U#e_i_qD&TlIG_br!@ISX)5}Mb3@gD
z=ki4*07DHH0(ym!9t-xI!}&bG=PY4f=yN+g0Q}|}Xa@YvmJ~>zB&APCr-W&R$d8mH
zFCufvcsQhtO+(M%Qo_=&4%o6$t>e*ERc4c#{QlLd^v={bPJeBNZ?X~Ea8PIZu6P-R
zG3@t<U4c5_TU#j}YBnmcOL{mP*k6kOYJQGlrnzc9Ob=WdwqM}Hre135x>;6VZt>2v
zm9^s93f9;M-O-d$?srSY0T*^p#i18=Q<VjU9{l*Glq#zI8mm{SH(%Lg{`We^EDw6X
z)#ESvMOV-C0Dr)#dgIlT)p_*uf=l5|JTh$5ndgCs;|btnj=2_yT2#rgM<DG^J+ph@
z6W!Z}68)tu63##wB?HX{0<<!h;RiF=^cyd`?`hb;j9YrU1yxH83P0_Zr#|<p`zry}
zhhEn7p=w`O>2M3Vu+otqer3XGV|=v^uYZI$=@t&G{eLL2`?*@3-l+ZU+|ROnsQbQ4
zXS78=OlRPQzswoeJ>_vuxyS;fF5=c^40itqy7-$bA9~?;XZd<@ab7Q#>bz5~O*NTy
zWvU&oO#P)Yn9R5$xAXL?sk#<DhJ7X5&Xwe^W7<{d;ilK|oqYxD35T!5(oj_@7i=X~
z>47Wp+J7{(B-MO&#kufW=}-?-Dp(`7rt*Gu6bja$^Rbij-Hd)7Gq1=<%rkGPtm(b)
zY5HIfRV*y@u1be}l-pAAL-XC33fQS}b0uAPsfF8{2f<YhHv9G}Z?0_2RuNs5-QHBh
zS2AqXpmW_`t{kZj;&C2cgq6`sm_Tb;CFO@_-G5-Ai>1YPf2{Qmrw;tU_gFUe0^eoX
z@N>UUJAA|qP$?<#TzSAC3>>6y;~_c}<=hJBr=OB|JaWtjdi6J9*RqzhH#RmL6AAWy
zpJG;(vd-gtXS;9jKGQx7>`lpw+Q4sB^sV;<bVmnZDzECE@4@WMnP$G1QR{V>nd~=G
zUVkR9ys~GV$6{uiIoJK)&CCn&F=@zY65fVUa1$J-9X}#8z3)+SU#D%yN)4E=EzwPi
zrAE+jdGPx6ePLTwp~mnd#4IZ6p#-*#6V>zz^V68%8J!=5?CVbPAclF?EDK|zXHE3Q
zlLFbteF%YctxX1IO!?r4a_bgAy4O>gMSl?L3{e9WJ?Qx?oJ!Q1bAj}t*1TUf<){MY
zIpi?O(ostuQ<*EO#j>e7-Z_SQu*g<9=EEhovY{6zz?F^uAUUq=_V0pgEZi~YtxM~J
z%G*XS#}~y2dFi*hYHwz>B$U25f$~hB0|H(=!tAScVP)<GShQ%aW2g^UkG7PDLVw}&
zoL*Z2VSJ5WDE;{qICLA@F!;?a0>n%}a0e)Zg?tM;iUcN+ZM&_i02A6<f#lPnh=2$>
z;B{-)Mb|7*5{#~{96C<zR%WVK|0*DfaX6ont~?2PDI4Q9s*T&ry4OeJxl!(qv2z1G
z=vheC&U~KBJay*S)@g~Ba`~i6bAPf<O=M+(s=^8{avrx<@O!~vTb9#G?bywAVZ3JL
zABCh1)5e;X217w`E#9W|2=B?*l&}9Gpg-q`^<Ts6f$#r7W{<r%hUNwX$LG0WX*$2D
zuB5|#udi~bd*55xh!4K7vOyPhQy`vaa}gA3IR7mbn&0=1Dh9gu4Hd_G@PGXjhg{U{
zI3d*M^Hcx%?Q<?ps5<9)kl^C6-=m<tr@N;YTufxO)`d}*d)!;0U;XQwI>bY6u{iMJ
zF0(lHJ@0hUPmdh)t|#@cvZQ0}yPPq`11_^{<b~a4+2D`*M8hGc;j448s!#o!E$dnP
zYG)1dfV(XndSRDaI{ITi)_-9<?EB8mzKyeB-}@!-I(`&kn$hRf<~gSp^@agwyU<Db
zLL~!EBdd~0BT=>%e>93h9tdZVJ~P3JR#G3P3f*c0)YK6k08Pbl7Y0hjp&yPVPUG&m
zDEp=U+8j7xl#b@OGBGja8rNosrwvp8wkk%u{~c8fxG4N>oA~Cz)(n>QX#Pi4-s#@j
zfoYS-IUZNktO#=?sL1WJBuT{dMvk50p0H3c-UDHwYSahALe;>Fg$2$Ga9=P`c?F&T
z0(dI9e7mk{t$Ua4F7C=@z=htnjQO~ap3~t>zwYT7De7N(dB&Nktrn9#Iv^q<Z+=l2
zplr|u*_Dm2j?THFt98KaULS-nX6h!DQH#3g43mF46<tSE*u!?I?cB3AT5MQnt0lcZ
z!)CFj+^l^%ZR%{%?YOYrA(}coKLL<FxWVz#up4yzq~@-D>^s-qb1mzhK)!qJb6}YZ
zb_|SJFaYd7OX|W|x#@foS7rO!bauv*@j4cN&$_z#y~bzuGbd8&Mmg`5P8s=OS39?B
z_&u(8PH*sqU-cBf=jjWa<?=jdZ_hzg3%&Qk9E-jES-#8*0D|dm%X7iPVp4qIGNH*F
z89qu{ngghn;A84Yv#ydzR{k#Yqb($PK-s{HN*#dDca+4pAy!~;k`vUpvpEt!*i9dQ
zn)hM)SoglS#b<pe9r@ljH|650^W{~reYmO_`SSA3%wlV#%c~w_o{K8Sm(F+#OL0{g
z`Thy5%6L|NRWoxC=!MM1u;yA?my~B$=Xp`3BhB-mDsHKQQOyJX{4c4TO}#$~G#6CM
z6BL&-w;!mzhXwk3&NJNo7?MZv^qet&@PlNI6Jj~!GIKRJQcOvO2oq4_z|Xvo!DRmy
zm$ZiGGKxoI6hXR`6*+LsV>9Fj7}52ZE^DD1aO(bVVA3`38=4kxvb+y;X_}f_Be<xn
z=dJu3Oo#p9gs|uwpmlGhwc@Q@uE00r(TF&=zmMZgj-Mu>5oA8=*Gj@N_krqv^TNFC
zoCH6uagba`diHUaw#yyrw3hBsVp$ba&5BOt$0Q!m1JjB8&w`%dNz<>S5Eg=u^&51Y
zcAABg_0Btepvy$3`+*;2eGk6qd?Yn76|ceeRIkRXG9%LnrC$4D@6Mw1C`|2&uPgm5
z8?ES-nkugROS&=}B*KAz6P%8JqliyD^=^WplmvvEj}$O?SgFbjLU?hB$JhpgZLmh+
zEibZhVE*z3<CLla;M@O1E0%fy2=UMHCZ3n+CUa{she36`a>r3vIX2FJxo<<3eYS{o
zv23KmoGk_g8@!xzg)X!iEY8Uh5QX;nD1|xz)KFzwFB0TbI^r0T;=X);<!AJq2wO=r
zv`37nawQyft8otaBTn!&hr`hrM@X;)TZw-Q!KV&tDGy+#a@l3mS|zQiN+4js6&HS`
z`vv~$w*9{RM_mIsEA8TZYoDbUWXjj6YcTLQE3ad}`-30(!%mP$6$bg`Eim+_aB?du
z{I7I8K|ZBZ+54yl1-|ls$XbV68&5}@<Nv+aOw9C~opyirRL&J~DFFK_oSgs8QF+$Q
z+5?`PinYr5j!&uBE_WpSvh8N)q)9%*Cz}=rwtsaWx4cK^<yODK+}D3ve*P6dT&1Vg
z528VMGmMkq5$4!{&+hg%{%?D4XT$zq`s{AD|J2^z+1%M_x7)jan}6D9Z@0HM|Kx2v
z!deO+pwoWhd4C#&z<xy4+n@FOSNeJ8o%$K#ajHAYAi#-lug783MJ{LLcRm770SwMF
z?*c1}ri_EJeq8_z5^^KJ`DC3wv|a;d9y2rC1|HSaGT#Gvf&qrX4I}s$qXba&CqU$c
z0RPKs%fpIL9%k2n9r2PplmQ|@<E=*P==>5*<^c?G7!L+8z=y+guNx+5qjeKz>-1k<
zexn7QfhK`i1YckO07^i$za!!Qsvr9|>-Zn_XL>taH-lo8r}4<c%B&zAx6->2{P)`b
z2>;Cn@bCWzngSyp#^cmGIXZ^PM@ft#MWYpV1Am>{!B-6&^Mngie+Mc2+zFFT6m&vf
zX@7jp|A_qSW+!Y-22lgstv@v$=J$X2>fr59$FJZ0)EaabKgaa<zqhfqlYjqPyIUK}
z_x}{1XV1L%LwK?Q)|mvLedcYnHuqW^-ix>KZ7{fo7ueoi^ENj&w^kdC!@jT`jc>gp
z31Pk>5W4b!sZQ}>e{+6b^2u+v+B>byM&rl8&&G-LWBz;J6HX2}{0z~|)d&YjGZb}=
z@6lO+U%<G`US6qEnCHfU*8BCRSIzHscmDc<M85s?b$(#2PCQue`)NPy#K~x#>((Km
zTSvKW9eS)zS&lg7z;ve{4pW)qyV`SnH*F3Tx|@t6@p~8sf7xA}d=y?9Cw;lMS94P6
z0atZ`Xy}$y<$UgH^59d@QK}<};)noU4{;&T1!Pv*>t4I=UiaFo3V?Q7ZSTdqP8K8l
zY;9=x`C)tmi}}|3G5n;A<RnM;yekpQu=-m-f?RsVbcpgyg}w)yNfJP^gq&MIi30D6
zrrNktwXUg}f2z>1(g6`2`_Y|0NhPDSx24WNHR4IF-r}|PJ*N1&^2Wmm4@wr(MLIdr
zCBKnYasMz)$5fCTR*6TXn(TX5%_iHE^Q-&*zo+paxEzl0(f#GBg@;69j=)~+``ESb
zW5e9X=3enV&;Oj;g|^L)FVl+lTV>5VY1mX&gNlCJf7I^+2%_Q-ejdZp;dQ_}ksc|u
z+uUx#e_mQo?A<6Bo>Oiqm0|(wd4v{pCjsCh=)JkI&382(qFp5PqwpUv8z1&=?Ze((
zweg%;&_TDW7$$bU9{UjnSad#mod}2zmT#wbzO_~Noo{WGA(yLuoMs162nZdnMaj`N
zz8u9}e?e$FwUOqIgEVn-SFS>(ButdwUA|pO0OA#&#CLU1AA00h6~)7wCgQbjNg@%f
z1Ralv4W(n)tb6p|IoJ#UnkPm5S2{vXb}tMfg5@iO_9Tu1IRy3RbvQ)kI)!&mOW3GQ
zS~k8bVEJ!7)(pzUh?-EZ>IxU6(WpjE;SjDOf8um%W(yBmm$?h9vFc_{L5%ha=S6;(
zCuwiious|#TsS6&^DrkI;@npU2ARW#{}CiHPqSV7nzy$!3f(~z`aj2j;5SS7p>Ms{
zKJBN7r)Zyu$Ww0!s|0+tXD$5|U?-v|3QC!LrG@7*8ed0Y+J75oSZHwq7mTa}K5@lO
ze^|tgw5DN(v6fd%xA-z^pYsNtv!V$uE!c(=;p?l7E!(?h*c?5`(SZj|QFtDQ=O_E#
z8~-D)2e#{iyiH{xzcRW=RNRX{s&NK;o*ESTa<}f8LJ!=$@+OkE8jR5Rk@(T;a1ds)
zApPYT7t6fD3uVNWDi1VTCtg1}%c6o@e|6Gjjg4<Au6Xaemo--mJ#fWu;BW@xf%mZp
z;<Ogx!4j;EtnY7g11^w*a{=@nL<9d{)4w=E2Z9V96JaI%6P}X18#Tv6;6Pz&O)G&4
z;!KK1!1Z4Ns0;%5cATCeKi(p)oNy+r3z*ex0t}v@td}oq)2Nrb8kcM%dweiTf5OOX
z?-iJ1O-{~!I5^bBtC7#VMUILNR1#LPZHkuv>J2nT;}T$8I(=ovQjIj*#8O3Vu-)6V
z*1w_FUy2Kl{Ui$K#fF=e2nM)Ed1JL%qunhF!4QAy485sGuKO0C$9$-3OHkL|c3lbz
zJt}y~x4|7C1+)&MjRrO)Obi9~e{@+{M~XRE0fP4jJ5=8e>ZQGJ*Oe%sN1n}c5G5|k
zdrR^Q5_!#dpAz5A0ul?F{Ef~iOanFx3*4%`z^%56S_##=lj1URD|0qMR5ZUc)DdOl
z(Ww@XU+&a?KRbl>_2UMd;)XZCo$-AktvR*4s^~fe$~;okcpaaVs<N43e{knV>4Tt+
z-}RQG_t|`z_33qQy05$ZvFaz)-mZHx?d_?LwJk5{p(9UutPfm#rQpYp^);!ISQc}i
zq~kWkE7+(_ST+j6PlZS(nvCh<m~N!_3^*WmfrTNWiPsee48%9sz&B|(<OplO+I9i0
z<QAv=s^rh3FzuiiQ&?=}e_E|$M;^PY2Jlc6<5z_L5TWeR_R%5^XxPz=XW0grSCVZI
zMh6TKkF(Sf+L+t2%A)a_YZJ=$RtbCb{~^DsE9END_gliMq116D9xgoLM(qhVG`iWe
zwS=3y^{|cLgpJxe-k8oBY$#N4zmfIU0F#~vql{6hjY(}>fiQBaf7#A=BV^bxF}bBL
z>co+P1P6COpCs(0ET-?(X6N?yO3#@OL=Hk2n3r{NBJ@}l^_}P6_z3hiCkW_v=V2q4
z!vyeLGHhL~7WB|J*CyU}e1ra5?F}0y$wqdbKPzhu06KecY;q%Y(Z}9idtPF-v4|;(
z$G7>gVb76CBL1FOf0NRS-<H$au6^^{bn{2SC;@H>SAC@;Y?UJty$?cBEqqylQGpd(
ztf^d5ltGH9+;yDw3BjJIKp(Q+N=Sm@$kYaE!`L=yPK(Ulkgz?=qgNje-oL)MJUBW!
zyUP3fhD6F>o#KPYAxV-`&82U`S1T444niFOl5NUw`jA~zf3rI!*==%hS*{L}V+Oib
z81PlTy{vS%t`!V=IQ;h2)Nrw<URF-~Q&qO<zRTLFOO~O>DvkZ1T~+g*%CB%L?`aw#
zA2$j*VUK-gNm<9gkf=*T(n!)%v!J~H-P&x)F0v)YM%tt5AWE%jocYE0tgh>MTE@cf
z?bPKQpogYEf5?Blc;ipJ%^gF0=Au2j!ny2i)s_Lb%4`X5#u=MuRgr?bFp2<Ok!=ML
zke}QL-l7<Iw<;p9q^>XnJuH4y5vsfeN0djb1Ow!Dix$_OZP5-nJpd&bBpIN)hPqR9
zD7p@MXdm8S<s>h&HoR}`Sr@j!7uMdb;1(1SQoKH{e;uv-DK4oScgA?+xWcUO<L1_k
zPei^eY>4XJ@LeeR26e8JjNPorT8eTEkQg*I!bV2%5bxAe1mqh2I|iEEMR+z%BX&60
ztIhcCF-xt?yeuA|O}}}?+DLp(p-oifmeAu2rtfg-N1tE`L;Xks%J04Pu+=ezR0?16
zk{8Bjf1|Y}gjvV3l{IT^=uv)tnHHPS3*4xw{cP_-2eO83wRZoVzElcdm&_{6l*OYs
zif<<8BUEAm+Q(wgA>J+)sOMwF6V?=k5n^q1)h?>5%IznpJTEFXv~^^S*qSwc&-TNm
zwR~3_Ie)jIsEe_%6729En-LsEkTg{wD$4R}f1YJ!m9>x>oR;viE)YQvn?8)lKWF{6
zjj1e;!ZaC^`2NGVix?4Z!sU9~|1K1za6JsuwaL{UlPgkh5`)U(xhGaZ@5SNk_vaVK
zXT(Xay1Gm{fX&(@!Zqu%4XxTHSumhEI-=e0>azdPqiFEuNd%*@!+#f1s_*^h!JF4o
zf1yUXI&qK=IS&a8)LsJ%pKtKF!T)Itpy=c;OePPVI0iK>1`l1`wy%TCZ(qqF)P9rS
zX%kHQJ2FT6!?B+Lt56}Qey}i<uKw5huC?i4GWYilH0*8`)D%HZBR(pDdk4)k+Nu4{
zcD4*)2gx8D(lP#&z>_}>l8_R|#zPRBe@Y=NQ1jLWZ|JdFzES3}FyagT=Vnr}$=aS-
zySr^InsABJ32QDh433P6pO5@BrTDyp_1V~-clT;z(!Grmtgft~2Du8KYn-XhsB{HS
zTKjDG)Y(ejxs*^Kh_@WZ3R@?YCh?f$M4|Y{-M!lIvuEJv;`MnEO3aq1l7t*&e{E~-
zuCeB}U%KA1d-4|B?pr*A>mzR@+ZT+~w?v@491Sxv9x-%y8^3DKUjyJ=tA-A%R?)+7
z*b$c;8VXqsVAAkTj5=Wubo%}<Ob5h42mBHPStE=-;$y3AY}(!aZgmP?+L(ox+C|{y
zC#y0pG4dq^MA+d7$g^Mwi$1}vf88QKOp0^MaO$LXVd7Z(L2qhT%l4k5)ZVdx!CkrM
z@sqGtaw6`)r+(I_NHki_R&6@9wQa4&cKmFonO@D$Z{Pj$);l>rf6wrV{<Pvoi=su(
z4<o*Oa+8g7EKU2ne`ml{qP(h`<9f?p2OS?hz(8oc8p*D%L^zv+QoU?#f6s!5jS_Sw
zFH9XL00X{$ajhm-nbQ+G+nw61=+1YJo<PZIq@*Z~hh*mX$_^tG9f;9(C@vX8Fa;rP
z)<#I1yJZWLYcb>`)>48x9tN`7lw@ne64Z}}=@@;k(KRT7Cl|-rQHYiz!uK2rgqt3q
z6u>c?B&_3#*x%aK&gI7me;to&KB2mv8_+{P3-V7l=9$g!%5ioTRBla&O7wcx6FGJu
zts=-xbpDx%0zG;1jb<VR+^v#Wg}_l!KDY)(5sM)rE$<@s7-5JvmbPX}4ZzC%<3Wu{
z4Fcz2*0I5sL1HgR3QtIv;$1=8L)DpaQ>%cGg>7&Y0pv`L_&6`qe_%vH4ro=Ult5N_
z`%Zysg5%oyj9t`ccm`%{0FaaCWAoUAEUt4qwOyT{$EvKcu6_)9=(o0G8Pqnnl5Pb(
zWNKJQX<+b`b{F2MZS36H+f*Frl<KZ7Yd|yAmJxSe8rr+f9>dYZc+#|s_TM7&5_}4?
zcf+$FOC~=86-LB5f17F9*{w~=c1vXefhyaxlu}xn6m4s4h!AI4R`j5P-cy;<NUupE
zIIpa(k!gn`v+_=wx30bo#t2xhCZ`BBninTGfOY=iTaaHDe0PjF!)Di$@o=c9z2E5o
zR!4eHfSGE0r!Uz~u7K0%UMU~fhc6`0Xt5DQ@?u=^frz<Jf9b+icv;$~z$nC*ymT_3
zD6WH_RBh<l+sLm>O7qQL7uP|2#8s66@l{3Alq-fIU*&Z1lf<9M^mUmq=mAekp8u8(
z7;r?wa{0w)5twisg4(U^>OqUC?F_lY&X7F5ToKwCl2H<-!D~3=AsoGp?Y3)!=k}hN
z!bsN2V42FWe|4qA9db#uV+F@L#g^ilJ<1m3%h}Xk_!cc3hc-S=-JCwFHSj;ZANsd|
zgV_nxp0PGg+uAWlCA6mr!T?|nVUh=`%CXLO?cn#?ruv<2?bJd{k!w`UQ=(HJOUN3Z
zK0mo3vlOXk%6(E&dREBdkTKvOxsd>_o!ZjN&SqJ(e+Ci&rhLdbeGrCJ9CT4nhrc!9
z_QGB$41$1MZH4+yd&69h=xqO%BJ*KgdTsBzoi=Hs4qP3do$Yjrc5kP)8e(UYUi|wL
zWtt@<sEnm~8^Ct$SF=r4PxUUz7F3N@QO3i0{V0u%70}%)pK5LN(AFNy?Y4<TXm3wt
zvaU1=e>A4l;1h<4g&DAD>Bn%S0#sP``jAJ#+qJcX+b>Bd*ZxH0>Z6ip&_Zx36fu-`
zf+wo&fwj#ZSSQ8+KkedQ);)3P;SA45!|v-UxJa>SslNH*#NX9@K+ppxKBjbis6_xK
z9YjnV{W=gV;KVv;md9cvwrjJ-+q;AfUdJ~ee@fj35#bz3vuMqaAlwZTIFo3i(4jzC
z6yN+v?Olf#`1&;tcqJE6S0sZTl`O;+jdVp?eA_yz&w_x0@1ZU&fgbsnkF-<Fj%VmQ
zP1E9DkCeP?yko4;TNJHFK>`OxnPF_1pGJ7VLlcxB{ul`iUP<lpoc*s1J+|mS*9vTk
zf4C~ZR{QPlma&CbY`ruQiaEFw3(Y|J==j}1m=b+d-a53Jo!Te4qfhcXRFeG|TqkT}
z92&`80m6y)V(S4k*cHY^Wb=nv*wl%KF`$l@RXg+udaSNV-@4L2^ibj?yH_3^f4F>o
za(;3Amh9ul=jR@ob8kH=WyG`8KDce`f8Z?JY!wKW69ornaw-Vah3R-^Cfv2xwl#$g
z`D1vMXe+~u8$ic!6a{8R#%no^(t{RKfb}DF^3J+6!FHL;?b>Y7HnT-~mL!f<5`Z!i
z>6kSDDDeMKWp{x+WDV`w2(-=KzXoCcAg(Ev58u_TxCU(1M$lW|(fB!6gwnyce>ZAV
zosE|c_$aLIUYF&=TBzI$GjDI!KC{i8YN&O*zl|pnOjCPzn=cLPe?`$Zr%8AlM!`*R
zj5!5p3;XPMcV)u#kk;w7Y0Y$sOQ_9XZ4!U=R(L?k{!{uIoCHCwfVdsl_Ev44ZtJDy
zqF*{jLgh<RrX3^&xv<1<om54be;RfaaH4BKSVkE@@cgpwn}r_b{uollE{Y_Zi^ys`
zOI?8mdeEyu-UOBWR)svgU8<9*g6ONb>8;vK?G`h&j^??7skIn-kqWnJyH0Jf>(qs<
zF}CKjf&>Wj`DFTqzpWfp+Z(kx=nYGrw$ut`F%5jB37P51-8e*7R(WOOf8)hluluyO
zIB~&wjtez$m}tHO`q#(XMLIY@w*m5mRldb+otzSCqFjx6g>`w8Epq9yR9$3zBPkSP
z{zl_W2r&7Ge%REhrf9mo+6S_yZJ>L$S!UaM^ChCQxb286!++7E5#LWzUEwM({o&-2
z?AV9|M6pFntsPhkJyu)ge=b>>wi=q04PFMk$pDRv6BO$)MQ~zWG|Q?dwnlBMwi#(_
zugoV_&PZ6^H^5<B6_(5HvLECaY4+M|%oejT?{uK3f)l(H)S?%vsy|PQy5xfMX}flQ
zx%M7mO%<zjdLr>kRTy%!wwJ{wds!%#sjdn765Uzgjfd#}JTXb-f9)_0I^fz#Bepnc
zgaqf?5ye?q5J)})Vf(wfBp7-)UcAml<pN7syv`-bwv_i<wQWmVY+F)?Y<5VN5H=jM
z+bS@?S4K42s;!;c+H22yusYY`)^2TtvAgZsI}qg;S%>%R`m<R(NObe%PR=SZnq>VL
z1xIFlhznv94jU<He;>8AtXsx5(eZy654$J{##l@MF)Wq50DR~(SpfDY?DDN)%0bv8
z5pj+v;04rn{omqD6}SM6DU^DW9p7awOtKY`)NKh5WP+lFQti~HR6Ckd?P^1s@*b!l
zQ-owshGC{%Jvf$Ga>1h#!e-Q!9bFg=%TT*nd%2rCwh%FjPScE{VXwR>>;;`k2kwvr
zG7>LH>`Mc7eKpomA?@^SG9D^C!^<NE(C=j&_&Ir=1Rf(mrmnT+MV3c@2r_@aV82tE
zF&?_MV9_oMCOc=7+Ey!nn{1m==<nq8@bdM$!=KRun`OULyqwZIe}pit0?8<Il_l;m
z?yn0l&|~$lXsk&^F-y+Z90i3{L;wb;i&RD7X*O#oDuf<14F^n6g!2T87m+hw;g}s7
zN)y)Rk)Q`pSjx7kIOj8fWcC?R+G;d{umYIot(|EXdeFRi2gss-Lp@v{OH)h+YH#qR
zy+K=vtZWbdC{(t}E8}$9`uH+!h4H$H0paIWmp6hQQx3R82^}1dQjO<c9h5m)Y_)3>
zsP<k#X3^1bat7q_DKJ}?kV6mJA&+dsB;`3fP(i=z?rzkL*7kFQ9{dzVS%ztNC5Tbm
zwBTsjUI7Ogvg;v#(Ry~=lBu_9C(DE$8Vls^hC(y>Fp0eOef1=3bJKep)_Go!Z*V|B
zr1+z*ZgdCV44*45qZqYmIGWAcxNh@1P0M$Tz4p6OnNveHp$PkV!NoHV%1~8%5u1F}
zZ*8p_)7E3{6(fV!4xfh})}utNg3>vh1veqZ4k^z)*+%+*u&EqDkUU%uemZ`8ae4Cg
ze;yxRT#9J+{^Hf;>A}UTs}i3<B3reYVCZ3Ov|5`J#Wy!5LD_BG(Mcc6<#DFrwUK_C
z@6<ht>Qy->VCPPv>9=Z=f-RdA7>7v5S5kRL>N2Tz{>~W-s*O3f7<0by;hnH*z#z{8
zxmO^#S(gBl{a71+zEA825XQS87+U&u<qB2cxAy8D4fL2zHrZTqu0s7}s=8p&c37Y^
z3WAXeLLDVAdOWhE0+2aI>M_>lAz!+Li+!b3$q^!2N)Tiwwf1ZOPQUh471^p*h2nh5
zo70LcpwJJKfQFSE40*Nv%Ap5B9`ha|qZ)$7aAVH)4r76TM<kqgMRwxCj|QAt>XK{g
zZuY*@Z(ysnW$e9eTbHWzaTZ-GF>C6iZ&>C_>LFM<b6XKUR*qw`1#F!L!!#7$ftcP@
z6nizUo0SK!E2HDE^wEElI0AFjcYt7TDljdw5_vvifTx3cby5|>mt=6JDm&^7H_aKo
zw2p9&#o$<f=jgxn0bKznbnh7BfhltpWBTidpI@Fgw|2~(wXOK+VRydyl-dRT5u51*
z9`8VB=%nx&Y>YY&nytNUW&<pF6m%pCNLZitcX`(5I0v3Hyq$3B5}d}~hH;MzW}}(R
zv??RNC8+uh3B`_gAHk{iLZ@%gqD`2yYt`t}Truf?G04@Mj|fFupSes{T~G{7RStoD
zy22~Ha3Bu&fL~o)oUY@4&OMQgQ=J*ZLuk)$*!8H0yCQD8xj13jsL__qp+)Ej$n}j+
zo;RY`R{AUhR0Uuek8Tnqy$CAMjH0PXeL;ws{9`2Tn7U%lFD9{8dK?hjV&s*sTqW?8
z_X0tGTYW3$tgBVsPv^B=$DFqjSG~Z)5@V@)42W<jenE*+>J?H(Mia`sX~C)9s?wNT
z;cQs43!Ni=#HUQ};YvRerI1AFMd>NwYs2Q4S#A4s<>TP{L>%c|tD=!|`TAGw|Cjr|
zDj$W!T)q&;jFZzfPkETHd3Mm|nipgpTVX_hUL=yMg*LOs*;~d#3V&hPLM>kzBSdR5
z3=j*OOa_crl|8^x#m|*E2uaEp6n;%G5yny&hhs`*412>62a6dbRyo(R8+SeiO476A
zU9Np(CP=S6^bV<x+2M(O6oIxFpo$KFvTGX+(lO@QOWnfb)!<WNMnW$TS`~U2EBA<h
zvUd3gsUni_MW$Stj&UgQMf@O{=>r&02ePJE`7jXv9r37%4lwV{kRWy%P`(2AN{z~1
zkvyz>!NOn302-lVXGW2oASCQ@e)7}B@!1<-hHro!NOgb-QcPvQ6$)1MXs)VDN?YuQ
z)=6_Hf>I6mDb|54BlTu{Q<=GF{1oPYTH&EA?!=K~L^0SLreHe?@jq6|7MF3dB0zGn
zMZSKx@|;xhs7(9iN`coam<zg^TDK)H)FNw&xV+rl*q~=&Q6jyc0>Yti_p74q*Rn_O
z#nVRFP%aTs*8wb0fTrcCv|1d9!93eK-V|^BiuivbJBqkVlF-e<YcSBJ2o+Zt%%WI-
z6{;T&(5DoyPW(9yI|s|^$ho{=lQUf?f9sV#CiEith_H)Uvc?f23@gxV$nQ{7GZe&{
z-S}>JrKL31|A!jQv#$u2qhoajT+VraoM9(<oDHnI4le|VKc-8-xzLO-2qRALZp~tz
zaa%v*z3HUyD#w_ptWV^Bt^5h~+2nn%0d!$`*MMzNA2k|bV_qaWz@QsN+^wWlfBB4!
z9Yrs%BtD2_!^t4J@;KZ>c-Jhxxrq>--EssWC-Ca4;y2gIe_lU(%#Sd{DD5in)*<$m
zAIq+FekWYh%ahuM%lgLUAI2w#?~ab&{qpws?EEq2m{tFGqgelQdt+Ju^GQD6djBJ@
z5C}Rk^J2{&vU0+)eeQ)WKacWJfA9b8#o5UZ?=Mc?K0*oL>F<AYtG%(Eum8QdtpEKq
zAFO;m1nKR1oH^VB@^?V~zdhxGGa$_b``>=+{Q`6w-PNcO1$eQ7lf<NWoG|Hsj=Gza
zN={K~W-ON-O<IkUo;Qidz)VJA04x~(yYJtku!$n0Z$=~4fv22+*Srz0e*)N{5#XZm
zI+`@FhDQ{q0oPw0W<J+Q7z2}*>46MxL)B*sH}qqeq#14{q{W~k&6u+n5ks2zVHZ_r
z=*dbMbuZVvzu{i|^rJ_m8LkH*IWaVNk?5Q~Cb6ALw8244umoSr`%l>2UCcIBZxTeP
zJMvlabi;xjj5EPAyT$_H5kU`r$+)iVU7TS3v%Z8I_DPdxUp`EG4X#d16~%NmP1qvm
z=<zc+)eBr!3MaQFr^-W+pDrCO>;Bw>g6%}%M_fHCPX|E)lEqph^P`V!O875yhIj%X
zFClnk1Y*Fbj&J&t@n01+eH)Sz0Ki58@em_5BMIdszW%_wLH}>sCJJmZB|m~2C!Hnb
zUE*hgrD(<+clTqQj0b=HwUawwCrJ+zmA0QusxTPYl445xTNrGOBo;qR1D1CXBs!#)
z$D?e3B-8nbig-M3j|+#9%B*mDFmnU8v+pS*LYFt&avs%shuH>V$4_XJt6(F4oe;o`
z;uK#$3KVx};bc8Bi+|W1ML>Df!KV=*o?zIaS8$9e!bNb0aRf?9Lcz!9=|x-(;D4_u
zSvcv8(BrHp%GH}Oh;eXqa6H~HxHA>?uu(h&q~w{EQ%-KL2h9d>rhPojZ&l?7vih-~
zUjX7(cia)H8J-fq#IUC~3(x_7;+7Qu!EK?5fu>41-Wu-~jlEjF9h2NczqUNV;HrQa
zmI+uR?Nr)H(At{zK_dJwtl35MN-1>Fv3`^hW-;raN{ADWo-dn}N!dLy!W{~Fflmp)
z2%Km`Ep(NR0^^{{$cwOd7gMr_ahIbmS`0Y^EZ%En$7?j&j249|r1C_6f-bb*%>5+U
zAf!+N+HvEA>N>+ReT%kHT^;{Arh+>yShshm8Y_2N#D<*cEAwyQAmM?-@%w`jW|!8$
zG4PX*oOXBxzgvMdZMD4jTqZmusO<nL!VRvOONMUfMe9XDk4b_r2SHdh90cAA!r|~Q
z)L@|fYy!6&d`wr@6!}npHKFvI#mr01CJuc~&+EVZ2ma{`27pV!k<@e7OMwM%=MGWY
zu+B1vwkg<c05s6<BX^49CqWNgi8|bw%aCAmKsafN%F#5|x!&QYuHbHbWBR-zOx}jC
z2`j39q<h}UEs>!IKuev{8rv8upbP-=V-SpRNOK2S;*-W3=NsmK#%C{6jB5KNz+@7^
zuqMUpjZr}Z0215*B3Sbzu8Qn{%@`<lK+kv>pu2;gFmzK@B-Eufa5{!WPN~-qN8-Ir
zZkpqvM4{y~O|`fy{myoNrrM&Uq9-akE-PiHa&PAPAqc}+&>$2g1cCOST1rS`yzTjz
zl_&_h*I2c@%lVXlx|qix9wC8i(SiyYvGjt<)*-QGR`eMqkL+a8m0$rXAN8I{-Vs|S
zv|Bfy0M`lNoK4E>AO*&=WBh9h77P{7?5i=gt(9ke1}Hk9g{Qz-rHB=!p+wsN=G8Sg
zP+xfk*B5jU10Z`sslNbnc_`cgvYc;)dCr_gYj<yR;^_5%tuvZAlQ3@*6A%#xix?=3
znCcx>8E)`L+Vy^;admZ-!dOv5%skw^+4H{n=jks;zprDvb^dJ~7vAE3Q@-?)CSFrz
z9>fJUiHgD$jkiQz;L&u(Szs1m5>^%uV85_7JclNLce9xcyymU9!VB1^6|Cgv<=f@e
z(SPu1&|*%1xKy(tUr3~BbgnKFc8ZW8WF84Eaa_m;c?}2myW1d4!~Xin%bMM;C?}W|
zg$dE(_b9u?do<J0-pw0&Bfb|8cr-u{iJnu{61L&B%AU)&-mgDEuTsAg9IgpmV_^QZ
z3TPD8dJX&}s-}}b*NFCX8*YLlPyTMk9Zg1ID^6~I)`3yMU9V66zCL9%j?`&R{%%IY
z12yB}U#+x1We8LCn(jgdvLE^dhizmIa)y@&q=L_~Wr3&NI*&O^`j{pSl%h*B5TY4p
zP0Z_Tm6fXB0)0g++(0gb4V5M@3sFOIW+34a@D9Awfc!X-9aDIv1g8UoL4|TvMm-wI
zOOdC4Z`pY8f{ZlCXTZrNiI16ea*=Jk<i@X80_W0d{c3)frVO~-b>!yP-7!`TGHqxP
zTai1!5lTS1PB=XStn#Oyk8=c6s8&N0Ee?%kWGz$xDQcKj4WEu+k2E^rPBlE&x5`m`
zU?(-PzXV|vuI$nxuj;{?D^bG<Dg6Z*P-sAZ!yvGxy7Z%RC~`OvMUT*QG#L5AQ26H&
z0!b2b{H0ovBAlG>h<Tf)cRE%J7U<*Dh9P?`=;Y6Ff@wuWaxpGssPOO;)l!?6`~h+Y
zO{>zNqyvzZi{Y19i$13;$yhfrNm=%W3t_7~SK?VC9Rx}D`}FAWQRDwUYcAl!BRP(L
z4{8qB1x2Iiqq!!j5%c%ZGLdqrQi^g626am+suz@zS#i1{9tN@o$TSD5?sonM&9U;|
zQ{~KNoxxxBz5fn(PUU1lCJfn`S~4(GzYeVJFDu?Z&Fb+Vzo3C#%8qM?Q*!kTdEI#1
zLM>@sYI3z=4Fz)lG1oP;p$3O&Sy<M8I|_hZLnnxOghq+KDe1K)D#T9nU?k@dRh9^8
zWDr<JkuZF0F;qzc(3I_?LUZV`lFZ_CXyqcL^6syxWVZzFOX%d7B+OqW>nA(RncV<q
zkhX*-5p7z3CJX?#TopGmEaR2R-26+Iy(%#mbWBA{!kd1^F<-n9S~LTWKUouh^^tPb
zpxf5c8NSDOOg=}-8P$5uD)fc@l~@ZQ4h5{FfO|XkagjJE`#hxjQbm_(@xIFK$rysK
znoaoqu8EA*mDh{>8#>P+iirc-m)|Abto8cImMlPt{ez5qYBdQ9D{`sAY{Ow(IX7{o
zuZx`qhTbR~G5(&-hO`=2lfPeou}=+hm6Y{t%n2P>m&|MzzhX|=g_l6-yQMzZa7~r@
zBtJqHsaa=C9BpV(Nxoe|tvVZ>rDV3|@vm_SaC$EY>)}{YFuck7t9&X~&4f?OAzGXe
z3AaQFD}*^DI{uvs8$=cfkS)0_s{rMg99$4a;RFL>x5@t(M(m9vcFwVXHK2qyKy2kO
zE0J-z7>tkZpdQJg@bV3!loF>VWhozQKt)>_)uV&l-^a-5UX!ekUV3^}J_nH|Van(Z
z8C<1a6H=lIzzVoPqXM94z`zrdbzl7k4FYc+WaRZU1F%j!Y>0{gxgwI%rNB{S4NqX7
zn}IkBJbpVsScX-~6u8rWZXA%~7=clboV4lU5D8v6IP{nW89<`1$af8cYBA<b1e}zO
z1A~FotHWSEblyk4wCNq9xT_TUd`fn3tnD3JLV(8Mx<p3pV^I)_Pc&T=iSfJ+CeO!L
zeF^7vC0}x4ZPsso|IG{Mn7scbjqqdP4TGrG$6-^suh5Hey0pB1;+_3w{XY4-*G#<U
zErjG2F8g`0!>Y9Z6-78+=I<-s_uk47UjK^sSNi#PmxwB4tc6Qp75c3F*Una2C7}Ix
zHS&Fdl~rssw<;*|jvlZ5Y!kA%83!9iI;6dz!jV^IZ&#!cW%gB(Kf#0iWKbn03iFaz
z^Wq9Oe5ENNvJb0&3R&T6P6!)aRh<(;YaY_{J!_ED1OvGaBha(c;0(}{*6eB>d`7UN
ztMi_l{MP88_`U6T{QT*_)Sk8iTnQvt%|5Xm+t_vk$E@Kv_(Tro0A;s<hGgGL=C4_G
zMd}p{i-?u5wHGNlN~JP_Z3E#!TC-q9RD5WxhGkO-5;6*ZdSibU0AUxmb#jUKBOqW+
zE5*yc@}kyaHA2mw3n267neg)GKUYBtFQBQaXTyPLh>=bRE2hS_EYqpE^t`mOUUW;;
z_-Shp3_t?@esgE{O*nU_&S(rhHU_FgIXL1kE+EPl`7aaR^6SQ5tCv;^xqmJJTiOD`
z>lc6c5j>cGnny2P9`)dzWz|1+2SJFE$3rERh_8c~4fKHj?_$HTrDUkSQ~du;%)Y#7
z0QAKd-Eo20@)OM_DGuEz%#qfmDnTg`J+iFg|G;gbAwEt%7SIJSp2G|kDH=>zOTjMu
ziprExlyoxe9Qql+!Oi-Sj%wL2V}|OH7_T;wnF76k1!CjYRsNpxS{A6xZ(h*p$KFb_
z*<4wjO>~~K9O3=N+o(fvXzn7Z!T%-J^p3gHj$BtD;z}L_ghwIh(N#v21CPxsSbR;I
zO(OD$@B%*#BeKS(K#yQ9@uaaRih>BubBM^pCcQ&rfb~>ejf0ycATR1hgOsSOtK;Fw
z8^p4I*`n__@ljI;@?NYQzCKu4ZAbxg_UBN6Tp|o<=MD7Tcpdm4s?qaf$?vW|@m`^>
z^biZ>7_W8@1}3U|r$m4JLfj54CClC2UEcX4@>iFxp<nTb{Xbuy93H<tKYpY+ru%<x
z?QOR6{-0YLn>$PY&!_kt#-m9>y0jOaRg9f~cxf=i8c3%dKqPPCe}qxwd#4zx+fkTl
zO_vDV#44Qa7Dg&j*c|G);cxin|NQU&*TQN4=YRkIm`U&kfe$1)K<yxgt=xuPbXmf@
zA;Ar0iOnc{k*qV6h!vOxjoq}-g2$o;tg$8^jQ9?QK16Rjz|-e(FS`R0(!vF8<`<-Y
z0+{j(6WVeu)u$D?IkcVQNMnQ=IuOEv;sCW-Wpx?qA9*l)CSPf#kcA05WMX!X=Kq^I
z<I{q-+y$4cG`~;Q!IjTJLvG8EZnylf=Umd`5Z!aou7d|I8s|PI(!<aidw+cl@XRuw
z$)~y-;Gi(n2SoqlPyO&3_`L&Gi64`Hg8-?WX?$2Vg^A`TCTBPv>rLE60pHiBU(q2P
zGGL+BL1-8ku}h2v2G@`TagUB<hmHh5-K3QJ1?5t%G>-WJ1maUXCUZ)1Vt&hL%;z~7
zbtr6Xxh7^pGgIoAeo#Vn{-*w$hw=K<_S%}b00$U?O73~aZD~AYdstw6O;zARxtbn>
z(a_U@YiBCB*AJc?ALC4F`V@!r^+1KQqm$mHlg{0J9`;Z(+7p<_*ctkxG7X^+k-u>o
zd5=bZjb)D#?-!HxZ6$v-t!~D%DaAZ5d3k&kMQmd^3sdv&tmb%5`5t}$R@q1xccXK5
z0us)e0-J&VDIAOkly+s9X&)HWeh0KYh8uYd=x-SJ90;c2#Nj<f!F-rSRO^vl{Vl5(
zt$>U~x50$)pL$}jE&KM{8?-Iw9hY6cjH}I^`{tn$Y={lHh@*e-7L-#gyC4j89u+tk
z^o@vu%!YStMMPs@Ey_q2!;C7R!Qa!LAubCYf~PM{>!GlDDVVgGWS;tTX@`*?4)BB+
zsarTjX1303#9cbr<pnB%4dO$XCf_ua@@a!>679LBaxtyRcyzNP0(3O{(fkbmW(ot9
zNa+X%+t?0wDx-gC(LNmZ&`yNbcElhm@s)sB9>+`sfJrMYLy=7oOZif9F1WE?k8{OS
zDhD3{TiyiXJXrEzL>U}#CYUAd5i*m(#IT0euN+0seQ6j3z8&Tt3aHJ%u;Ob%!B&Cy
z)7$snPr;DXj(PU!gJGZ6bmQ0Pcbmv?vwOBp&jUP@IM;ti1}gO2!a0d8nUK$YVw~CO
zLNKr<5~|0WXI>-^*@eCH%gtf$5m_)3oeStAtA#8)z;iHj@}Kb-f&K+F<-d?|T+PFL
zj&bx|)-m`LB%P2Q`WQbcauufTnXq5C)tRzBm}Mv_n2yR}Oc6}t2p@<VQodr<51ntQ
zCKh{|v|xWi12gdKqj3TlI!INOZ5ghs`Dt2^^u<N-A-wQcJ&pvq!vrN_S)_0h{x^{W
z3hS2<$%v%FTs+Rp<lh9U<Tkx#-lL%u5?_`0G`0*xH1aM)kb+TOT(2VA%~ic|Afxi@
zg*`a15!?o;Fm^WnZB;-+jWo_kn@X9i`hLQu-fMq=VgL@LM9#q03eiXeFH-4AenM=*
zF+qn~#fU8cr}A$CLFAL*Flc~?VUssJ0EQe9vk-NgcOfE^B%b(DHfi>fAXrm;?XVeq
zLMJP9vzCWq(J8)jw8Tc3>HuMs{p+v_7Q^EUi=`3N%GjzKU`WBLrctvHE`{5#nMjf~
zd|-bT-?yemq8B$oKuJdtI)A`|dc-q#F-IlIRvdkzua`<B#^{!xrFt9(YidUYD$NNy
z=XZ@yz)wT8w<D-KM4vH_8Bb|-ea~Xx{u^=rn#A&nI+RhvL+&_m`)hnCNHBz2D6f6`
zXp#}+2!^|PO*^Vch8}P#>DWZc^B5MvUip7V$VPHcbQVx(mI08%CeG!BVm>B1za$Wc
zq*%BIvk1)G5f9`!1$veq@$vTQNCHm60ZPGcFPNRQ3@FI%+#^;y+QOHo7z%O_rbp(T
zcL2<1?2b4?y+!Sa%+A^TI#laC*49Y-ZEUB=lU|6()qL75ZZL{M$B3>rs2M@sO>%$l
z6~qFw3VQ(=-i*dwvL7B1?hSFGe+?s{NngEiSsjuEwL^+avaZ3xB0V9{CQ8OHNS2A@
zFQM&C=TbS)kXbP<?MtKqm$2`>2v-sHv7&;wa6wOD(xnGFK^29IN^D^~KQ+^ZFkCHD
zrc@#mTL4Sd>Aw(DGKQiFrpUcDJ(z#Ixm9c9opRivc~ZQ9!i6he1rUAE3wPR*TN>C6
zbdWC&NrTMe;&}>)D)%{s=hHQv5Jmn}+lk_vn5Am_!Q-i#^N=Vq9b&{OkpSW++O+N{
zV(ffnHlEpPVX+-}*1&<CYk^PeJ!FgU=InJKo^@(Q3k5}ehsa^Le1fV@KMsF&2%2Xh
znR4v~-<WR+pIX@{ERtFqkM{!YK58={XKt<{_?2lWikb;h-;K}}E6c>rSJu-U)fOMs
zP76a^VV|%%g6t~(B2leUTVG>-mvH#Bio6g&5_Su3$X!fnJVDT7!b6xK9ruu9qME!6
zYf39%z`*=alzuD$J}<j(qUL|*M?Xw3QF$4>i|zv%o}px^ByrP*{Qp$Z{&Kk^Dlo~x
zy!cMFBDx!Q(65l$;hxXw*4Ox7-M|+KFcCC?5Pb{ed`O<?o2Uu0`9B)_Tp5M8P+;0>
zZQ_5nnA!vAvyD-AQld)<>2iicERRg+R!bsh(~$D+h4^5$kncRQNDY6%5KB)eILXQm
zqR1ggrR1kXqhJg8aK>dCQi3%KpeGHw$IKCHap`NVPX~?>y;83&6``nb6!5#G4|`J&
z_ASN0kZ=^b0G?m4P}*Mkdq;YR-whS`1?6+|mG$F0t;L;?5j4I=%?f#RjwTfgmQWY;
zWgLu{lZsIARrpqAF=T(GmfjMOy&Uc?Q9y1XhnK(YoSsu|{Dd%~jRDK<JFg!{-#d#l
z5S}d8kM4wYv)4gh`CA4<nxFypu(i<^u50s&Pq}eNnDYt?hr60`O{FS)twE$q@za=V
zy|K(o-BDpl6{Lql6nu#>LZ6BoRIc0pCd7KAnH~<NbY7ciOZ9(tazclK8|$)Y#raK^
zkP8QDZ80Gwy$oZ`OnSnzB@ge6`>&~Jg|2x|s*f$jlo?Vq=V8G)qhczXDfNR~_%^3K
z70%1pU<CcGBIrAkoSdgROhHGKZp56c(?iXq4%1>G<Sg9-BAFfGKF9mG{7&vxlpa#q
z>T>#6Pr~f%WhsBBahsRTcjVzD28py^HfBS&cv3efL5Y27O*@>+s6uZnG>KO`kEv?S
z-7E7qskw>FmY<>`h*!!$2F5M%urNRApzTP14RBiFYn|%=l@UsBoKb}pu95&$f1D7R
zpO0fKE>G)Xt;3*KSg~q?=xq}3C^@bRyX+B$5|{g&kWYW*fIZ>Y)pKRO8%@NDT<5tR
zX|bk6MEy4<I09J(EzB?~>=M}!Rx27^eyRy;6iV9PRV%x+)KV>d&Mq-_K~4Mb>i31)
z=M9(bPY@}an-o2zx7TG)yg|^NcprzDDzhgUO5hQ7I^)C#o;9Uo2afuHxkB~04vcVd
zf!CTxCH;RG71bEnjR;hpPpoKxk4XzSC5|~gNz^KM1QR?As5m{Hs?MDbIQqt<O159E
zOZrL=ujRdp@6gwH%}|gSUju14U}uES@F=c>z902ek&w)b)mQpfbHbm+e36z9S?udH
zj>eP*iV|liw?@_#3OXum-|T#?YU_w@=v*0f!Nh;Uf1uy1;R{54>Z6|;mnEfvdlN~4
z<EWTeqagyWo)aF&IFV@z8oiu2S@R|t8{j%=D~6`4q&fx*YSFap+0k|*TjOQDI1_!q
z`Z*ryZ{s9PyPOxBldPN!t<2nqOskGK^EbMhkC{t9qYMOEqCDwIS`^e#N-6_9N5SGY
z$+Lf~r=^TYLs2G6ok)>CQc}B$J@4`wQ(hw`MC+1nzCkQa7Xh8*T(xduS2d*Wlc6F{
znkyGL-GWUV8W|iE$13cRxfw-6QEk@nL`v{UF^bv^053bvRf#^M$nU6xH<%+y8FL9r
zRBh~twrsPIY2~4nDGiSWscQEnwYwxHzYl+T0tOb$nXd86C|P=gsIU_Lk(N`8tXSK8
zm-NDQ0p7*njgP1x<<x5u{)q$8s!6E{P$zkJI82QJa;GK9m?{;un#__0R$|<;AXi^I
z>=}eY`KQZ4IiwU604Wwu<*uUk=1w8{K4|t~X!|8hS)imTDEF2!x|bxN91u7N0y0~%
zo~iInYcMWldZHrC!z_#n2u%2pPe|B8N~wiT>mjpU`gl?%3amm~(?HHfm3Vj)b4Cud
zs0h9*F@A7>WJU=B5CJpV6Q`qLQyo=@ElJvFP!O`HXd;fYyWx}JcpMY@apzB(HZD}q
z-hJu5X}e*NPTi9bc`pxJ`SVYBC8Nx26W2ozb+eOBc`N}YlY4m@ONz)exM4S@f@MRw
zDOmB$n#!xM)Dmq6n6=914~I$TJy9-9ikESm^-NW^3UqE8=1MiuY2UZ89$m~<i^Dtv
z<cLH9GC0*8IrVnfli+zK3D-d&FN`v$MH7<`dKFHb+@eX+`UTEqm(&KrYvGyvBCHm1
zJ!L9FE%cYHff42Z`QQJqkM9_LBrNlDJSMQ#yqxgWA49B~ArhkGdqO8AF&Pq5!?YLx
z-O{+ODU)(~D}P~A9suRHyr95$3}eEvfbaZBNi~?2`a4KlDo3xF{FSU)wL<Nmg2SD2
zl7=$3HM)~PHiCC7&SJt~vH<jg^ij+fTaRrOvCmj?prD#g-HS12v1yDH{z)+M!$g_K
zC_Ge>wQ{mm2bA<pgCv{+t|O;$4E0IT4uf7LCX$Rz%YU|E83U&=)W3AYAy<Krtdd1Y
zWUh|bJnKiZJb?T?+jfpKy;gz*f&P2yHUzpFCY|ws6$^^Pke}FJ2@Z}RQ@QG7n8d|Z
zH4K9rkmt~fxw@wPc#QdkU3mDJ=0r{9AI6y+Vu$f9^PNTWtg@mh%!L^)LzP?vLBSFL
zm5Y*bR)3N#5%kjFox@v*IIALDB3l9R=DI%Sxl@)=0tOKGVOQjFqn>E#`&3=ILTO5T
zH@q~!67ZMO8DStIvaV~ay-TxrG=g4hM4!i$qY2n7Nf<o<S$#b0@bF@;7ynoij_6t_
zfmYIS7EcQxJsr{n&DD^lUGBp{(yVw7y6VxgJb$Dsy|HY-gUgGE91zp8YC{t#dX=LQ
zCtx<RY>!HjV*O_HOar1p>X&c`;_O7^aPquVj13N`9Rw_Rb9F+Nz0ZsMJ1y~~ymYfz
z#yH5O+43_wNQ>)v#1;il{IA%L&E2elAB`?bAV?IHlzc%A<x2U+XrzvbP-5dHK48UJ
z(SMsgAf1?Iwy4sS<WqOZlo;%<6G~yt3L%{)b(~}h2z_VwR;eJwv>eQesm<7*m~z4-
zxakpMHWXy>6t2;07BF5z*e^L~y-0=v3cWQ7YPg$JW%hQ~;80SX<W-rHF(VpWZ`O=^
zO}Sncl2THo_H`O7%kzikC+JC-FY+xovXdBn4pDb4?+svCV08Rp5RX|`=vb*8Lwumq
zpc*a;x6y&4P|o$~m`bo=EI`JrmxPTVqfK0=+GfGH0RQX<QC9@)@i4&m+X<Mu>u008
z>$^w-_0ETrcYPjPZ^oE5R7G!SS5LhnBB9CHO8G%>n6OM@P>Ge}PIY1Ji*+hm2+74I
zH83{dgX4j$UBc<dHh@uZr<*8eU=^A6qb^jUggC_^r&$2hsjF2lzQslwOQ#G66K#=`
z@O>^A!(a%Qs_}4)MH*XlJlekyCn!6p5=-WslQw=b0i%;?ekB1(laGEt8_I{jZCi!W
zKe99?2D;5-%`}%ro-5kyV}bMhlj?p+EA+LhZE4{qzJRW!{NluqQoKW2ith(vRvjUP
zc?I^@*9W{BN~8x<ti$B%lU{!ve_<nU`N{XfBpgISUg(OYo&?70$S$7>Jlw+jZ|E$t
ztEvX5rD@l(Po~5PX1g<J!8e*aZC&klZEs38j%LQjN?F;I*;q$KSg`X0z|Q=Utn)%s
zZbWHbJ?<L26ZOKO6%057>ImMJc_co=hx0#RRTc#C$C+bB{lDF<ot;Acf4|*j{jVqa
zTpXWYT%No+`04mRzR&0L|LNVkpI#qd9-bW^9lyOeIe2|uXw&*z3f%MI>v!*u&X0b+
zJbZU{e0h5I?tdO1UN~*L!EJMMdv~Y3-FSvYc~t^lAB(KsM3U;W=>@GDEB&=fYt;9f
z0SbE{<fcKho3t>eW#i!RfAIM9;^6J!@g?p87H4Nke}*_4B@{}dZdJ?RnOlwbZ%;0`
z<K>ShuP=_z{^R@St#6+<%mSZtPA|38e7<!_^UY)db;&xd`s;Ux2d^)S>!Wl>IDy@o
z*s{jYCvT4~4`07OhlO0eJ$U0>hwk$6rDjIB$Ima%FFzcgou9mWe+wPjt<Bxm7PjUn
zP#_+7KVAx;JMfA4*r{?`fWUb(>u1LYM{kZ>1BuW?M;EptgJjK(n>@&V<Ij|vivMcf
zaBX*$o!k41`ip;O@Mz!^O)5_T-T#MMfP#u1WZpL~3?!~nS&A2j@6V1-&Q_;arckY9
z61-<?4l1ocGhmH`e_KygRxs5R+<6IBXz~Jdta_%GoyVW1#eVyqUIG8hhDQ8C8gQ8o
z-3@Q66udB`>gQvD#+x|CSEAAkg9y<TW!9~aMjlkRHgdD>H^N@<ckjhFFUsL@bq(Qr
zwee?CCBQ7>QInv|T6ll}>mFy-N&c_KpPPYK#2Mdz^Uva!f4@ufQp^E8O21c~et!SM
z@!`9-Kc4*by>%xoOvS&>srjWL*Nzq*?(*;i2F`!QW8Qi0MqH@)UvfnDxeP)6!K>?{
z*LXZ}N(4v-YgKT7??oEsf%9{p=6pMs#Wxj#gN+;A)y%EyreE6T=LV(uPD$_6J|_~0
zGW16zStehee<%O!p$7{+lp$WCHFKqk__=cqZ5CFYcW=!W4sYX+LAT)|h2dOS;iePC
z<1SYRr+QLAPE;n_rYb7lY<>(TO+>}zcOwtw&x}}`nLon+h67bIVEvna<`?jL#i{Aj
zRYzyR-MvrEKymTV3fH;6s6+X)ejwzk;kgA$?4Q~2f6%=36NUS$A(~p@c$b|hq<o}a
z6P>P_RJY?c$WK!NoTx`y<Pj?jSv=qzR@t{Vu6j8;z$I&Ko5MrRdRDqJmmza79Swnt
zl3`NsH!S=KF#30I<^TTXp9QAu_iw&g!Q7btOZv)U)G82F2z|$&@wkT|O7F`^7PH3q
zr%4*QlX8O{0V$J^gBE|&)(!`>-)OW>U%h+#pZlJ}J{DLY!!GG^Q$>8{fRX!bt!9Py
zS|D4WTiE&nKP>-i_Wx1lm?8gfZML`a^8e=U-ctU5iqA8<Ch8#yhmFQxy!|_$tf2dz
zQvv+jZ}%To0UTAzjr)`Ur}eFQm&HQho+<=>={3qqf&W@w3;chtF9smpX7PUc&#S74
zGgk3QL-KUg`MW4tMNiVxn0&fc2`x^wK!xMb567+<hAZPO0roN#yHv3-uE52S4XHOk
zXNyrpmemF(G$bu>Np~#!7H}d8N%0}oaFnqV>qer7FxH__x#oP65(K8UmX8r0H`?W$
zhQpfXs%CNn%~pTB2x?=Np)0jxJU-eUq)av*fW26I0an!`E-4x$xg^7kqp&8@I;Oj(
zLU12nQmj_7VCMz<Z;^o?H<Oahe$D&!RawEm^;K<*u}YER^<llkMzP3^okMh(QM<Nd
z+qP}nw$rGw**JOAB#rH)vF$XrZM3m%`_FgQH~2?qozb4`wdc=%?)$n3PZa7E==ybq
zcae@ETFsy^4=Az0CcccI>U^fX4dqnq=|@RFs_j?~a|?l%s6UjaAoRl9YvP-IwnYy5
zRqMd#gZ}dnUh|j5C78IQxO!J)12XBH^@kdRPF9Ny4t~fQ-P%~RNIzq8s9Bl{EycY}
zP3uh@g^TDWA`w>2l^_;WafSLK)?aSY@v1R}CaEPfyL-8x5z^kYw}!`yqzz-Td**xe
zOur(C;G6*rjxN?ttAQ@uNhpl6lPr3_4V_t_I!+jb&vu*T43gEv!(JEJ95U{BfeE&@
z^V_{x^@i6;2YL191Z#Ym7;<r6y*f#(ZLut;k;_EnT+2^nAb*?oNUwTP0IGXo$iOKY
z`FJBXVaj%Kh@@1(?kEo9Z(I3|m0T>-q;SrD|1v;x6(m`)9pm#&z}UofV(arC{_6Rc
zBw%%8-QWgLzV1DNbced~y}7j9cs`!}T*T0~zYSiP66`s9Jwlu*T-cn3_?x?_&?kw7
zdako5Rs<(SH&vuV7ex6(kq-pF1N?|z`pA}}MFKLVc7dezGG1C&T$6W*c(AZ%g9+~P
z(g&db!Xx{`qE~vd4b%$fCWw^F*$#qD>E)ra5wEOcDzvRT#MJa-7M8NSvG996F<c;=
zXDt;g^g>lbo)@`b!Cjvuupe2Y8I5z03!jRQ->*J+^N9|eOY43Li;zIa6PQwWZ?3Hv
z>VDrBei-ikOqq3vcU2htJfECg&l2qWYzKVs_4)0ex;h&=+v^6tlr`J+67-u_i!~rZ
zC?yOKV5<M(O|d?2|H2L5R;jEDSP>>xq`zn-WP;Vecb7#-U-?lZW-*tC&U9-b6amx=
z-(Kd=dJnTCniKV8)$w`f4To8=gpJDV-hG}UJpU-`?hsRO&tvaTgkCEpzD`O7TLK^H
z#YCkJf``2s4<y-{L#iw36N?+VsM>i|8yznSybyxLq@6h)gdzjP&Y<f08lQZK5&2Ic
z@IBMWvJENxrfthKX+o2B#RsPAmTH0q$IOF{@+nPo_d%ip0?642@4Ap@heAJ%EWw|@
zl?Llgf&T?Mg{%F}ji6`Am_5dVt$^~#z%z!Jh5{BZyeCXbrv#zDQF0ajBU&TViiVB9
z+PKuR5Qo}^*S0EsCL(LE)e$#N*pUrz2OH9H)}QDF0;O~9c2O<lg{Nn-ZY;R;uSVho
z{?ltZY0S<^m)&OV=3v?<P2y}J(q=boXnn0`wH!ri$Vtz3#Oup)DIfGu2im66)rJ|Y
z3+xt-=LQ3xlkn6A0-yR?i+=r@;EvT``IJERq(+4*rL*5rU#~7SXgLDs--s>1o8vj4
z>;~NdgrC#s^9dp2g|`Dr@G^ITEQs<pB_6F06^02B*nku9Av^tR9-rV&A&{{WR{6-3
zT5pXLYkvW@NLqbdFs95=AZ&8HRxlsrPZDG6HJO>b8<!w5S$*vLsi+#1f?B<&Oor`i
z_V)-P;w_@U85UK1x&8Q@V#oJhg2Hy2I`jT^sUb@JD;aj?zk!enF9F&d`uGCq>8XhH
zsua)!67?GAdO6JDZ$cnW4!c$YFdJL<Qz2QjCjqz^))}l$LYg4Vz#Y7vX~7$_?K%A!
zTcZ{IZO7PeZ#q(hELmy)L(x0!_X@MwoO%-67gR4dBDeO%j;+oSfigFxZGTWk>Ry7}
zZ_-AE@10n_dtbU5iL#}`Y?>cDsY|UP_ygcG)>uW-CVW3cU3<m|N+nwfnDAOBFkTLO
z8rbu`gJzhxH1VQg15+j5l3BB93421(7MK?N{R*zf=#$(qP|7X*Y3H&Y*ikRNAQdyh
z+eG)7%5CbEbs^4l%KWROzv%oN)Xl#5@f(QKfeh(yBW#|2rdtYNc|x}<<gD60D<;)@
z2=MV#)M=bYe}Wk^TWgvB%2{{J<-p;7j^ni*Z0~nr&<Rex0ACeQBZh`e&?`^AjLT0J
zBKK34H01o}+QKrqnO{>6tZ4%4X0+Qqdbf-!=pWA*Yew-kgQjvvh0lCM8zHg+15VS(
z{`JP@`vPrEK8Ote-f#^G9{G~Lh#ZbV2ti5MmEUyuS{a<Wm_r`=-@)O%1o|^y_N6lf
z_Fyc$?>A2=fvLNV?&Z=Tkke*i+=d(T^&~CY>Bi4Zc*f~{-CB@_9(9&6fnhTDTZ{_A
z!T&+@CcSQlIzJXmtqf<PQ@BRySgXD>_(N&PS;eFp+AhYLEh~aexIa30ZV+33#co@S
zH%vEVA|)ejT%|R9&8cF%$SAr77zG2|!w!4rge(9*qWi*BA)>))a>A#|+AQYavFY9R
z7M7Yw>5Wkus1N@y<Az6%csWE!@=4c&-#X;-J5RQ_Yprj?h8rAzPJ}eKQ5fjLG~atk
zrjx&OCCj-uLC+zE{f(<XWx%bZcMzN*&yyIUWb{q9-6PhNsHV<+_g60$+uOMatIHuR
zs~_n17qf3r_TO~exj@&g{^)UIE<cQTOFk>F#&e6YpXBO2E{<)k0hO~-KR<3e7GwCc
zEu1~ZH31Xs=K86(WO5hB1GaHA^qI<e<n}&cq!!l~Yy?|vpcY37Sw>(gD|$9f4mtCk
z>4if)6%Q^xkQ@fu64W2`$-=NCd2ma!vL0}gko2-aNe%tRujILLZHwA4d^ddr)vWwu
zi3O9&u02c`YVo1HZw=YS@-u%Wq-Ll_Njp3_cwZTk<jm>W^-AJo(C5iR=tR9Tp1=GL
z@vgN%Ec8uKG&J&0zHbM4Y+(STt)K7mOrlAepCa`QPIV;*i*&()&=nqP1IJ`2FFEk%
z6k+W#M?r$%mwHz2?Yuv4$6n(V7!%Gt^qNlRQ3LM-g>9Cpc0-iuQ|o4R+b!SUW1?6B
z18!<?9i1sL@e`sn2e*gyQzF;CCI{j9QcFNc`Cz4_3NP+SJ%I|N*t=0+{5Ch_&Bi8R
zbgfkEF%8<hbozS&1Awc{4GBtm0R>RUw#7($a<X^&z>oWByb4Jn5=xM2ed^PAG)3X+
zZTT80OrRiSLZ~<9!#7u%ZQDBu^#jc;&p}5M#4BAlxMOd*ep}WjZzN<Dg7XL;Bol$X
znU$i9LqXmPW<sUN4lWl<Q*9?0WNATfb1Ma{OwDe*>`ec3CoM_m1CK32pMWExNRc~E
z#$05V;(^unE$8gO;Kjd73>;S=a1Xj_?ZS*Z@5|#juVzw5Wxc__(uo?&zW71BQPALk
z&Mp|Sh;XX42R6&GILiDoMx@Z50J`!iDvCm?AY6mc7OMbbUpA#CriG8h%ae3OFf^$k
z|MZ*JPPeTUmz1ni_F%y+4FDt6pfZAuXY|2)v%>6^E1l&f+x7Jz_|<`_xpqLbP#*oQ
z+Pc=uGv0!|YgtGao%owNow!XIHBm!YpE`9#F7;>YdAU)DWE~RSSWRI__+zY&1ePp4
zmG9eHKx0Q=S+^46aqO3LaL27-|9$e!H~UqeO)auPAC0M9hGnQ5xJ~kh+-8}4+Xk<<
z@%3|iMm6k1r#qJ3J*822b=*B;xN1jt3xWLU8MAAEP)gS5RwL{)`#|~1)ij){%+Ds=
z3R^#4;=^5P?%#K;Gv@W$m^ilUyQBMG)t|E5AI~YTD@nvDQzYzobF6;rs?z<`p6(wB
zxmt*Mq3v0MfVrm41|hVV;4D$7vW|7oMxSb$`_5`^O!ukwxXoH>mk`A6-8%)3;`hel
zj;wA^i%y9#nV2^kBB6AL>sVZwdzfQ^gUzLHDsMVv7NFzzL$hAd5a;p<I=nZT){{R%
zrIGD2*w?-MMU4{oIAYZw2##le?ABbt2!T6~2b!TE0mrzXNgxLNS>x*4{@Lu~0`o>M
zT|)&-F5?N!zU80KoteK=B#*FLh9HwMY?D4U73O?UB|uYn=^}9Fk2fdmI<NSnR*{E}
z|MHY?7u;$-cTlP~Yo(onUeuMXPz!}l4-oWlAYmg4SBez6gp@cxuCrwHAGfBsJzy4D
zf7m3L1L1^@<u~{Kc2a`q+nq-`_TzJcO<<Lq>1Bn6Ae<THOWBul=1q}@cn2&2YshM5
zgVZIi*87J%`=Q<N9<uXRD+J?Z!{0TwFQ7gjABS?V-diP;I{i<jcS-CO-$Wa)a6j%!
z5TDK*9CtteJi2q8eg66~`kg!2y_I!#Hng@k19eUFA(yMGzwyt7z3^jeQ~E43!R&lC
za-d8~kTu%t*DE)>=cd^&S%?%9u8MQKnE5I;=!MTiL!H_5Zk0l^w06@y{Jrl0PRgwB
zw}p{qN<JoWXFiTfM%>)`_=r}nxoi+#<igiK6A=;?ZbJ=_b;ek(+eDFjCrnvxy`2Mv
z0nY&@&#bN-vnr`ws)(9*D`JuNbZUwPcy$||E7ru653Wx52Bq%(ENERQN5Tx__LcDj
z=dIoqL18&?yhElavf~h8xBjG$<NjtI2Wq0I9nv$JUnwkOaiRH`Ud!lB7g$l0u9x!^
zh<I;cQZqjcoj$(yzdNvR75jwF%7$2tKs(q9?l-T!ZZye(;j}KEt`BgOBe+-~5LZk<
zVSU@VOPatg6UxnB)(IV~{I_S?0>NdWc+j8HLs5x6Y~6aRdMWtag3zE$&*h(~F@Z>i
z-<NN%GX%uc4A*XPyo!0?_NjS)jsA5?1WS3PM>Kr;*>&GRb#9UaIPTQ{?y%#n0+tUO
zuZ&mhEu6my^B;d@sR|HMK<6%4B%3j;G9-^tHxvC<hWk`KgKGt_LIrZlx<X2wp160~
zVIPpDl?Ar+9s8LY_X>7*owq_nBtW4yNs5pA=dZFxVc>3lv{$X3$U5TjK5Rq>ZhHxz
zZKniy5EVaN`u$Wqah7psy-acw1Pag0PNds$2iGz5qUUCXNP&=UKg3nH$qedZre8nx
z<}Sb<VLvw?p=!@+aes*iEE}_ci3}V{q$1UVIucD+1)-o8v5LZp5cZ4!L>*p}1-iaZ
zU5~$2Xj&|N<rs?^?Vo2$FPnv8YPK6ea0{zg453?MF9R>E(H{F~Na&}!faPd@;vh2v
zqJMg9MBlF>Ui3pAr2{mfoWBosBh|NtFcUjg@5^D^cKFqN?`U1(UiL(s9*2E-bqO7g
z8VGCt4oQ^95cs0b*g?KPsk1KPodpfrG_n(qZIWc`?<oL}cg7d68}tcA0*PSv^6L&n
zVOX~3(GdgEh7NK5<eF8i1rRYKc<7K7c(`~YC1vg%cq<2y?`d9>HLd<6rLMbV<+Xy{
zXkxvROU%w3LvOll+82!HMbsLT0G|zy#F+CJh-ovF!0qVt47-HKJNIGcHgq`BR&X?f
z7}r1t@orQ($dJU@l5~!D8X{W`6VdrCPw#(F6!z{XLPdho57<E@1KZ$cV7*W-eQ|^s
z^*&(};C+2ch%Wf(JV`KG(Lg2d-PGeuIE)I`1!@Y-ejO@k?Dqh2oxo-$qaBT#=`{+h
zE<QLZ*#P>W8f6m`k?=UYvdFOlDKhukH(bxe5y&0fF3t&p!OS2ah$qb&`_9JSH(ky&
z65-!tMH!Z3?_TadVE9{c0Kng~RC(H)MjL9qb?9zev3S6&P+sZBqm9C>44Mm~=G6qz
zNZpV+QK@+B@>~K=5EimfT-3PFT8_noc}Gtm5f$hL12Kb#$9HAa_yIr@D3eq5ZVsEE
z&5ZtroEE}-l=u$^5VQYS<I2hRNkp>J{;$58yb3~mpQSJ$_6fR^;j~gv>MtR7^~rw|
zhWdIG*UQNRBV{HGjsh}?Lmpl%WYgiF5<T~Re@`$M&40{?@E3Ngtg51}Z1<&yn5-b5
z+B!qCW<ED-_UQ)?45)DBnVlVi)<UYKQ-^4Tk>f>a4Ro(alf7e?FZzk2;_kZrJ?B+(
zfza0GK&%|Vr`vtNKYr<wk`e4f6EYXg(hsSCSQ~ux)`=v;eci($v85KK;0#^joDmY0
za%|CWLXGDUkNmEWhpY`#uN}avvyEg^>G#3bO@%A5Vht90Sa#tys=bw0GbrrqAtJT;
zDyAN!Z1UjX8NzWQjiiYcOie-H*xgTXglpVL!rKeL;HRw{r##ZSq>Q9I#%;$pINhvn
zfs1RQY)0P(fmIk?k@yvQ&)}FAgJJ<oBtuVFqgFzh|HSLF>AbzsH^>BHr8#W6&byjv
z8#)P*jjg^9{Czom7L-_LsDN?vzOr%tgze%>4_F@VU94rotEO1+-dv4OHw3MV^^t)x
z>fr=N?J7L=L>8|_*<c4vaOwYX$u?|pvy2)G^bC?-27!fAi%w(3Y%Q7(sC<_<8;QT%
z3+Z&GSUr1nQ}7g$5Ef)67Kv{3e^Ffr6+2yRm=he>RS1}bjXt<74aDF^3_zs2V3ya>
z?Ssp@_S6W#czrGTmH40yO~Vfmh>*&V;<p2#utWycGi|3qtZz?Hdu3_qoKNVhm#$TO
zk?Fd$n9li6L*UjIc)V@l83PufqF@BEVV{?3rU{^oXgPV^qj)_x_fHnlI;?S|Z)PnA
zkg{TGg>tbH-tUIrI*|@`;37vD1N4ht$JW`7t1Dp(W_SMb3@5JVvQU;^+PR}&cI^Vx
z6!Mh4_HV2xou(o8-f6gUuclfrZoBQIc}{j;Qw-APu69ZxIi}yDYZH|_opwc)+%1;#
zDE)4pMXeUcv@anE2H5X#x_pprIw{S9rQOVIPvY8ojQSpdBj(<FdIAk=Cy<GPmRr<C
zF$Sgtuv}yo`x?;a_Bz?+uAv+7(LSK@J5LV%UU9X~nsz}!iZR@0CWN4;UXOT<D{VJb
z-$C5RYwVAtvycH{uJ;QP1!wdDS!!ntQu=oVq^eQdEn54`qF+_NNsS2ymGv;&ImgF(
z4q~@ZU!I6WPfkcIW0(IOzxLw~#0c$J3K_;Cd^i=dQTg9nL}l(?9bgO9iR%Lto*B2f
zS-o%>u&$5RiCuNEp>YJV((5GRV6*ixlYHrZmrseCqYLS+o-(x4e&ynp<ea^iTw5c0
zjYQ;y<40pXh3eenB7Wj&+fQ=}+#|isK7-0GZ7yF%XXte4Rek&u68Oc{MP0gXB-P%6
zgGTalGuIT5)Y8lNItWjGiy7d~wKrY&r=95wDXG&>tK#RBzOqtc3>6oZ@cXI~6<76B
zD8Yi6TREw_kLUI_h~|`cGKYZMBH!xy!}qnzqxFWg-8J2D&i6alARBw3Xs<Wx;1tZc
z+wn)mOH&XU=qpF1rs!oF`;jG5o9$+2ceaJihVRBkpX*=GDHo*a<N=V)G!DbIUfrJ?
z6jkwtUgA0MwG4ky14~6xU<GRf0{D2A;Gh__V|m%UCk`Xx_+?I8)l3i4<D|DBEu6vT
zp95ZRL6oOJNj|CyKN^@z1Gv`Y^)Mc)2iA?C4w$5gkWNZ_{+g$mBKaDGS6ObRMcS;L
z>cM0)58fDo#N?bNL;x#(V~CSOXI>pbmz26AbDep5GTI+MR0cY%R_8RvG-@@tW44Oo
zvcDRetGG5)SM8Zz2={YrOEj>K*Z3sLEktb2Z7IUhsk3TSOHOXX<eM=180>;0j3TuE
zOt(DLF{Vu$HQWUL5XR;7fJEChs+{bAXRaZbb8Mm;v0-S0!2_wgbMrl$B8PF`p*SFA
z@*(kaEeV%|81+^AV?O&mSE9kVE((qs+SegGLnwcA&hK)+Y(BIaxMCMc^9sz&#mDB~
zO|l%NWOKhebPMqvHV$%C^zuv&d@qWrPi@~L?I8Xp7*_(5#r2l=2mZu0LJVcYd5MbH
zxsQvH;PR`{h5>-h;2&DS)|r<&Cc_5AzzpR>=Hh~b1b;HlA)9bOx>}_)zXfohJa9Bv
z<iJH+f^OiEm8s5{<luh?*|G;MlYY(38M@;$&#ZPqY9q4Tvv;n#3)>c+IW9Xy1ecKZ
zCu1V8L4Q3Wm_MQL9jM3uK>M(Q88an@m^<%%#`~i4AOIPgXqyb+VS4B*BlvH%Mof6f
zOp+#rW&#2-n?qlju}Vgcm(c$R0scuV)!hFyKxq1YM0MufeJuMAA0NNx{;%I=$&s1X
z(vQqbo3EW9Hzkquv=F4ZoFow%p}f*|F{qG3;BMn?!{<`hzNJ(T_f1VdjRdh5yn#oe
zr`dbBFT`c<>2jh+CLy{r3c|=zduzih)xxH`l<Av|DM?~UCOdHW__eg_6zt*=>J|_d
zdUbN~^nE^Ae;(|zob}lsPTg?#JcjNhvZ<#Y!;D%S^9J4VrOZ};5(5{32f<wac`89!
ztv&-OSST=vQmd`BCI}sTMUXtghA#uA+Dw@+0KzTa2?`%~o`RVqaxueh);ET~s7aXl
z<cXrfg_FL*WD7_hVhUK|V0Dpspolio+VsBiVB4%-m&$xHG|=jzOl^ZKl`6@@I*xU3
zg-zTYX8F$$7PO<>eo;EEspr<|;RS<)t}Uu@Duf_qmwd-4r{2B6_9{s=ZCFW&!uY4a
zcH;CTnEgKmFMF#5r5_2s5{2nFt}QWA*L7KpqXx`T4}q4vKRB8Jq*rCHu3kLGBzhRH
z>u!XvJ3xjF>tqrbWqgoke8MTzQ1p1X$jh3sA#UiXVbM*!iGUX}jAgRl$f!n)6lD3-
zz0_s5ziqxX{E|t7MYua9NIc&FY>=;dyaO9|Sgfm}0&zOex{|?0spjQBgJG=f#_-fw
z`ENkTC-B1zO<SVzPacg(I$%C`eChL%+uj~spSvzAk5iJ6x_N5+{bTNxuJD5U1J5-K
z*VV*|Pr|LP0N|W#oxbun*NsZ=eWQ~quu^LZQ=>$8l*-MojRkX{3#h9x5oH|3tFYsY
zP=kY8gy%gZg@>1>k}o?(rT0>+AMgPcBh64A1?;$_{*f}Ep%A*$L+5Ru!*<2*=1gmE
zOVh(GIpYY-#-#SG+u~+{{@E@wYD~37M2V|j^zM4QOQ<RL#+=&%jf_VvUv}F{=bP{O
zFwL_z>Cz#Yg|ccRyAj2fQwlR3_(T}>(3If9u$T#iH6sFDBZj)>fqXimyzc2Iu`wo3
z1j0F)1^ZiklIT6FTF2@)A(&hCbDIwB>1I#vc4R5kR~EnTPpDTN<on`H4F%d*b@JT~
zIz}8vlkW*_B+^)2*M5}TI=i5gjK4TOG*2N-I37tfUuOLc;>3#@_fk1Ghle+?uCD!T
zIxS{E6k1`0`&T$rM=ZKrTAXG{iU`(G42=7uM9)~V;Y&vGqsrPUOY8qkdi>>o@a`S;
z;TT{bdNOde+I{2fx&nRNisNg439dgL=<tuGYR>p9Zf)O40!g+GHpKDBnk)vEtO(9s
zS_C4_G81%bS}f3ddZV_5*#Q~GQ>GkKqwL2pValkvhT6ee$kWGni8BS1x|N_KJ0L)?
z9nlW4pA!Lk#n#+hv&FhmwePCbWs6+cw2L$OwN9yW-TN37b(&&I{FCCRG8}bj8u70r
zdL{IAxhKigtmR)?+_J<)0;&<vnLQB<eW-({+?>Y2hgjJ6;`H=OYS$=?(L;V(wu&Ne
zXAy5CP99WbrC5T?5II#|qD$7+=RlA^h!RJ!3RBCglJN{!w_UM@%uSn<V%7u-FO(^-
zE8~5=fTTLl+CTP7=-qtbD07Z=W&Czk`+X0S$mmwW;qh;U&n=t14+*vON^myr?wG??
zw9{;X%8#teQdD^1tnnpifu7i7%h-SbH*X1tS{XI<3Y>j%FWkn|3;R+fCjhw~viGSu
zp$Im7<=_bsWsJ4=?v`XZgZLeMw`i}e_xDWsuQobGgGf)h$#xWHT{e2v7+G7Q7e>x+
zHATtHs_L$N_wzco0sPy-O-v#kM;J@7t$DLk^*@3`$g2DL$ajJh=?Wu!<>lk$<+)K4
zvecmmomIXw4|!cFt(02}$N^?BTPo<`8~r>f95XEx62>^=*b>-lDpbC69g}kbSZ{P}
znQY_d(<mb>6W@&-JChRCtAP2>u?jS+9V}VV*A0~13w6nP2D#t<p;uh>Nc3&#ht^qx
zWTDz45uW@l`><IiT`4v7A0$KPHWl$dkW!EbebLInnu=v`SqlCQzX0s)lJg3p?0eW2
zwhzc*!hb|iudY38_XtY2vLbBRe^4rRT$W{Y@l8R9RN-up%{pljOr_;J@)%Fz=e8_d
zs}Cnyf*uA$+LGaq<+EQ4Ugc(9A%yoO+MflD5Z?7EpD2tpJuQOb7xigKD-`(Si(4j<
zP|fyFXono3N_7ob&j1FA@q9=pUqVp>FIsnnBerfYrH_25R36oKjTFo_QO%KPY1og}
zY0%}#fF?9X5y+dX1ue}hRtAM|^E=KeYEo{vCNea0LO&V#;qHHdRRlup*H9+|fQkY7
z<sgO)_h~>=?1;L@`)Y`H-Ln57Im4j)!02f6o5{I(hLj?RFtDSTnL|r8`#gl+>qOif
z2axNUF~cvJy9P~-a^;obF1LkSp74z^1+uVm35AITdub0|j;AV!y*Z@9j_|R3{Vyo!
zZ?vM@Pt6g!JBFW#3@w5lC^8e|eZCmlf`1t4hh@xV>NPr!d2{A%&x{vG)ZP8kN<vE#
zIF(6}B8^y61V&v(!pX33K@G=Vu2vO^M}_{BMdbKS9F{%a1q|y-p^d|AHXJLb0F>mM
zH5kT9#P~$mcHGnJ^EWvqcKSupRdwT?{}@gYhS0oB9;R^S#&W_$E8o+CaXGZck>&pN
zT@QvRs#CqZ!~Cg}`sZ<x!fCu)8C!XQ*w#F{PAWp54nVC~<q~Yy(&K_$3C8`QnOPZy
z;&6sl5zQ$o*mFmUdiFF+6!?aQIP~hk3nqe{ZsIm<YfW0b7!J)a!eTHciOV72k(dlR
z9E|!!&2ld_r7~y?cp#&$|AB|*nKC?+Pl5y0VZWg9V)#$CPj!e!xC?Pqnu(b0Je=*G
z33gjF7ciM5{i@ngpZj}&tx%i=Ah6DANqI;k;f&)!ZY5*H=;KP7ZuQ6%2koN)zTgt(
zzKURc2CpwXic81QmD1asSWKz%Vb?A1voO3STdvD@W(3Y?#b_1_n&qIf5hD`;J3<-<
zh@2Ti#|#VJ^!^-yqFQ&4giODYaJbKFye4C)0HW-iH69L76w77(X(;l`?hoxyiuJq$
zHBr3F)BszEdi6L^B3a70j96*4pM{D|L-)amcE@}tOsZH0-S*8~`uOwhoUN!Qh{HJ<
zX3<vW{&O#P$TiPO#2_E(`pi_%*8V4owrnl;CsTsMlLu7Ccc9NcpC8ul%IlL;E5{p%
zfDu14_m9WGD&C}08?sYM?auGlY`<Sg524tn<Vx3QN4KiukHUc3B*T?#2=T2%@Z1cs
zi2-{`ZdFL6ZJ~ecuoCjZeGo{Zr^SOu7$LWvw~0B1ox+%$XmW4iCN*-Y=QzApw9r>}
zPe&4|jMP#QGY;Hl*5ixt{ptlQ4;ncHK+N|f?1>*>%sM9;KNWVsXXzLw3<;u3VUtxM
zNl$3SQyMv-rMVDuGhGa$tD+GRQxGb{*fN4V!(KQ!7-#vgQGru6+U&c5b(V-Wp{f8+
z5B;&GAMQ^QW*{clj;p7~6b6^j{z><r;wMW3#NFIc=pnPz>3=p6Ab%eI$$cU*24F?h
zP--}3MeECAZE&UEhLMohU5pJaZJp84bqswlM`7hS^nRt9Nl}(+1?MPmCE&qdlYU^3
zVM+0;_K|O~Kf@Y+!ux_(Wb<sdMSg`A9MWlMd5;KehWf%rPkSb+OZ?tF8chAaM?hb)
znF!hYv8b}Mv^OJl7|DAS>*)Pp11{9|yec%6^{bb1zW|#rjoQV6_8v!T<5C(GDSc1P
z{KE+!M`6Yurs1$IX}Ko0rk&LZ>Jw#F%LWwR6|$2xPS<l~A-GT!8)dy50Mg`RsZaEk
ze}*&ZZuz<47j}CDTup4CnL{D+U7Cfec#yqeT#@{0)gS=|Q>@6iGv6R2f#+L-)dTXw
z+cyx?WR3AaJf>^oEkDxqEFA`AB|EI{caggEl*fV|>nG%04NzlO!r@YX-1u(Z`dzu2
z0N1FkW>;U(l)kYop6KoJtKX5!2qljy(t25lN_7rTRX5_7VPwCH)rZNT7;S0xS4KNn
zGWA>$n8#xeociDYCkzM>8)XxIy4_q<jcpu!xc@izcjglW`)yz|>Yuv5Fpr?0pNppx
zDEPPkFE-d^<Q>Hp_^gc{%-KT1Hkz)!k02WB`UlL>vr7y4vw%%Ik&fgEVx9!&T8@He
z`0A|)-tCCGGU`Vwba!qfd*;O8e((17_4D&SFg^TP_SaVb)Tbg5J;P|k(?|%yzL1Vj
zh69O@tkfLoF^Gm-E=K*Bb_)c$a(^dC%`G9hhQJWQexUv54}yW;Mwra+-31WWsrU3;
zD=Q&*&Lp+$>0`V#w9(OK*QW&qNl3np9^09`uVCS^1Mqi`+ngQO()1O);TB)59Hqra
zU_xJ|G!p5dN1X2BIAZ$a&l$;L>QVldbu4Aw6dxHcG2;buo`#M~^^suW;O8+i8S)66
zwcO8jk%3i>u-b7@ZoR^fIBn)S{86jSxa!RLGbEG&@wmjdq}?hNsikpEu=d~J7g~h%
zVUg~AItAUv=a63A#J^IE%BnzV`6-?y0oAvk%6Ex`N(*dV`KD-^u|8V2R&EQhDLM3N
zvTleCn61A=U|t?r1JMtn#aT4oK7`ii#h5>2SdrL=TRc?2yNOO8p@%qda-Pg3#F_F*
z0giFc5N4|EZJmYrF;0K88`t(`D#U@38aYAqTHyo}4zO|2@RgXAqsLje4{&cuptTw#
z3nlUJ5BCUHS6x@DeM<~a-8r~ol6!p%y7cSD;C2}&%qi}l=4J`CW~`s<arRBux?U^Y
zFY6h}zYiO6=E`f6zU{i3o3@1|^q@V0S%f5ONPeI2^m7e0Y1vJZ`aXfGtkRZI67Are
zszS7yuej+a;vT;*M`MGPz*0k<0$}&G)=_h~7_yp2yzYvPLOp;<oo1fSkYs};F!w!(
zQ4oXR#&&cc9q_dHflN9&LsuH9{_)6~z=uTf;o2AWFn?7((rEgHn6&xl{A+-g{1-jr
zqFUZ!C1}<OpX2`5TLv>$V~0X*`-An~K>}#29cP`wJfqY5!5eJ4cs@e*0f;Oo@-LOY
z=GBB=*Ir%%MX#BrfDS0ApzCLkK1F{~z<EXks)2SKBx6x;d&banD$9p98zL^w9;U}~
zltPI4cTc+4(eHN1@NQ$%znrL3FSkKscLG*_CjIIhC0Cz?@ozZ!xXXSLCBESo<{j)X
z>EDvO$l#7oEgqARl1AK;1!Ta@MX@(@r5?AmHQAsRVX8e+5X_?PY<~0z;y1{TH++Lw
zc0q+$6UQH@8GR9x%G`ll(r^dXn62BN$&A4c4b3V$wx#(ws!PEQXM6U&YFvVKj|a?I
zcICKnqCzt_e_i}!`uB8L_xju8?qQ89B@unUc2!~LRHdj*6nC=y0U+<FE==x5@6v!=
zZ#}Ea@Teu%mkHe^U^qL8yMMvcG7~t;Ke-*9sO)AxFC?Y2-U9R1u!+f(T`)@f#&K{Y
zGlgVYiA!aI{~8_r4s-nNu%L=vi{GCcM$?{j30|Jdx20A_SK6#yP-8c5oJGkUdXJ?A
zvjR$L*}Y#$ipW025(sp;o;@q0y(-|)-#gDZdBPM>48mrC3uSxp0-n3RGI}=Qf(|E5
z0?Jj_6Wet(jl~L#Q402|`<Y3Chn_00H=zW-yQbmm82U_$j78`sFdN8o^4_RRsMbay
z{Arw<v8ht}o1NGHv{R?y{V}gPPeNFic1o=80vEg-JwE><0t}s3bIN2G1q)_FV5K0@
zOm<?05H@qj6i12Hn0mThWWtHgmJfmp68zmq{SlYLu>DPwY&LhIHM8;x^2g7ypAr2w
zeR*{{N_J(?yHU8}N08+F?$}N=l%nuP9eS_cnKL(8_aQ&Em|1?1{Bt@CO|N#Q{9>(N
zC5fhwW~^O_NCT2^R6a}v&a!en!y!j2E((Smy6i&9!S4!s)U9UX>0clHc}$v%Quc?|
zL(D}*%8Tr%QOuR0`LIqHHBI20)a3b2WiXr-sw2}+oFps65Z!9%zitTL()DOavFE|W
z$AZfz*Iv@<OEI4v-qZg%sRx#vNlX`o=AkwWo}*kyj{?7utt6NA4a9T!vO-kt(>)5+
zERTn4-Yk=oVY5}RiF8-M_g2Sw#B{i7Li!rJuhO^kK5?<f*rxO?ThEz2TFJ^=PS@Qs
z_Zs1&cadNt_xiqNI^_=#9t09~EZj#h8o^Hz+Co4nJcnIj|KJ?7&AP^7;AZ${Lz9Xt
z$H~^glM47_V=xa~(N<sI^^@8+pIT<RkwSjpnI<d#L(Z#VIPC|Y(g;X&z&AcK(N$XD
z6+`|;Sc8X}^5l%OsXC;9gQ@K?C9FvwIn@swtvIcv1fSJ1f%uF6I9AT%kdmO6bp;R4
z?iGTo9~~<eU}sERjnLy`kZJwZ*@Uh&_M$61It5tu)b_zsushNGC8adhL?!BPqS0Xd
zeJ>MRwt#!Lm?z<b=dlVN)9x4KDBO&|0|XnPa~F!@bJ5c=oJILP3Q|~i8xIV$o0RD2
z*O!tlm?oWs8m7|AXqM2FU<yiRV{8hJe9>zMIzz!PA>DK!(SCJr`K9mmKC%*NhP1}s
z-2rw!=UaP<g7yW*hAf1ht&RWK7dLc3;@Ah82YRm!1k5?^^tv-W-bS8Hs`Id~4*ZO(
zS9AylxoKv0I)5Xe%MBT^Z>T;&-w>Q31p~O7FCj8*SR9e;RNAo`=;fnKZi||?8#wC1
z>e)gTKbv;b+cNL^rO58gd9msYEOXGJXMlthPqTQ>Jv#vo2MPMxE6kmUU?*z2`*D^B
z@7-V;9?AKtZSG*y%EB&N#KBPH-ONa1(u_14JU|RtbDvE#0>cpQgPn+-rU1M|0_uic
zufVjJf-#A)2y({}o>H33X8^^7g&hR<pnE7`L9s@jOhep_$5VLXb(S7qiH!|>7#NBi
z)cxys%t5YhwTfZLs9Y4ZYOPvBlI{IpB?;e$lh?z=`r!Uxdrs`8VKxD4zwEg&$^@y;
zPfDMyJc_H!<oe(HXZWfD2$}Fm>mBs1l@n^|{AbsS15{5TjZ~F|;w6tHczdKn`^f^4
z>bUX`+L@k^xJ8(Qq_i9*Pk>93((AS&ag)-&MEGra9j!OQLGgST1&cR~@$rc9s6CL~
zU>%#!R`yg46)4i$5{;cr>mXm{oLGD;>ucYxVj{Mbtlra+r}|^3jCr>FqHDgTG|tRK
z$}P5|`EasEy=55}=50JnT}xjGLut(h>l$6!9?go5+X~YOzaLL+ML-M;h1UW~ibQBa
zj<J-vJ;(-9@}^P5ps)G_jB+uXE&o^$EO^Mz-J=vwM=LgJxJ8>~<$^g4dtUQY9&#|_
zWGy8{@GR5Zp;f7Lh+&=2Cp2-Ae9$&ZVewZVk<o|W-rb5?8~n!ow)-^-_i@fgevY(~
z0`VtXC|dPXR)eo4zJTJ-<<zm@r%p=&kR-6LXv6;U`+N6A!HC7TWC?v&-MMmmJ!|%T
z&#;fxuuq=Q@bW+gSzE&+h1G9jojS5Ui&5#v<$pgLsm7F@Y1O}tVQjXS8RSOZWUG8u
zs6=d`u=9BJ`5Te>8gGVdlnqcEie<548qp!0jm7I*D*+Lv5&(Uus=$S}a5pbE@2FEx
z&K7>Y90C8abY&K~_5o*=m`0l_f2SPNdM8mli}T3!iL;pQl;Tcq4wAApVmT+%f`039
z6dy5k886a}vx$-8%d5|Is4dwRSNxVfB5M#BL7>gZ#gRMs$_6FrV4sYy+GK3_dPkyy
zl&)|1^8#H4G=RSDU)?^-xx|>J-UI6ynsDyS?8hSc<YR$t*1e!MPC01U!`IBEW{Z8Z
z!j#;f?Opm%f4ldv_>;6@<k%%a7_nZAGCfJo5KyzBiP=m}=lf|XL$5Z9UeKjRfX>e?
z9}<cZX?=&$B--7^+CHG>KftgEUkB@`B6^@PfUhh@1Q?h(uoiR$;xCF=oOJAp!TSGT
zBf7aHjG+xm&^?FNWDJxck6uCa(J-ax_bZp|V;++-B8y1td(h{CmmKDUgS}4fL7#p<
z5qWIs<~m5v7&=0gOw!<FXMmleQ}xG7{3VmLJMk}8jOo!KwMwPEPL=oE>dlJ3zNEa4
zo^z9%8DJ@STMgnKuBbwb{T9_*&lYQo4SBvoHIE%D)~YsZm{YR1?v#j9#3vs8JAfNx
z>oxB|bef7hAXcU`GwGKKu4;6Wk1Jp5D*RwI%Suf(u7U*noPHz21Y6~-q7}BgtF*4&
zt!vmDI^~JkyTA>8!DZ)IvnB15-8dw21x?fz1b~O3Y_QfiLL0#NN2d#P<>V<v4QJ$9
zT1^mKGxZfqE`_{gUGI=ln(<t2qX@CBbn^gJBrM+kpO>h#vo`7@N&gUawML@~)}3?O
z40K&y&QDav`h3cXBMkS(4AQK@gsJf)AtZgh-n5NK&Zac=$iYS)4PW_-JjHF*b<#A>
z4#3Stze)!)hVikaB*_RD(Z(Ol$tJsK#?zWs;e#G75t6n_97Ua~M3*+u)s_6!$;+kf
z(`8tphIsf**_8GI*SV&(wX=PG<D*~3??vRy_rw>Ve9F;_<JH?oMwKq$&eR_^YyTtX
zml%)tk_Q|bq&-x<k!wQ8W;))r?@Dxj0GzdY%5<p-j3z$^(K*sKDtrSi-|gurwo2j{
zkf~iFkuYrFyKt%<tGQOc%j2B{hS><SMI^v$_PrmXrJPg*%N8ma&Byg#5FQ;K4JKr+
zk!w~ka2mn&Qk?S5`6CyT6sU`dKgUwZX&XcLulgtTTn|Z_S8F~^UxWTc9o-He1Y#^5
zvaNFm@1({ee`KEGT@Rgd8~M(vsIC4P{&W|BV|saZN%}<>v#SBmV3irkj)se>8_|l%
z93LV2B!KZ&MJMQP{|Sdm*rXsEgtV^l5jqw~FAGttzyjTZKRaIX646_tI)cl6)d7dZ
zNOxEmC2ykXc5=RS;BMP5%Up1w11y(Nfd0jhyaUS-<6kSNOQK>6=cM=-m5?hwJGic)
z1nNLJnvsT8Lf>qcIX;T#Ms@sRy&O&kH=`Fi8ENaXG7pEx*?Qnu=n2JVFr7*!e3&D)
z`emhFwI6f;-DsRlt5WBL6z~UvNCS^=1tCB%^VAgrS)sz%B@@4Z*A2HK6&M4*T5P8}
zO(#+~=~VJCOPIaD*QKhFkV?nYx5z@U4I2xJvVc0@FFzMxaAD@w5%N`D(tz=$%g3Si
zsZhda>l5Jnrm#L*m!STaXP;M2M+`L*r#mINuIAF6a?4J6_aJET>48RpUq*^<ryMVz
zkkxrIJ((GDk*bKJ-$up29VjzvoIZ`UtSZ0=arIV;$dnq(ZLlh8C9ATIPpOoJ5slH+
znQxNo{uQ#BA+db&R2yt1&RScvs9Tj2F{mcVtgT76c%olAO=mz~-rzD_|5E9yP^LU(
zXYa17r7X?0z_U1a%fXYoi($ThsH!%+Shc68HojOkZt-hPOVivo3DDM6pOw2*#@mhS
zoMJ+|ySISdnIdi@GN!`;UAd+(ir9aLWpzf340bLG7JIOVTS1X@>ye$II0*b(j+J15
zC!KIvdHhByu|9+P*WJ>{nLLBx0wwFwiUd=4uQPYWk#PFzcHA{NGJSKioYHy+%}X27
z{sIB;AA~p%h#ch<1uo_y2FVZcV{#X_T@W!T6*e=661*fQ9SK>ky!b}G55AcRln!dj
z6GrR~e{-^5k_S3?N~ptJ#s+x=8T!IS+mzhYWp(CL@fR9b;)<zZtrE^NGqLhBFz~P4
zt`!gn7JC&g^s2&&C4*lXNLDP}OQ(0CUnY=ly|8ro`KSjM0NkHJ-ujA(^M#$ZUAE_)
z1C||4T}`8w4zaE-ZNeTF(axnY)p@^ul_*wjSLXJxmg@yrCk{MYP$T{}*m4Lgq;-IY
zt(e5WlIJYK){{vX{nqbgAdF-Du`r<m7*MN9sauuV$UK?s6-0ormf#>~Cu2gh<Sr}p
z|90!N>9J&U2GA|+wK(U--zCF!>+yV<Z4!&W<<CaOze~_(TRAZ;lDt3^3zK%Z3#+CM
zS0OvJfMH<!nHQ@@%Vku5!OKK^6u>NFGqo*79Vs(qO)unv-Oy})JLvYEr{FLbFXO&x
zPw<txAh}RdBofZYJ&6%1mS>m|u5>%#_3dmY2Xpnr0`!RHF{9K39oi-mbQV^0BpDf@
z=aZ>z2PR!iJ5fp#Lv&Rw=e$gCN^_&-zXb$@Mez{?Ik#|(I(c~t=gPH6uGx#IDU+#U
z^U_pr9`T;CT$>eaTgQU0oefRIY#?+&kxKMg^PS*bPh6xZF{7VTJ5G#jGb)mqy@#gD
zy;&>LfP4WB?LjmSTuY<4mt?g4V|>DN{33$KD7O9aB(%6{6+(9LKXNoF7r8Mg*8*~)
z-Yzd6<UnKu4({`kGK=3~+uP2DNb*5L*vn+RfC@5PkT+&f%BlFR97DUsPv>}7Or!5g
znQY7NceE)>6?nn-Q5uDJu7Ru!#^ndKblQatK+w&rp-7hu0cQ?tJ%=R)SLGO<toB<^
zQhbwHs<$jTBm2Ams8Uq6v&G5C&0f4&4U=qjdjS6Ll=Y=4M_Vj4{1TeSK}ZvH&Tq1M
z62!VE<tq*qbO~TQk^I>uY96{(7stMJ>QlPO-ddaTe%5X&HZY+VY#fj&#Ul%QxM-TK
zz~Aj}g*&d<&FS5a;;SC(jp;WGB?l7>&9$GX(b127#PFOVe9GoXwiE{EuVSnd->PWa
z15_$h4cSj)wZB{F+S=$<(SkE94i-CQCfKOUt32-p$@P2k8e@f>UL($R;D-~GFlWw%
zmdI$l?eRgpL0~&BqH%05?#(3+=RCqm03L6VCLF2T@;S1}BxHn&ogf*qSzWW1vZk>|
z3d}c-H<~!{o1PXf-)Sgypk2e<R%Yex!ZhAVh!T%e-te1*O9+bp_(W*O!ZI#vVz%uu
zyA%=9em=iqUK4$aWU1_?7X`X;*+cI?v%F=Mxs#QN{@7ljr{xJ`Av+L$*!ErW1h@v_
zJ5r!q#($npF5pW@UKTEaR7$j~0GIj!<#wV}tdg_ZfA$Gu(4%_A-#OMHC>ihD=$td7
zMEms|YSH=%*Ibk2?O4v#vd%f(cBt7g_o<jRa$TO)JZ4dPBQE;y&A73r;OLi&QqtO=
zO?k8H=3m&~$E?H>d2)-4f68ai0h6ZZ&<Yv_^aSYBXvITxPHYRz1X*}>N!r27x=4R^
z<g$kzKuaf618%yqscRd~lL!X{vIiGx|JAJU=Jf}r{wY(oVbosJKmZuBmm-7=TY9kR
zrOzF&X}b1JQS^iJHAQi~RYsS@-1SHUrMKiTuxJDAkB(z_aWL1%jdR6s00<#;*ny{O
zx>@zm9yxdSCb{@OMT@X0H8}9u0qn=%;f)6aF&MPtr)Z{@$gX_}L3Jq_V<+OL=r(d0
zgLY!GWQuqQhJI)er=@&Gsmv-54tnb&8`WVBMAqvbj3)$RT@}1y4xJ8#B?hR{g<zw9
z2iyZQ(Yt-J7_}9qD0Q7R0T$flM@-ayLaj2buz~^?A=`h?eGN7$GT|3~r-R`UN&-fi
zNsD34j`0tceO@}Tq~{bLG&3|BX>1n(v|#tN1}y3cvEGRv0{mZ@!S8BRCw3{GTrpq<
z@!w~sZ{mp#?n=sj6FB4Hr%r79D~_7MzVzJkhXqpjh|5NcTs@RQ0kr<+k{MR=%)B~0
zgr!6b)ub6mQO4z_xG+;tVjiPQbj5w!8Zr#OB=ul9<_j6>N(zMC5V7z&M-TJQ{A&7s
z3w>LF!S#Y*pP$hrS=lU*qf%7mlmtnY@n8zXeMBG+XKLJ-8X5{fsXzuy6m%;y^T`xm
z8^BfA2`nE_xAOozfU<r--Z(R$QuTaAewOk5_R^GC#stH+yMFect}goz{VpS1g*#&U
zZXclc`8?jI^v@dZijkyJe7WUGrAd0BUdJtZR>|!xfyt|DHZfm`&>0B-l`u~K=F|L5
f!yAL}`1JpNu>K$Jye&MveS)UB=|h05K!E%|?|GgJ

diff --git a/hashicorp-vault/local-patches/0002-Allow-per-service-annotations.patch b/hashicorp-vault/local-patches/0001-Allow-per-service-annotations.patch
similarity index 100%
rename from hashicorp-vault/local-patches/0002-Allow-per-service-annotations.patch
rename to hashicorp-vault/local-patches/0001-Allow-per-service-annotations.patch
diff --git a/hashicorp-vault/local-patches/0001-patch-server-route.patch b/hashicorp-vault/local-patches/0001-patch-server-route.patch
deleted file mode 100644
index edc22c572..000000000
--- a/hashicorp-vault/local-patches/0001-patch-server-route.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -up vault/values.yaml.orig vault/values.yaml
---- vault/values.yaml.orig	2022-09-05 20:42:02.468428184 +0200
-+++ vault/values.yaml	2022-09-05 20:42:05.218435871 +0200
-@@ -406,7 +406,8 @@ server:
- 
-     labels: {}
-     annotations: {}
--    host: chart-example.local
-+    #host: chart-example.local
-+    host: null
-     # tls will be passed directly to the route's TLS config, which
-     # can be used to configure other termination methods that terminate
-     # TLS at the router
-diff -up vault/values.schema.json.orig vault/values.schema.json
---- vault/values.schema.json.orig	2022-09-11 21:00:34.834334961 +0200
-+++ vault/values.schema.json	2022-09-11 21:00:57.190368032 +0200
-@@ -838,7 +838,10 @@
-                             "type": "boolean"
-                         },
-                         "host": {
--                            "type": "string"
-+                            "type": [
-+                                "null",
-+                                "string"
-+                            ]
-                         },
-                         "labels": {
-                             "type": "object"
diff --git a/hashicorp-vault/update-helm-dependency.sh b/hashicorp-vault/update-helm-dependency.sh
index 76e4ac148..2551d8887 100755
--- a/hashicorp-vault/update-helm-dependency.sh
+++ b/hashicorp-vault/update-helm-dependency.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -eu
+set -eu -o pipefail
 
 # Get the version of the dependency and then unquote it
 TMPVER=$(sed -e '1,/^version:/ d' "Chart.yaml" | grep "version:" | awk '{ print $2 }')

From aa72a78bf7d411a2636cd4b0070d90cd68c92004 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 23 Jan 2024 16:15:50 +0100
Subject: [PATCH 03/10] Do check for remote existance all the time
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

At the time we disabled the `validate-origin` target when running from
inside the container as it apparently caused issues for some folks.
I think now that we run as the user inside the container, the chances of
this not working are reduced, so let's reenable this.

Tested as follows:

    ❯ ./pattern.sh make TARGET_ORIGIN=upstream validate-origin
    Checking repository:
      https://github.com/hybrid-cloud-patterns/multicloud-gitops - branch 'nonexisting': NOT FOUND
    make: *** [Makefile:12: validate-origin] Error 2

    ❯ ./pattern.sh make TARGET_ORIGIN=upstream validate-origin
    Checking repository:
      https://github.com/hybrid-cloud-patterns/multicloud-gitops - branch 'main': OK

    ❯ ./pattern.sh make validate-origin
    Checking repository:
      https://github.com/mbaldessari/multicloud-gitops.git - branch 'main': OK

    ❯ ./pattern.sh make  validate-origin
    Checking repository:
      https://github.com/mbaldessari/multicloud-gitops.git - branch 'nonexisting': NOT FOUND
    make: *** [Makefile:12: validate-origin] Error 2
---
 Makefile | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index d07ca5cd0..50f886e1c 100644
--- a/Makefile
+++ b/Makefile
@@ -99,14 +99,9 @@ load-iib: ## CI target to install Index Image Bundles
 .PHONY: validate-origin
 validate-origin: ## verify the git origin is available
 	@echo "Checking repository:"
-	@echo -n "  $(TARGET_REPO) - branch $(TARGET_BRANCH): "
-	@if [ ! -f /run/.containerenv ]; then\
-		git ls-remote --exit-code --heads $(TARGET_REPO) $(TARGET_BRANCH) >/dev/null &&\
-				echo "OK" ||\
-				(echo "NOT FOUND"; exit 1);\
-	else\
-		echo "Running inside a container: Skipping git ssh checks";\
-	fi
+	@echo -n "  $(TARGET_REPO) - branch '$(TARGET_BRANCH)': "
+	@git ls-remote --exit-code --heads $(TARGET_REPO) $(TARGET_BRANCH) >/dev/null &&\
+		echo "OK" || (echo "NOT FOUND"; exit 1)
 
 .PHONY: validate-cluster
 validate-cluster: ## Do some cluster validations before installing

From 05c51c1556663bd1672d666b2a4594ea97ddb99e Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 23 Jan 2024 16:30:44 +0100
Subject: [PATCH 04/10] Run validate-prereq only when not in a container
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There is no point in testing the requirements when we use the container,
as we guarantee that those exist in there.

Tested as follows:

    ❯ make validate-prereq
    make -f common/Makefile validate-prereq
    make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
    Checking prerequisites:
      Check for 'git helm oc ansible': OK
      Check for python-kubernetes: OK
      Check for kubernetes.core collection: OK
    make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
    ❯ ./pattern.sh make  validate-prereq
    make -f common/Makefile validate-prereq
    make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
    Skipping prerequisites check as we're running inside a container
    make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
---
 Makefile | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/Makefile b/Makefile
index 50f886e1c..f7a2d5a7d 100644
--- a/Makefile
+++ b/Makefile
@@ -125,15 +125,19 @@ validate-schema: ## validates values files against schema in common/clustergroup
 
 .PHONY: validate-prereq
 validate-prereq: ## verify pre-requisites
-	@echo "Checking prerequisites:"
-	@for t in $(EXECUTABLES); do if ! which $$t > /dev/null 2>&1; then echo "No $$t in PATH"; exit 1; fi; done
-	@echo "  Check for '$(EXECUTABLES)': OK"
-	@echo -n "  Check for python-kubernetes: "
-	@if ! ansible -m ansible.builtin.command -a "{{ ansible_python_interpreter }} -c 'import kubernetes'" localhost > /dev/null 2>&1; then echo "Not found"; exit 1; fi
-	@echo "OK"
-	@echo -n "  Check for kubernetes.core collection: "
-	@if ! ansible-galaxy collection list | grep kubernetes.core > /dev/null 2>&1; then echo "Not found"; exit 1; fi
-	@echo "OK"
+	@if [ ! -f /run/.containerenv ]; then\
+	  echo "Checking prerequisites:";\
+	  for t in $(EXECUTABLES); do if ! which $$t > /dev/null 2>&1; then echo "No $$t in PATH"; exit 1; fi; done;\
+	  echo "  Check for '$(EXECUTABLES)': OK";\
+	  echo -n "  Check for python-kubernetes: ";\
+	  if ! ansible -m ansible.builtin.command -a "{{ ansible_python_interpreter }} -c 'import kubernetes'" localhost > /dev/null 2>&1; then echo "Not found"; exit 1; fi;\
+	  echo "OK";\
+	  echo -n "  Check for kubernetes.core collection: ";\
+	  if ! ansible-galaxy collection list | grep kubernetes.core > /dev/null 2>&1; then echo "Not found"; exit 1; fi;\
+	  echo "OK";\
+	else\
+	  echo "Skipping prerequisites check as we're running inside a container";\
+	fi
 
 .PHONY: argo-healthcheck
 argo-healthcheck: ## Checks if all argo applications are synced

From b4eb4d999970a44c0904eb1e5d8e54c371a05b65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 19:55:26 +0000
Subject: [PATCH 05/10] Bump dorny/paths-filter from 2 to 3

Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 2 to 3.
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/dorny/paths-filter/compare/v2...v3)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/chart-branches.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/chart-branches.yml b/.github/workflows/chart-branches.yml
index d93b1dbb8..1a4fb4557 100644
--- a/.github/workflows/chart-branches.yml
+++ b/.github/workflows/chart-branches.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v4
 
-      - uses: dorny/paths-filter@v2
+      - uses: dorny/paths-filter@v3
         id: filter
         with:
           filters: |

From 4023800aa9a13e148649ea0e459180637269515e Mon Sep 17 00:00:00 2001
From: Martin Jackson <martjack@redhat.com>
Date: Mon, 4 Dec 2023 14:23:03 -0600
Subject: [PATCH 06/10] Add support for parsing secrets into intermediate
 structure and creating k8s secret objects

Ensure only push_secrets runs from vault_utils

Update makefile - remove extra targets and make fix none

Revert version bump as we only add fields

Conditionalize check change output

Start module to load parsed secrets into vault

New machinery for vault secrets loading

Make the linters pass again

Inject policies

Add some more code to test readiness to load

Correct typo

Add vault_hub

Add vaultMount

Rename new modules to v2

Update inject_field method

Correct field typo

Temporarily print command

Add more logic

Hopefully fix secret loading issue with counter

Count per secret

Pick stuff out of secret that we need

Fix lint issue

Refactor tests to use fixture constants

Correctly spell exclusion for ansible-lint

Provide a target to exercise legacy code path

Add error exists for missing args and update docs

Reverse test for override

Also process base64 for generated secrets

Be more explicit about what we load

Test framework for loading parsed_secret data

Fix linting errors

Finish test suite

Last linter stuff

Change schema; code and tests to follow

Add target_namespaces phase 1

more passing, but some still fail

Passing again

All pass

Check the correct variable in golang-external-secrets chart

Update YAML parsing to do decodes right

Add tests and tighten up code for retrieving block yaml quotes

Add test for kubernetes secret object and block yaml
---
 .ansible-lint                                 |   3 +
 .gitignore                                    |   1 +
 Makefile                                      |  30 +-
 ansible/playbooks/k8s_secrets/k8s_secrets.yml |   9 +
 .../process_secrets/display_secrets_info.yml  |  29 +
 .../process_secrets/process_secrets.yml       |  50 +
 ansible/playbooks/vault/vault.yaml            |   2 +
 .../module_utils/load_secrets_common.py       |  20 +
 .../plugins/module_utils/parse_secrets_v2.py  | 527 ++++++++++
 ansible/plugins/modules/parse_secrets_info.py | 149 +++
 .../modules/vault_load_parsed_secrets.py      | 302 ++++++
 .../roles/cluster_pre_check/defaults/main.yml |   3 +
 .../tasks/main.yml}                           |   0
 ansible/roles/find_vp_secrets/tasks/main.yml  |  87 ++
 .../roles/k8s_secret_utils/defaults/main.yml  |   2 +
 .../tasks/inject_k8s_secret.yml               |  15 +
 .../tasks/inject_k8s_secrets.yml              |   5 +
 ansible/roles/k8s_secret_utils/tasks/main.yml |   6 +
 .../k8s_secret_utils/tasks/parse_secrets.yml  |  12 +
 .../tasks/push_parsed_secrets.yaml            |  43 +
 .../roles/vault_utils/tasks/push_secrets.yaml |   2 -
 .../roles/vault_utils/tasks/vault_init.yaml   |   2 -
 .../vault_utils/tasks/vault_secrets_init.yaml |   3 -
 .../vault_utils/tasks/vault_spokes_init.yaml  |   3 -
 .../roles/vault_utils/tasks/vault_unseal.yaml |   2 -
 .../vault_utils/values-secrets.v2.schema.json |  32 +-
 ansible/tests/unit/test_parse_secrets.py      | 981 ++++++++++++++++++
 .../tests/unit/test_util_datastructures.py    | 205 ++++
 .../unit/test_vault_load_parsed_secrets.py    | 320 ++++++
 ansible/tests/unit/v2/test-file-contents      |   1 +
 ansible/tests/unit/v2/test-file-contents.b64  |   1 +
 .../v2/values-secret-v2-base-k8s-backend.yaml |   9 +
 .../values-secret-v2-base-none-backend.yaml   |  11 +
 ...values-secret-v2-base-unknown-backend.yaml |   9 +
 .../v2/values-secret-v2-block-yamlstring.yaml |  16 +
 .../values-secret-v2-default-annotations.yaml |  13 +
 .../v2/values-secret-v2-default-labels.yaml   |  11 +
 .../values-secret-v2-default-namespace.yaml   |   8 +
 .../values-secret-v2-file-contents-b64.yaml   |   9 +
 ...es-secret-v2-file-contents-double-b64.yaml |   9 +
 .../v2/values-secret-v2-file-contents.yaml    |   8 +
 ...values-secret-v2-generic-onlygenerate.yaml |  33 +
 .../v2/values-secret-v2-ini-file-b64.yaml     |  23 +
 .../v2/values-secret-v2-more-namespaces.yaml  |  11 +
 ...values-secret-v2-nondefault-namespace.yaml |   8 +
 ...es-secret-v2-none-no-targetnamespaces.yaml |  33 +
 .../v2/values-secret-v2-override-labels.yaml  |  13 +
 .../values-secret-v2-override-namespace.yaml  |  10 +
 .../values-secret-v2-override-type-none.yaml  |  14 +
 .../v2/values-secret-v2-override-type.yaml    |  12 +
 .../values-secret-v2-secret-binary-b64.yaml   |  10 +
 .../templates/imperative/unsealjob.yaml       |   2 +
 clustergroup/values.yaml                      |   2 +
 ...lang-external-secrets-hub-secretstore.yaml |  40 -
 .../golang-external-secrets-hub-role.yaml     |  22 +
 ...lang-external-secrets-hub-secretstore.yaml |  34 +
 ...lang-external-secrets-hub-secretstore.yaml |  44 +
 golang-external-secrets/values.yaml           |  24 +-
 scripts/determine-main-clustergroup.sh        |  16 +
 scripts/determine-pattern-name.sh             |  15 +
 scripts/determine-secretstore-backend.sh      |  15 +
 scripts/display-secrets-info.sh               |  30 +
 scripts/load-k8s-secrets.sh                   |  19 +
 scripts/manage-secret-app.sh                  |  49 +
 scripts/manage-secret-namespace.sh            |  28 +
 scripts/process-secrets.sh                    |  20 +
 scripts/set-secret-backend.sh                 |   5 +
 ...roup-industrial-edge-factory.expected.yaml |   2 +
 ...tergroup-industrial-edge-hub.expected.yaml |   2 +
 ...rgroup-medical-diagnosis-hub.expected.yaml |   2 +
 tests/clustergroup-naked.expected.yaml        |   2 +
 tests/clustergroup-normal.expected.yaml       |   2 +
 ...rets-industrial-edge-factory.expected.yaml |   2 +-
 ...-secrets-industrial-edge-hub.expected.yaml |   2 +-
 ...ecrets-medical-diagnosis-hub.expected.yaml |   2 +-
 ...olang-external-secrets-naked.expected.yaml |   2 +-
 ...lang-external-secrets-normal.expected.yaml |   2 +-
 values-global.yaml                            |   3 +
 78 files changed, 3439 insertions(+), 66 deletions(-)
 create mode 100644 ansible/playbooks/k8s_secrets/k8s_secrets.yml
 create mode 100644 ansible/playbooks/process_secrets/display_secrets_info.yml
 create mode 100644 ansible/playbooks/process_secrets/process_secrets.yml
 create mode 100644 ansible/plugins/module_utils/parse_secrets_v2.py
 create mode 100644 ansible/plugins/modules/parse_secrets_info.py
 create mode 100644 ansible/plugins/modules/vault_load_parsed_secrets.py
 create mode 100644 ansible/roles/cluster_pre_check/defaults/main.yml
 rename ansible/roles/{vault_utils/tasks/pre_check.yaml => cluster_pre_check/tasks/main.yml} (100%)
 create mode 100644 ansible/roles/find_vp_secrets/tasks/main.yml
 create mode 100644 ansible/roles/k8s_secret_utils/defaults/main.yml
 create mode 100644 ansible/roles/k8s_secret_utils/tasks/inject_k8s_secret.yml
 create mode 100644 ansible/roles/k8s_secret_utils/tasks/inject_k8s_secrets.yml
 create mode 100644 ansible/roles/k8s_secret_utils/tasks/main.yml
 create mode 100644 ansible/roles/k8s_secret_utils/tasks/parse_secrets.yml
 create mode 100644 ansible/roles/vault_utils/tasks/push_parsed_secrets.yaml
 create mode 100644 ansible/tests/unit/test_parse_secrets.py
 create mode 100644 ansible/tests/unit/test_util_datastructures.py
 create mode 100644 ansible/tests/unit/test_vault_load_parsed_secrets.py
 create mode 100644 ansible/tests/unit/v2/test-file-contents
 create mode 100644 ansible/tests/unit/v2/test-file-contents.b64
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-base-k8s-backend.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-base-none-backend.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-base-unknown-backend.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-block-yamlstring.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-default-annotations.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-default-labels.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-default-namespace.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-file-contents-b64.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-file-contents-double-b64.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-file-contents.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-generic-onlygenerate.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-ini-file-b64.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-more-namespaces.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-nondefault-namespace.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-none-no-targetnamespaces.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-override-labels.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-override-namespace.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-override-type-none.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-override-type.yaml
 create mode 100644 ansible/tests/unit/v2/values-secret-v2-secret-binary-b64.yaml
 delete mode 100644 golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 create mode 100644 golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-role.yaml
 create mode 100644 golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml
 create mode 100644 golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
 create mode 100755 scripts/determine-main-clustergroup.sh
 create mode 100755 scripts/determine-pattern-name.sh
 create mode 100755 scripts/determine-secretstore-backend.sh
 create mode 100755 scripts/display-secrets-info.sh
 create mode 100755 scripts/load-k8s-secrets.sh
 create mode 100755 scripts/manage-secret-app.sh
 create mode 100755 scripts/manage-secret-namespace.sh
 create mode 100755 scripts/process-secrets.sh
 create mode 100755 scripts/set-secret-backend.sh

diff --git a/.ansible-lint b/.ansible-lint
index 353222ebd..aaffc6b51 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -14,4 +14,7 @@ skip_list:
 exclude_paths:
   - ./ansible/playbooks/vault/vault.yaml
   - ./ansible/playbooks/iib-ci/iib-ci.yaml
+  - ./ansible/playbooks/k8s_secrets/k8s_secrets.yml
+  - ./ansible/playbooks/process_secrets/process_secrets.yml
+  - ./ansible/playbooks/process_secrets/display_secrets_info.yml
   - ./ansible/roles/vault_utils/tests/test.yml
diff --git a/.gitignore b/.gitignore
index 9e5051a84..454efc9e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@ __pycache__/
 *.swo
 values-secret.yaml
 .*.expected.yaml
+.vscode
 pattern-vault.init
 pattern-vault.init.bak
 super-linter.log
diff --git a/Makefile b/Makefile
index f7a2d5a7d..0d5d0a36c 100644
--- a/Makefile
+++ b/Makefile
@@ -77,9 +77,37 @@ uninstall: ## runs helm uninstall
 	@oc delete csv -n openshift-operators $(CSV)
 
 .PHONY: load-secrets
-load-secrets: ## loads the secrets into the vault
+load-secrets: ## loads the secrets into the backend determined by values-global setting
+	common/scripts/process-secrets.sh $(NAME)
+
+.PHONY: legacy-load-secrets
+legacy-load-secrets: ## loads the secrets into vault (only)
 	common/scripts/vault-utils.sh push_secrets $(NAME)
 
+.PHONY: secrets-backend-vault
+secrets-backend-vault: ## Edits values files to use default Vault+ESO secrets config
+	common/scripts/set-secret-backend.sh vault
+	common/scripts/manage-secret-app.sh vault present
+	common/scripts/manage-secret-app.sh golang-external-secrets present
+	common/scripts/manage-secret-namespace.sh validated-patterns-secrets absent
+	@git diff --exit-code || echo "Secrets backend set to vault, please review changes, commit, and push to activate in the pattern"
+
+.PHONY: secrets-backend-kubernetes
+secrets-backend-kubernetes: ## Edits values file to use Kubernetes+ESO secrets config
+	common/scripts/set-secret-backend.sh kubernetes
+	common/scripts/manage-secret-namespace.sh validated-patterns-secrets present
+	common/scripts/manage-secret-app.sh vault absent
+	common/scripts/manage-secret-app.sh golang-external-secrets present
+	@git diff --exit-code || echo "Secrets backend set to kubernetes, please review changes, commit, and push to activate in the pattern"
+
+.PHONY: secrets-backend-none
+secrets-backend-none: ## Edits values files to remove secrets manager + ESO
+	common/scripts/set-secret-backend.sh none
+	common/scripts/manage-secret-app.sh vault absent
+	common/scripts/manage-secret-app.sh golang-external-secrets absent
+	common/scripts/manage-secret-namespace.sh validated-patterns-secrets absent
+	@git diff --exit-code || echo "Secrets backend set to none, please review changes, commit, and push to activate in the pattern"
+
 .PHONY: load-iib
 load-iib: ## CI target to install Index Image Bundles
 	@set -e; if [ x$(INDEX_IMAGES) != x ]; then \
diff --git a/ansible/playbooks/k8s_secrets/k8s_secrets.yml b/ansible/playbooks/k8s_secrets/k8s_secrets.yml
new file mode 100644
index 000000000..989a498a8
--- /dev/null
+++ b/ansible/playbooks/k8s_secrets/k8s_secrets.yml
@@ -0,0 +1,9 @@
+---
+- name: Secrets parsing and direct loading
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  roles:
+   - find_vp_secrets
+   - cluster_pre_check
+   - k8s_secret_utils
diff --git a/ansible/playbooks/process_secrets/display_secrets_info.yml b/ansible/playbooks/process_secrets/display_secrets_info.yml
new file mode 100644
index 000000000..4d972359a
--- /dev/null
+++ b/ansible/playbooks/process_secrets/display_secrets_info.yml
@@ -0,0 +1,29 @@
+---
+- name: Parse and display secrets
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars:
+    secrets_backing_store: "vault"
+  tasks:
+    # Set the VALUES_SECRET environment variable to the file to parse
+    - name: Find and decrypt secrets if needed
+      ansible.builtin.include_role:
+        name: find_vp_secrets
+
+    # find_vp_secrets will return a plaintext data structure called values_secrets_data
+    # This will allow us to determine schema version and which backend to use
+    - name: Determine how to load secrets
+      ansible.builtin.set_fact:
+        secrets_yaml: '{{ values_secrets_data | from_yaml }}'
+
+    - name: Parse secrets data
+      no_log: '{{ override_no_log | default(true) }}'
+      parse_secrets_info:
+        values_secrets_plaintext: "{{ values_secrets_data }}"
+        secrets_backing_store: "{{ secrets_backing_store }}"
+      register: secrets_results
+
+    - name: Display secrets data
+      ansible.builtin.debug:
+        var: secrets_results
diff --git a/ansible/playbooks/process_secrets/process_secrets.yml b/ansible/playbooks/process_secrets/process_secrets.yml
new file mode 100644
index 000000000..ecc1b5656
--- /dev/null
+++ b/ansible/playbooks/process_secrets/process_secrets.yml
@@ -0,0 +1,50 @@
+---
+- name: Parse and load secrets
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars:
+    secrets_role: 'vault_utils'
+    pattern_name: 'common'
+    pattern_dir: '.'
+    secrets_backing_store: 'vault'
+    tasks_from: 'push_parsed_secrets'
+  tasks:
+    - name: "Run secret-loading pre-requisites"
+      ansible.builtin.include_role:
+        name: '{{ item }}'
+      loop:
+        - cluster_pre_check
+        - find_vp_secrets
+
+    # find_vp_secrets will return a plaintext data structure called values_secrets_data
+    # This will allow us to determine schema version and which backend to use
+    - name: Determine how to load secrets
+      ansible.builtin.set_fact:
+        secrets_yaml: '{{ values_secrets_data | from_yaml }}'
+
+    - name: Parse secrets data
+      no_log: '{{ override_no_log | default(true) }}'
+      parse_secrets_info:
+        values_secrets_plaintext: "{{ values_secrets_data }}"
+        secrets_backing_store: "{{ secrets_backing_store }}"
+      register: secrets_results
+
+    # Use the k8s secrets loader when explicitly requested
+    - name: Determine role to use to load secrets
+      ansible.builtin.set_fact:
+        secrets_role: 'k8s_secret_utils'
+        tasks_from: 'inject_k8s_secrets'
+      when:
+        - secrets_backing_store == "kubernetes" or secrets_backing_store == "none"
+        - secrets_yaml['version'] | default('2.0') >= '2.0'
+
+    # secrets_role will have been changed from the default if needed
+    - name: Load secrets using designated role and tasks
+      ansible.builtin.include_role:
+        name: '{{ secrets_role }}'
+        tasks_from: '{{ tasks_from }}'
+      vars:
+        kubernetes_secret_objects: "{{ secrets_results['kubernetes_secret_objects'] }}"
+        vault_policies: "{{ secrets_results['vault_policies'] }}"
+        parsed_secrets: "{{ secrets_results['parsed_secrets'] }}"
diff --git a/ansible/playbooks/vault/vault.yaml b/ansible/playbooks/vault/vault.yaml
index 64711e47b..b0da9405a 100644
--- a/ansible/playbooks/vault/vault.yaml
+++ b/ansible/playbooks/vault/vault.yaml
@@ -4,4 +4,6 @@
   connection: local
   gather_facts: false
   roles:
+   - find_vp_secrets
+   - cluster_pre_check
    - vault_utils
diff --git a/ansible/plugins/module_utils/load_secrets_common.py b/ansible/plugins/module_utils/load_secrets_common.py
index 1652a287e..b4ebc8161 100644
--- a/ansible/plugins/module_utils/load_secrets_common.py
+++ b/ansible/plugins/module_utils/load_secrets_common.py
@@ -102,3 +102,23 @@ def get_ini_value(inifile, inisection, inikey):
     config = configparser.ConfigParser()
     config.read(inifile)
     return config.get(inisection, inikey, fallback=None)
+
+
+def stringify_dict(input_dict):
+    """
+    Return a dict whose keys and values are all co-erced to strings, for creating labels and annotations in the
+    python Kubernetes module
+
+    Parameters:
+        input_dict(dict): A dictionary of keys and values
+
+    Returns:
+
+        obj: The same dict in the same order but with the keys coerced to str
+    """
+    output_dict = {}
+
+    for key, value in input_dict.items():
+        output_dict[str(key)] = str(value)
+
+    return output_dict
diff --git a/ansible/plugins/module_utils/parse_secrets_v2.py b/ansible/plugins/module_utils/parse_secrets_v2.py
new file mode 100644
index 000000000..512f75ef1
--- /dev/null
+++ b/ansible/plugins/module_utils/parse_secrets_v2.py
@@ -0,0 +1,527 @@
+# Copyright 2022, 2023 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Module that implements V2 of the values-secret.yaml spec
+"""
+
+import base64
+import getpass
+import os
+
+from ansible.module_utils.load_secrets_common import (
+    find_dupes,
+    get_ini_value,
+    get_version,
+    stringify_dict,
+)
+
+default_vp_vault_policies = {
+    "validatedPatternDefaultPolicy": (
+        "length=20\n"
+        'rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\n'
+        'rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\n'
+        'rule "charset" { charset = "0123456789" min-chars = 1 }\n'
+        'rule "charset" { charset = "!@#%^&*" min-chars = 1 }\n'
+    )
+}
+
+secret_store_namespace = "validated-patterns-secrets"
+
+
+class ParseSecretsV2:
+    def __init__(self, module, syaml, secrets_backing_store):
+        self.module = module
+        self.syaml = syaml
+        self.secrets_backing_store = str(secrets_backing_store)
+        self.secret_store_namespace = None
+        self.parsed_secrets = {}
+        self.kubernetes_secret_objects = []
+        self.vault_policies = {}
+
+    def _get_backingstore(self):
+        """
+        Backing store is now influenced by the caller more than the file. Setting
+        Return the backingStore: of the parsed yaml object. In most cases the file
+        key was not set anyway - since vault was the only supported option. Since
+        we are introducing new options now, this method of defining behavior is
+        deprecated, but if the file key is included it must match the option defined
+        by values-global in the pattern, or there is an error. The default remains
+        'vault' if the key is unspecified.
+
+        Returns:
+            ret(str): The value of the top-level 'backingStore:' key
+        """
+        file_backing_store = str(self.syaml.get("backingStore", "unset"))
+
+        if file_backing_store == "unset":
+            pass
+        else:
+            if file_backing_store != self.secrets_backing_store:
+                self.module.fail_json(
+                    f"Secrets file specifies '{file_backing_store}' backend but pattern config "
+                    f"specifies '{self.secrets_backing_store}'."
+                )
+
+        return self.secrets_backing_store
+
+    def _get_vault_policies(self, enable_default_vp_policies=True):
+        # We start off with the hard-coded default VP policy and add the user-defined ones
+        if enable_default_vp_policies:
+            policies = default_vp_vault_policies.copy()
+        else:
+            policies = {}
+
+        # This is useful for embedded newlines, which occur with YAML
+        # flow-type scalars (|, |- for example)
+        for name, policy in self.syaml.get("vaultPolicies", {}).items():
+            policies[name] = self._sanitize_yaml_value(policy)
+
+        return policies
+
+    def _get_secrets(self):
+        return self.syaml.get("secrets", {})
+
+    def _get_field_on_missing_value(self, f):
+        # By default if 'onMissingValue' is missing we assume we need to
+        # error out whenever the value is missing
+        return f.get("onMissingValue", "error")
+
+    def _get_field_value(self, f):
+        return f.get("value", None)
+
+    def _get_field_path(self, f):
+        return f.get("path", None)
+
+    def _get_field_ini_file(self, f):
+        return f.get("ini_file", None)
+
+    def _get_field_annotations(self, f):
+        return f.get("annotations", {})
+
+    def _get_field_labels(self, f):
+        return f.get("labels", {})
+
+    def _get_field_kind(self, f):
+        # value: null will be interpreted with None, so let's just
+        # check for the existence of the field, as we use 'value: null' to say
+        # "we want a value/secret and not a file path"
+        found = []
+        for i in ["value", "path", "ini_file"]:
+            if i in f:
+                found.append(i)
+
+        if len(found) > 1:  # you can only have one of value, path and ini_file
+            self.module.fail_json(
+                f"Both '{found[0]}' and '{found[1]}' cannot be used "
+                f"in field {f['name']}"
+            )
+
+        if len(found) == 0:
+            return ""
+        return found[0]
+
+    def _get_field_prompt(self, f):
+        return f.get("prompt", None)
+
+    def _get_field_base64(self, f):
+        return bool(f.get("base64", False))
+
+    def _get_field_override(self, f):
+        return bool(f.get("override", False))
+
+    def _get_secret_store_namespace(self):
+        return str(self.syaml.get("secretStoreNamespace", secret_store_namespace))
+
+    def _get_vault_prefixes(self, s):
+        return list(s.get("vaultPrefixes", ["hub"]))
+
+    def _get_default_labels(self):
+        return self.syaml.get("defaultLabels", {})
+
+    def _get_default_annotations(self):
+        return self.syaml.get("defaultAnnotations", {})
+
+    def _append_kubernetes_secret(self, secret_obj):
+        self.kubernetes_secret_objects.append(secret_obj)
+
+    def _sanitize_yaml_value(self, value):
+        # This is useful for embedded newlines, which occur with YAML
+        # flow-type scalars (|, |- for example)
+        if value is not None:
+            sanitized_value = bytes(value, "utf-8").decode("unicode_escape")
+        else:
+            sanitized_value = None
+
+        return sanitized_value
+
+    def _create_k8s_secret(self, sname, secret_type, namespace, labels, annotations):
+        return {
+            "type": secret_type,
+            "kind": "Secret",
+            "apiVersion": "v1",
+            "metadata": {
+                "name": sname,
+                "namespace": namespace,
+                "annotations": annotations,
+                "labels": labels,
+            },
+            "stringData": {},
+        }
+
+    # This does what inject_secrets used to (mostly)
+    def parse(self):
+        self.sanitize_values()
+        self.vault_policies = self._get_vault_policies()
+        self.secret_store_namespace = self._get_secret_store_namespace()
+        backing_store = self._get_backingstore()
+        secrets = self._get_secrets()
+
+        total_secrets = 0  # Counter for all the secrets uploaded
+        for s in secrets:
+            total_secrets += 1
+            counter = 0  # This counter is to use kv put on first secret and kv patch on latter
+            sname = s.get("name")
+            fields = s.get("fields", [])
+            vault_prefixes = self._get_vault_prefixes(s)
+            secret_type = s.get("type", "Opaque")
+            vault_mount = s.get("vaultMount", "secret")
+            target_namespaces = s.get("targetNamespaces", [])
+            labels = stringify_dict(s.get("labels", self._get_default_labels()))
+            annotations = stringify_dict(
+                s.get("annotations", self._get_default_annotations())
+            )
+
+            self.parsed_secrets[sname] = {
+                "name": sname,
+                "fields": {},
+                "vault_mount": vault_mount,
+                "vault_policies": {},
+                "vault_prefixes": vault_prefixes,
+                "override": [],
+                "generate": [],
+                "paths": {},
+                "base64": [],
+                "ini_file": {},
+                "type": secret_type,
+                "target_namespaces": target_namespaces,
+                "labels": labels,
+                "annotations": annotations,
+            }
+
+            for i in fields:
+                self._inject_field(sname, i)
+                counter += 1
+
+            if backing_store == "kubernetes":
+                k8s_namespaces = [self._get_secret_store_namespace()]
+            else:
+                k8s_namespaces = target_namespaces
+
+            for tns in k8s_namespaces:
+                k8s_secret = self._create_k8s_secret(
+                    sname, secret_type, tns, labels, annotations
+                )
+                k8s_secret["stringData"] = self.parsed_secrets[sname]["fields"]
+                self.kubernetes_secret_objects.append(k8s_secret)
+
+        return total_secrets
+
+    # This function could use some rewriting and it should call a specific validation function
+    # for each type (value, path, ini_file)
+    def _validate_field(self, f):
+        # These fields are mandatory
+        try:
+            _ = f["name"]
+        except KeyError:
+            return (False, f"Field {f} is missing name")
+
+        on_missing_value = self._get_field_on_missing_value(f)
+        if on_missing_value not in ["error", "generate", "prompt"]:
+            return (False, f"onMissingValue: {on_missing_value} is invalid")
+
+        value = self._get_field_value(f)
+        path = self._get_field_path(f)
+        ini_file = self._get_field_ini_file(f)
+        kind = self._get_field_kind(f)
+        if kind == "ini_file":
+            # if we are using ini_file then at least ini_key needs to be defined
+            # ini_section defaults to 'default' when omitted
+            ini_key = f.get("ini_key", None)
+            if ini_key is None:
+                return (
+                    False,
+                    "ini_file requires at least ini_key to be defined",
+                )
+
+        # Test if base64 is a correct boolean (defaults to False)
+        _ = self._get_field_base64(f)
+        _ = self._get_field_override(f)
+
+        vault_policy = f.get("vaultPolicy", None)
+        if vault_policy is not None and vault_policy not in self._get_vault_policies():
+            return (
+                False,
+                f"Secret has vaultPolicy set to {vault_policy} but no such policy exists",
+            )
+
+        if on_missing_value in ["error"]:
+            if (
+                (value is None or len(value) < 1)
+                and (path is None or len(path) < 1)
+                and (ini_file is None or len(ini_file) < 1)
+            ):
+                return (
+                    False,
+                    "Secret has onMissingValue set to 'error' and has neither value nor path nor ini_file set",
+                )
+            if path is not None and not os.path.isfile(os.path.expanduser(path)):
+                return (False, f"Field has non-existing path: {path}")
+
+            if ini_file is not None and not os.path.isfile(
+                os.path.expanduser(ini_file)
+            ):
+                return (False, f"Field has non-existing ini_file: {ini_file}")
+
+        if on_missing_value in ["prompt"]:
+            # When we prompt, the user needs to set one of the following:
+            # - value: null # prompt for a secret without a default value
+            # - value: 123 # prompt for a secret but use a default value
+            # - path: null # prompt for a file path without a default value
+            # - path: /tmp/ca.crt # prompt for a file path with a default value
+            if "value" not in f and "path" not in f:
+                return (
+                    False,
+                    "Secret has onMissingValue set to 'prompt' but has no value nor path fields",
+                )
+
+            if "override" in f:
+                return (
+                    False,
+                    "'override' attribute requires 'onMissingValue' to be set to 'generate'",
+                )
+
+        return (True, "")
+
+    def _validate_secrets(self):
+        backing_store = self._get_backingstore()
+        secrets = self._get_secrets()
+        if len(secrets) == 0:
+            self.module.fail_json("No secrets found")
+
+        names = []
+        for s in secrets:
+            # These fields are mandatory
+            for i in ["name"]:
+                try:
+                    _ = s[i]
+                except KeyError:
+                    return (False, f"Secret {s['name']} is missing {i}")
+            names.append(s["name"])
+
+            vault_prefixes = s.get("vaultPrefixes", ["hub"])
+            # This checks for the case when vaultPrefixes: is specified but empty
+            if vault_prefixes is None or len(vault_prefixes) == 0:
+                return (False, f"Secret {s['name']} has empty vaultPrefixes")
+
+            namespaces = s.get("targetNamespaces", [])
+            if not isinstance(namespaces, list):
+                return (False, f"Secret {s['name']} targetNamespaces must be a list")
+
+            if backing_store == "none" and namespaces == []:
+                return (
+                    False,
+                    f"Secret {s['name']} targetNamespaces cannot be empty for secrets backend {backing_store}",
+                )  # noqa: E501
+
+            labels = s.get("labels", {})
+            if not isinstance(labels, dict):
+                return (False, f"Secret {s['name']} labels must be a dictionary")
+
+            annotations = s.get("annotations", {})
+            if not isinstance(annotations, dict):
+                return (False, f"Secret {s['name']} annotations must be a dictionary")
+
+            fields = s.get("fields", [])
+            if len(fields) == 0:
+                return (False, f"Secret {s['name']} does not have any fields")
+
+            field_names = []
+            for i in fields:
+                (ret, msg) = self._validate_field(i)
+                if not ret:
+                    return (False, msg)
+                field_names.append(i["name"])
+            field_dupes = find_dupes(field_names)
+            if len(field_dupes) > 0:
+                return (False, f"You cannot have duplicate field names: {field_dupes}")
+
+        dupes = find_dupes(names)
+        if len(dupes) > 0:
+            return (False, f"You cannot have duplicate secret names: {dupes}")
+        return (True, "")
+
+    def sanitize_values(self):
+        """
+        Sanitizes the secrets YAML object version 2.0
+
+        Parameters:
+
+        Returns:
+            Nothing: Updates self.syaml(obj) if needed
+        """
+        v = get_version(self.syaml)
+        if v not in ["2.0"]:
+            self.module.fail_json(f"Version is not 2.0: {v}")
+
+        backing_store = self._get_backingstore()
+        if backing_store not in [
+            "kubernetes",
+            "vault",
+            "none",
+        ]:  # we currently only support vault
+            self.module.fail_json(
+                f"Currently only the 'vault', 'kubernetes' and 'none' backingStores are supported: {backing_store}"
+            )
+
+        (ret, msg) = self._validate_secrets()
+        if not ret:
+            self.module.fail_json(msg)
+
+    def _get_secret_value(self, name, field):
+        on_missing_value = self._get_field_on_missing_value(field)
+        # We cannot use match + case as RHEL8 has python 3.9 (it needs 3.10)
+        # We checked for errors in _validate_secrets() already
+        if on_missing_value == "error":
+            return self._sanitize_yaml_value(field.get("value"))
+        elif on_missing_value == "prompt":
+            prompt = self._get_field_prompt(field)
+            if prompt is None:
+                prompt = f"Type secret for {name}/{field['name']}: "
+            value = self._get_field_value(field)
+            if value is not None:
+                prompt += f" [{value}]"
+            prompt += ": "
+            return getpass.getpass(prompt)
+        return None
+
+    def _get_file_path(self, name, field):
+        on_missing_value = self._get_field_on_missing_value(field)
+        if on_missing_value == "error":
+            return os.path.expanduser(field.get("path"))
+        elif on_missing_value == "prompt":
+            prompt = self._get_field_prompt(field)
+            path = self._get_field_path(field)
+            if path is None:
+                path = ""
+
+            if prompt is None:
+                text = f"Type path for file {name}/{field['name']} [{path}]: "
+            else:
+                text = f"{prompt} [{path}]: "
+
+            newpath = getpass.getpass(text)
+            if newpath == "":  # Set the default if no string was entered
+                newpath = path
+
+            if os.path.isfile(os.path.expanduser(newpath)):
+                return newpath
+            self.module.fail_json(f"File {newpath} not found, exiting")
+
+        self.module.fail_json("File with wrong onMissingValue")
+
+    def _inject_field(self, secret_name, f):
+        on_missing_value = self._get_field_on_missing_value(f)
+        override = self._get_field_override(f)
+        kind = self._get_field_kind(f)
+        b64 = self._get_field_base64(f)
+
+        if kind in ["value", ""]:
+            if on_missing_value == "generate":
+                self.parsed_secrets[secret_name]["generate"].append(f["name"])
+                if self._get_backingstore() != "vault":
+                    self.module.fail_json(
+                        "You cannot have onMissingValue set to 'generate' unless using vault backingstore "
+                        f"for secret {secret_name} field {f['name']}"
+                    )
+                else:
+                    if kind in ["path", "ini_file"]:
+                        self.module.fail_json(
+                            "You cannot have onMissingValue set to 'generate' with a path or ini_file"
+                            f" for secret {secret_name} field {f['name']}"
+                        )
+
+                vault_policy = f.get("vaultPolicy", "validatedPatternDefaultPolicy")
+
+                if override:
+                    self.parsed_secrets[secret_name]["override"].append(f["name"])
+
+                if b64:
+                    self.parsed_secrets[secret_name]["base64"].append(f["name"])
+
+                self.parsed_secrets[secret_name]["fields"][f["name"]] = None
+                self.parsed_secrets[secret_name]["vault_policies"][
+                    f["name"]
+                ] = vault_policy
+
+                return
+
+            # If we're not generating the secret inside the vault directly we either read it from the file ("error")
+            # or we are prompting the user for it
+            secret = self._get_secret_value(secret_name, f)
+            if b64:
+                secret = base64.b64encode(secret.encode()).decode("utf-8")
+                self.parsed_secrets[secret_name]["base64"].append(f["name"])
+
+            self.parsed_secrets[secret_name]["fields"][f["name"]] = secret
+
+        elif kind == "path":  # path. we upload files
+            path = self._get_file_path(secret_name, f)
+            self.parsed_secrets[secret_name]["paths"][f["name"]] = path
+
+            binfile = False
+
+            # Default to UTF-8
+            try:
+                secret = open(path, encoding="utf-8").read()
+            except UnicodeDecodeError:
+                secret = open(path, "rb").read()
+                binfile = True
+
+            if b64:
+                self.parsed_secrets[secret_name]["base64"].append(f["name"])
+                if binfile:
+                    secret = base64.b64encode(bytes(secret)).decode("utf-8")
+                else:
+                    secret = base64.b64encode(secret.encode()).decode("utf-8")
+
+            self.parsed_secrets[secret_name]["fields"][f["name"]] = secret
+        elif kind == "ini_file":  # ini_file. we parse an ini_file
+            ini_file = os.path.expanduser(f.get("ini_file"))
+            ini_section = f.get("ini_section", "default")
+            ini_key = f.get("ini_key")
+            secret = get_ini_value(ini_file, ini_section, ini_key)
+            if b64:
+                self.parsed_secrets[secret_name]["base64"].append(f["name"])
+                secret = base64.b64encode(secret.encode()).decode("utf-8")
+
+            self.parsed_secrets[secret_name]["ini_file"][f["name"]] = {
+                "ini_file": ini_file,
+                "ini_section": ini_section,
+                "ini_key": ini_key,
+            }
+            self.parsed_secrets[secret_name]["fields"][f["name"]] = secret
+
+        return
diff --git a/ansible/plugins/modules/parse_secrets_info.py b/ansible/plugins/modules/parse_secrets_info.py
new file mode 100644
index 000000000..b962271a3
--- /dev/null
+++ b/ansible/plugins/modules/parse_secrets_info.py
@@ -0,0 +1,149 @@
+# Copyright 2022,2023 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Ansible plugin module that loads secrets from a yaml file and pushes them
+inside the HashiCorp Vault in an OCP cluster. The values-secrets.yaml file is
+expected to be in the following format:
+---
+# version is optional. When not specified it is assumed it is 1.0
+version: 1.0
+
+# These secrets will be pushed in the vault at secret/hub/test The vault will
+# have secret/hub/test with secret1 and secret2 as keys with their associated
+# values (secrets)
+secrets:
+  test:
+    secret1: foo
+    secret2: bar
+
+# This will create the vault key secret/hub/testfoo which will have two
+# properties 'b64content' and 'content' which will be the base64-encoded
+# content and the normal content respectively
+files:
+  testfoo: ~/ca.crt
+
+# These secrets will be pushed in the vault at secret/region1/test The vault will
+# have secret/region1/test with secret1 and secret2 as keys with their associated
+# values (secrets)
+secrets.region1:
+  test:
+    secret1: foo1
+    secret2: bar1
+
+# This will create the vault key secret/region2/testbar which will have two
+# properties 'b64content' and 'content' which will be the base64-encoded
+# content and the normal content respectively
+files.region2:
+  testbar: ~/ca.crt
+"""
+
+import yaml
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.parse_secrets_v2 import ParseSecretsV2
+
+ANSIBLE_METADATA = {
+    "metadata_version": "1.2",
+    "status": ["preview"],
+    "supported_by": "community",
+}
+
+DOCUMENTATION = """
+---
+module: parse_secrets_info
+short_description: Parses a Validated Patterns Secrets file for later loading
+version_added: "2.50"
+author: "Martin Jackson"
+description:
+  - Takes a values-secret.yaml file, parses and returns values for secrets loading. The goal here is to do all the
+    work of reading and interpreting the file and resolving the content pointers (that is, creating content where it
+    is given) such that that content is then available for secrets vaults to load. It does not attempt to load the
+    content or interpret the content beyond the conventions of the file format. (So, it knows how to retrieve
+    ini-keys, about paths, and about base64 but leaves interaction with backends to backend-specific code.
+options:
+  values_secrets_plaintext:
+    description:
+      - The unencrypted content of the values-secrets file
+    required: true
+    type: str
+  secrets_backing_store:
+    description:
+      - The secrets backing store that will be used for parsed secrets (i.e. vault, kubernetes, none)
+    required: false
+    default: vault
+    type: str
+"""
+
+RETURN = """
+"""
+
+EXAMPLES = """
+- name: Parse secrets file into objects - backingstore defaults to vault
+  parse_secrets_info:
+    values_secrets_plaintext: '{{ <unencrypted content> }}'
+  register: secrets_info
+
+- name: Parse secrets file into data structures
+  parse_secrets_info:
+    values_secrets_plaintext: '{{ <unencrypted content> }}'
+    secrets_backing_store: 'kubernetes'
+  register: secrets_info
+
+- name: Parse secrets file into data structures
+  parse_secrets_info:
+    values_secrets_plaintext: '{{ <unencrypted content> }}'
+    secrets_backing_store: 'none'
+  register: secrets_info
+"""
+
+
+def run(module):
+    """Main ansible module entry point"""
+    results = dict(changed=False)
+
+    args = module.params
+    values_secrets_plaintext = args.get("values_secrets_plaintext", "")
+    secrets_backing_store = args.get("secrets_backing_store", "vault")
+
+    syaml = yaml.safe_load(values_secrets_plaintext)
+
+    if syaml is None:
+        syaml = {}
+
+    parsed_secret_obj = ParseSecretsV2(module, syaml, secrets_backing_store)
+    parsed_secret_obj.parse()
+
+    results["failed"] = False
+    results["changed"] = False
+
+    results["vault_policies"] = parsed_secret_obj.vault_policies
+    results["parsed_secrets"] = parsed_secret_obj.parsed_secrets
+    results["kubernetes_secret_objects"] = parsed_secret_obj.kubernetes_secret_objects
+    results["secret_store_namespace"] = parsed_secret_obj.secret_store_namespace
+
+    module.exit_json(**results)
+
+
+def main():
+    """Main entry point where the AnsibleModule class is instantiated"""
+    module = AnsibleModule(
+        argument_spec=yaml.safe_load(DOCUMENTATION)["options"],
+        supports_check_mode=True,
+    )
+    run(module)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/ansible/plugins/modules/vault_load_parsed_secrets.py b/ansible/plugins/modules/vault_load_parsed_secrets.py
new file mode 100644
index 000000000..cfcf97321
--- /dev/null
+++ b/ansible/plugins/modules/vault_load_parsed_secrets.py
@@ -0,0 +1,302 @@
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Ansible plugin module that loads secrets and policies once parsed and pushes them
+into a HashiCorp Vault in an OCP cluster. The values-secrets.yaml file is
+expected to be in the following format:
+---
+# version is optional. When not specified it is assumed it is 2.0
+version: 2.0
+
+"""
+
+import os
+import time
+
+import yaml
+from ansible.module_utils.basic import AnsibleModule
+
+ANSIBLE_METADATA = {
+    "metadata_version": "1.1",
+    "status": ["preview"],
+    "supported_by": "community",
+}
+
+DOCUMENTATION = """
+---
+module: vault_load_parsed_secrets
+short_description: Loads secrets into the HashiCorp Vault
+version_added: "2.50"
+author: "Martin Jackson"
+description:
+    - Takes parsed secrets objects and vault policies (as delivered by parse_secrets_info) and runs the commands to
+      load them into a vault instance. The relevent metadata will exist in the parsed secrets object. Returns count
+      of secrets injected.
+options:
+  parsed_secrets:
+    description:
+      - A structure containing the secrets, fields, and their metadata
+    required: true
+    type: dict
+  vault_policies:
+    description:
+      - Vault policies to inject into the instance.
+    required: true
+    type: dict
+  namespace:
+    description:
+      - Namespace where the vault is running
+    required: false
+    type: str
+    default: vault
+  pod:
+    description:
+      - Name of the vault pod to use to inject secrets
+    required: false
+    type: str
+    default: vault-0
+"""
+
+RETURN = """
+"""
+
+EXAMPLES = """
+- name: Loads secrets file into the vault of a cluster
+  vault_load_parsed_secrets:
+    parsed_secrets: "{{ parsed_secrets_structure_from_parse_secrets_info }}"
+    vault_policies: "{{ parsed_vault_policies_structure_from_parse_secrets_info }}"
+"""
+
+
+class VaultSecretLoader:
+    def __init__(
+        self,
+        module,
+        parsed_secrets,
+        vault_policies,
+        namespace,
+        pod,
+    ):
+        self.module = module
+        self.parsed_secrets = parsed_secrets
+        self.vault_policies = vault_policies
+        self.namespace = namespace
+        self.pod = pod
+
+    def _run_command(self, command, attempts=1, sleep=3, checkrc=True):
+        """
+        Runs a command on the host ansible is running on. A failing command
+        will raise an exception in this function directly (due to check=True)
+
+        Parameters:
+          command(str): The command to be run.
+          attempts(int): Number of times to retry in case of Error (defaults to 1)
+          sleep(int): Number of seconds to wait in between retry attempts (defaults to 3s)
+
+        Returns:
+          ret(subprocess.CompletedProcess): The return value from run()
+        """
+        for attempt in range(attempts):
+            ret = self.module.run_command(
+                command,
+                check_rc=checkrc,
+                use_unsafe_shell=True,
+                environ_update=os.environ.copy(),
+            )
+            if ret[0] == 0:
+                return ret
+            if attempt >= attempts - 1:
+                return ret
+            time.sleep(sleep)
+
+    def _vault_secret_attr_exists(self, mount, prefix, secret_name, attribute):
+        cmd = (
+            f"oc exec -n {self.namespace} {self.pod} -i -- sh -c "
+            f'"vault kv get -mount={mount} -field={attribute} {prefix}/{secret_name}"'
+        )
+        # we ignore stdout and stderr
+        (ret, _, _) = self._run_command(cmd, attempts=1, checkrc=False)
+        if ret == 0:
+            return True
+
+        return False
+
+    def load_vault(self):
+        injected_secret_count = 0
+
+        self.inject_vault_policies()
+
+        for secret_name, secret in self.parsed_secrets.items():
+            self.inject_secret(secret_name, secret)
+            injected_secret_count += 1
+
+        return injected_secret_count
+
+    def inject_field(
+        self,
+        secret_name,
+        soverride,
+        sbase64,
+        sgenerate,
+        spaths,
+        svault_policies,
+        fieldname,
+        fieldvalue,
+        mount,
+        vault_prefixes,
+        first=False,
+    ):
+        # Special cases:
+        #   generate w|wo override
+        #   path (w|wo b64)
+        #
+        #   inifile secrets will be resolved by parser
+        #   values (including base64'd ones) will be resolved by parser
+        # And we just ignore k8s or other fields
+
+        override = True if fieldname in soverride else False
+        b64 = True if fieldname in sbase64 else False
+        generate = True if fieldname in sgenerate else False
+        path = spaths.get(fieldname, False)
+        prefixes = vault_prefixes
+        verb = "put" if first else "patch"
+        policy = svault_policies.get(fieldname, False)
+
+        # "generate" secrets are created with policies and may be overridden or not
+        if generate:
+            gen_cmd = (
+                f"vault read -field=password sys/policies/password/{policy}/generate"
+            )
+            if b64:
+                gen_cmd += " | base64 --wrap=0"
+            for prefix in prefixes:
+                # if the override field is False and the secret attribute exists at the prefix then we just
+                # skip, as we do not want to overwrite the existing secret
+                if not override and self._vault_secret_attr_exists(
+                    mount, prefix, secret_name, fieldname
+                ):
+                    continue
+                cmd = (
+                    f"oc exec -n {self.namespace} {self.pod} -i -- sh -c "
+                    f'"{gen_cmd} | vault kv {verb} -mount={mount} {prefix}/{secret_name} {fieldname}=-"'
+                )
+                self._run_command(cmd, attempts=3)
+            return
+
+        if path:
+            for prefix in prefixes:
+                if b64:
+                    b64_cmd = "| base64 --wrap=0"
+                else:
+                    b64_cmd = ""
+                cmd = (
+                    f"cat '{path}' | oc exec -n {self.namespace} {self.pod} -i -- sh -c "
+                    f"'cat - {b64_cmd}> /tmp/vcontent'; "
+                    f"oc exec -n {self.namespace} {self.pod} -i -- sh -c '"
+                    f"vault kv {verb} -mount={mount} {prefix}/{secret_name} {fieldname}=@/tmp/vcontent; "
+                    f"rm /tmp/vcontent'"
+                )
+                self._run_command(cmd, attempts=3)
+            return
+
+        for prefix in prefixes:
+            cmd = (
+                f"oc exec -n {self.namespace} {self.pod} -i -- sh -c "
+                f"\"vault kv {verb} -mount={mount} {prefix}/{secret_name} {fieldname}='{fieldvalue}'\""
+            )
+            self._run_command(cmd, attempts=3)
+        return
+
+    def inject_secret(self, secret_name, secret):
+        mount = secret.get("vault_mount", "secret")
+        vault_prefixes = secret.get("vault_prefixes", ["hub"])
+
+        counter = 0
+        # In this structure, each field will have one value
+        for fname, fvalue in secret.get("fields").items():
+            self.inject_field(
+                secret_name=secret_name,
+                soverride=secret["override"],
+                sbase64=secret["base64"],
+                sgenerate=secret["generate"],
+                spaths=secret["paths"],
+                svault_policies=secret["vault_policies"],
+                fieldname=fname,
+                fieldvalue=fvalue,
+                mount=mount,
+                vault_prefixes=vault_prefixes,
+                first=counter == 0,
+            )
+            counter += 1
+        return
+
+    def inject_vault_policies(self):
+        for name, policy in self.vault_policies.items():
+            cmd = (
+                f"echo '{policy}' | oc exec -n {self.namespace} {self.pod} -i -- sh -c "
+                f"'cat - > /tmp/{name}.hcl';"
+                f"oc exec -n {self.namespace} {self.pod} -i -- sh -c 'vault write sys/policies/password/{name} "
+                f" policy=@/tmp/{name}.hcl'"
+            )
+            self._run_command(cmd, attempts=3)
+
+
+def run(module):
+    """Main ansible module entry point"""
+    results = dict(changed=False)
+
+    args = module.params
+
+    vault_policies = args.get("vault_policies", {})
+    parsed_secrets = args.get("parsed_secrets", {})
+    namespace = args.get("namespace", "vault")
+    pod = args.get("pod", "vault-0")
+
+    if vault_policies == {}:
+        results["failed"] = True
+        module.fail_json("Must pass vault_policies")
+
+    if parsed_secrets == {}:
+        results["failed"] = True
+        module.fail_json("Must pass parsed_secrets")
+
+    loader = VaultSecretLoader(
+        module,
+        parsed_secrets,
+        vault_policies,
+        namespace,
+        pod,
+    )
+
+    nr_secrets = loader.load_vault()
+
+    results["failed"] = False
+    results["changed"] = True
+    results["msg"] = f"{nr_secrets} secrets injected"
+    module.exit_json(**results)
+
+
+def main():
+    """Main entry point where the AnsibleModule class is instantiated"""
+    module = AnsibleModule(
+        argument_spec=yaml.safe_load(DOCUMENTATION)["options"],
+        supports_check_mode=False,
+    )
+    run(module)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/ansible/roles/cluster_pre_check/defaults/main.yml b/ansible/roles/cluster_pre_check/defaults/main.yml
new file mode 100644
index 000000000..fd6cdd5c9
--- /dev/null
+++ b/ansible/roles/cluster_pre_check/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+kubeconfig_backup: "{{ lookup('env', 'HOME') }}/.kube/config"
diff --git a/ansible/roles/vault_utils/tasks/pre_check.yaml b/ansible/roles/cluster_pre_check/tasks/main.yml
similarity index 100%
rename from ansible/roles/vault_utils/tasks/pre_check.yaml
rename to ansible/roles/cluster_pre_check/tasks/main.yml
diff --git a/ansible/roles/find_vp_secrets/tasks/main.yml b/ansible/roles/find_vp_secrets/tasks/main.yml
new file mode 100644
index 000000000..ce847a01b
--- /dev/null
+++ b/ansible/roles/find_vp_secrets/tasks/main.yml
@@ -0,0 +1,87 @@
+---
+# Once V1 support is dropped we can remove the whole secret_template support
+- name: Set secret_template fact
+  no_log: "{{ override_no_log | default(true) }}"
+  ansible.builtin.set_fact:
+    secret_template: "{{ pattern_dir }}/values-secret.yaml.template"
+
+- name: Is a VALUES_SECRET env variable set?
+  ansible.builtin.set_fact:
+    custom_env_values_secret: "{{ lookup('ansible.builtin.env', 'VALUES_SECRET') }}"
+
+- name: Check if VALUES_SECRET file exists
+  ansible.builtin.stat:
+    path: "{{ custom_env_values_secret }}"
+  register: custom_file_values_secret
+  when: custom_env_values_secret | default('') | length > 0
+
+- name: Set values-secret yaml file to {{ custom_file_values_secret.stat.path }}
+  ansible.builtin.set_fact:
+    found_file: "{{ custom_file_values_secret.stat.path }}"
+  when:
+    - custom_env_values_secret | default('') | length > 0
+    - custom_file_values_secret.stat.exists
+
+# FIXME(bandini): Eventually around end of 2023(?) we should drop
+# ~/values-secret-{{ pattern_name }}.yaml and ~/values-secret.yaml
+- name: Find first existing values-secret yaml file
+  ansible.builtin.set_fact:
+    found_file: "{{ lookup('ansible.builtin.first_found', findme) }}"
+  vars:
+    findme:
+      - "~/.config/hybrid-cloud-patterns/values-secret-{{ pattern_name }}.yaml"
+      - "~/.config/validated-patterns/values-secret-{{ pattern_name }}.yaml"
+      - "~/values-secret-{{ pattern_name }}.yaml"
+      - "~/values-secret.yaml"
+      - "{{ pattern_dir }}/values-secret.yaml.template"
+  when: custom_env_values_secret | default('') | length == 0
+
+- name: Is found values secret file encrypted
+  no_log: "{{ override_no_log | default(true) }}"
+  ansible.builtin.shell: |
+    set -o pipefail
+    head -1 "{{ found_file }}" | grep -q \$ANSIBLE_VAULT
+  changed_when: false
+  register: encrypted
+  failed_when: (encrypted.rc not in [0, 1])
+
+# When HOME is set we replace it with '~' in this debug message
+# because when run from inside the container the HOME is /pattern-home
+# which is confusing for users
+- name: Is found values secret file encrypted
+  ansible.builtin.debug:
+    msg: "Using {{ (lookup('env', 'HOME') | length > 0) | ternary(found_file | regex_replace('^' + lookup('env', 'HOME'), '~'), found_file) }} to parse secrets"
+
+- name: Set encryption bool fact
+  no_log: "{{ override_no_log | default(true) }}"
+  ansible.builtin.set_fact:
+    is_encrypted: "{{ encrypted.rc == 0 | bool }}"
+
+- name: Get password for "{{ found_file }}"
+  ansible.builtin.pause:
+    prompt: "Input the password for {{ found_file }}"
+    echo: false
+  when: is_encrypted
+  register: vault_pass
+
+- name: Get decrypted content if {{ found_file }} was encrypted
+  no_log: "{{ override_no_log | default(true) }}"
+  ansible.builtin.shell:
+    ansible-vault view --vault-password-file <(cat <<<"{{ vault_pass.user_input }}") "{{ found_file }}"
+  register: values_secret_plaintext
+  when: is_encrypted
+  changed_when: false
+
+- name: Normalize secrets format (un-encrypted)
+  no_log: '{{ override_no_log | default(true) }}'
+  ansible.builtin.set_fact:
+    values_secrets_data: "{{ lookup('file', found_file) | from_yaml }}"
+  when: not is_encrypted
+  changed_when: false
+
+- name: Normalize secrets format (encrypted)
+  no_log: '{{ override_no_log | default(true) }}'
+  ansible.builtin.set_fact:
+    values_secrets_data: "{{ values_secret_plaintext.stdout | from_yaml }}"
+  when: is_encrypted
+  changed_when: false
diff --git a/ansible/roles/k8s_secret_utils/defaults/main.yml b/ansible/roles/k8s_secret_utils/defaults/main.yml
new file mode 100644
index 000000000..7ebda2071
--- /dev/null
+++ b/ansible/roles/k8s_secret_utils/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+secrets_ns: 'validated-patterns-secrets'
diff --git a/ansible/roles/k8s_secret_utils/tasks/inject_k8s_secret.yml b/ansible/roles/k8s_secret_utils/tasks/inject_k8s_secret.yml
new file mode 100644
index 000000000..283fb6a25
--- /dev/null
+++ b/ansible/roles/k8s_secret_utils/tasks/inject_k8s_secret.yml
@@ -0,0 +1,15 @@
+---
+- name: Check for secrets namespace
+  no_log: false
+  kubernetes.core.k8s_info:
+    kind: Namespace
+    name: "{{ item['metadata']['namespace'] }}"
+  register: secrets_ns_rc
+  until: secrets_ns_rc.resources | length > 0
+  retries: 20
+  delay: 45
+
+- name: Inject k8s secret
+  no_log: '{{ override_no_log | default(True) }}'
+  kubernetes.core.k8s:
+    definition: '{{ item }}'
diff --git a/ansible/roles/k8s_secret_utils/tasks/inject_k8s_secrets.yml b/ansible/roles/k8s_secret_utils/tasks/inject_k8s_secrets.yml
new file mode 100644
index 000000000..a22997346
--- /dev/null
+++ b/ansible/roles/k8s_secret_utils/tasks/inject_k8s_secrets.yml
@@ -0,0 +1,5 @@
+---
+- name: Inject secrets
+  no_log: '{{ override_no_log | default(True) }}'
+  ansible.builtin.include_tasks: inject_k8s_secret.yml
+  loop: '{{ kubernetes_secret_objects }}'
diff --git a/ansible/roles/k8s_secret_utils/tasks/main.yml b/ansible/roles/k8s_secret_utils/tasks/main.yml
new file mode 100644
index 000000000..d72de7ae6
--- /dev/null
+++ b/ansible/roles/k8s_secret_utils/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Parse and extract k8s secrets from values-secret file
+  ansible.builtin.include_tasks: parse_secrets.yml
+
+- name: Inject k8s secrets
+  ansible.builtin.include_tasks: inject_k8s_secrets.yml
diff --git a/ansible/roles/k8s_secret_utils/tasks/parse_secrets.yml b/ansible/roles/k8s_secret_utils/tasks/parse_secrets.yml
new file mode 100644
index 000000000..b1755cc2d
--- /dev/null
+++ b/ansible/roles/k8s_secret_utils/tasks/parse_secrets.yml
@@ -0,0 +1,12 @@
+---
+- name: Parse secrets data
+  # no_log: '{{ override_no_log | default(true) }}'
+  parse_secrets_info:
+    values_secrets_plaintext: "{{ values_secrets_data }}"
+    secrets_backing_store: "{{ secrets_backing_store }}"
+  register: secrets_results
+
+- name: Return kubernetes objects
+  no_log: '{{ override_no_log | default(true) }}'
+  ansible.builtin.set_fact:
+    kubernetes_secret_objects: "{{ secrets_results['kubernetes_secret_objects'] }}"
diff --git a/ansible/roles/vault_utils/tasks/push_parsed_secrets.yaml b/ansible/roles/vault_utils/tasks/push_parsed_secrets.yaml
new file mode 100644
index 000000000..cbca15e08
--- /dev/null
+++ b/ansible/roles/vault_utils/tasks/push_parsed_secrets.yaml
@@ -0,0 +1,43 @@
+---
+- name: "Do pre-checks for Vault"
+  ansible.builtin.include_role:
+    name: vault_utils
+    tasks_from: vault_status
+
+# Unfortunately we cannot loop vault_status and just check if the vault is unsealed
+# https://github.com/ansible/proposals/issues/136
+# So here we keep running the 'vault status' command until sealed is set to false
+- name: If the vault is still sealed we need to retry
+  kubernetes.core.k8s_exec:
+    namespace: "{{ vault_ns }}"
+    pod: "{{ vault_pod }}"
+    command: vault status -format=json
+  register: vault_status_json
+  until: "'stdout' in vault_status_json and (not (vault_status_json.stdout | from_json)['sealed'] | bool)"
+  retries: 20
+  delay: 45
+  failed_when: "'stdout_lines' not in vault_status_json"
+
+# This step is not really needed when running make vault-init + load-secrets as
+# everything is sequential
+# It is needed when the vault is unsealed/configured inside the cluster and load-secrets
+# gets run *while* the cronjob configures the vault. I.e. it might be half configured and return
+# errors
+- name: Make sure that the vault auth policy exists
+  kubernetes.core.k8s_exec:
+    namespace: "{{ vault_ns }}"
+    pod: "{{ vault_pod }}"
+    command:
+      sh -c "vault list auth/{{ vault_hub }}/role | grep '{{ vault_hub }}-role'"
+  register: vault_role_cmd
+  until:
+    - vault_role_cmd.rc is defined
+    - vault_role_cmd.rc == 0
+  retries: 20
+  delay: 45
+  changed_when: false
+
+- name: Load parsed secrets into cluster vault
+  vault_load_parsed_secrets:
+    vault_policies: "{{ vault_policies }}"
+    parsed_secrets: "{{ parsed_secrets }}"
diff --git a/ansible/roles/vault_utils/tasks/push_secrets.yaml b/ansible/roles/vault_utils/tasks/push_secrets.yaml
index 31d2878b4..7954dc47f 100644
--- a/ansible/roles/vault_utils/tasks/push_secrets.yaml
+++ b/ansible/roles/vault_utils/tasks/push_secrets.yaml
@@ -1,6 +1,4 @@
 ---
-- name: Vault pre checks
-  ansible.builtin.include_tasks: pre_check.yaml
 - name: Vault status check
   ansible.builtin.include_tasks: vault_status.yaml
 
diff --git a/ansible/roles/vault_utils/tasks/vault_init.yaml b/ansible/roles/vault_utils/tasks/vault_init.yaml
index 16ce73df9..38e1e9113 100644
--- a/ansible/roles/vault_utils/tasks/vault_init.yaml
+++ b/ansible/roles/vault_utils/tasks/vault_init.yaml
@@ -1,6 +1,4 @@
 ---
-- name: Vault pre checks
-  ansible.builtin.include_tasks: pre_check.yaml
 - name: Vault status check
   ansible.builtin.include_tasks: vault_status.yaml
 
diff --git a/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml b/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml
index 7e0741aa6..35327d58b 100644
--- a/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml
+++ b/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml
@@ -1,7 +1,4 @@
 ---
-- name: Vault pre checks
-  ansible.builtin.include_tasks: pre_check.yaml
-
 - name: Is secrets backend already enabled
   kubernetes.core.k8s_exec:
     namespace: "{{ vault_ns }}"
diff --git a/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml b/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml
index d4310e7fe..e930252a8 100644
--- a/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml
+++ b/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml
@@ -1,7 +1,4 @@
 ---
-- name: Vault pre checks
-  ansible.builtin.include_tasks: pre_check.yaml
-
 - name: Find managed clusters
   kubernetes.core.k8s_info:
     kind: ManagedCluster
diff --git a/ansible/roles/vault_utils/tasks/vault_unseal.yaml b/ansible/roles/vault_utils/tasks/vault_unseal.yaml
index 862f19d8c..43232ac7b 100644
--- a/ansible/roles/vault_utils/tasks/vault_unseal.yaml
+++ b/ansible/roles/vault_utils/tasks/vault_unseal.yaml
@@ -1,6 +1,4 @@
 ---
-- name: Vault pre checks
-  ansible.builtin.include_tasks: pre_check.yaml
 - name: Vault status check
   ansible.builtin.include_tasks: vault_status.yaml
 
diff --git a/ansible/roles/vault_utils/values-secrets.v2.schema.json b/ansible/roles/vault_utils/values-secrets.v2.schema.json
index c9723d6f0..c8b5c0209 100644
--- a/ansible/roles/vault_utils/values-secrets.v2.schema.json
+++ b/ansible/roles/vault_utils/values-secrets.v2.schema.json
@@ -10,7 +10,7 @@
   "title": "Hybrid Cloud Patterns - values-secret.yaml files schema V2",
   "description": "This schema defines the values-secret.yaml file as used by [Validated Patterns](https://hybrid-cloud-patterns.io)",
   "type": "object",
-  "examples": [ 
+  "examples": [
     {
       "version": "2.0",
       "backingStore": "vault",
@@ -105,6 +105,19 @@
           "$ref": "#/definitions/VaultPolicies",
           "description": "A dictionary of {name}:{policy} of custom vault password policies"
         },
+        "secretStoreNamespace": {
+          "type": "string",
+          "description": "Namespace to store secrets in for kubernetes loader",
+          "default": "validated-patterns-secrets"
+        },
+        "defaultLabels": {
+          "type": "object",
+          "description": "Default labels to add to secret objects for kubernetes loader"
+        },
+        "defaultAnnotations": {
+          "type": "object",
+          "description": "Default labels to add to secret objects for kubernetes loader"
+        },
         "secrets": {
           "$ref": "#/definitions/Secrets",
           "description": "The list of actual secrets to be uploaded in the vault"
@@ -166,6 +179,23 @@
           },
           "default": [ "hub" ]
         },
+        "targetNamespaces": {
+          "type": "array",
+          "description": "The namespace(s) that the secret will be injected into, ignored by configs using ESO",
+          "items": {
+            "type": "string",
+            "minItems": 1,
+            "uniqueItems": true
+          }
+        },
+        "annotations": {
+          "type": "object",
+          "description": "Annotations to add to the kubernetes secret object, which override defaults"
+        },
+        "labels": {
+          "type": "object",
+          "description": "Labels to add to the kubernetes secret object, which override defaults"
+        },
         "fields": {
           "type": "array",
           "description": "This is the list of actual secret material that will be placed in a vault key's attributes",
diff --git a/ansible/tests/unit/test_parse_secrets.py b/ansible/tests/unit/test_parse_secrets.py
new file mode 100644
index 000000000..0cfef1b62
--- /dev/null
+++ b/ansible/tests/unit/test_parse_secrets.py
@@ -0,0 +1,981 @@
+# Copyright 2022, 2023 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Simple module to test parse_secret_info
+"""
+
+import base64
+import configparser
+import json
+import os
+import sys
+import unittest
+from unittest import mock
+from unittest.mock import patch
+
+from ansible.module_utils import basic
+from ansible.module_utils.common.text.converters import to_bytes
+from test_util_datastructures import (
+    DEFAULT_KUBERNETES_METADATA,
+    DEFAULT_KUBERNETES_SECRET_OBJECT,
+    DEFAULT_PARSED_SECRET_VALUE,
+    DEFAULT_VAULT_POLICIES,
+)
+
+# from unittest.mock import call, patch
+
+# TODO(bandini): I could not come up with something better to force the imports to be existing
+# when we "import parse_secrets_info"
+sys.path.insert(1, "./ansible/plugins/module_utils")
+sys.path.insert(1, "./ansible/plugins/modules")
+
+import load_secrets_common  # noqa: E402
+
+sys.modules["ansible.module_utils.load_secrets_common"] = load_secrets_common
+
+import parse_secrets_v2  # noqa: E402
+
+sys.modules["ansible.module_utils.parse_secrets_v2"] = parse_secrets_v2
+
+import parse_secrets_info  # noqa: E402
+
+sys.modules["ansible.modules.parse_secrets_info"] = parse_secrets_info
+
+
+def set_module_args(args):
+    """prepare arguments so that they will be picked up during module creation"""
+    args = json.dumps({"ANSIBLE_MODULE_ARGS": args})
+    basic._ANSIBLE_ARGS = to_bytes(args)
+
+
+class BytesEncoder(json.JSONEncoder):
+    def default(self, o):
+        if isinstance(o, bytes):
+            return base64.b64encode(o).decode("ascii")
+        else:
+            return super().default(o)
+
+
+def json_str(a):
+    return json.dumps(a, sort_keys=True, cls=BytesEncoder)
+
+
+def ds_eq(a, b):
+    """
+    This function takes two arbitrary data structures, sorts their keys, stringifies them into JSON
+    and compares them. The idea here is to test data structure difference without having to write
+    an involved recursive data structure parser. If the function returns true, the two data
+    structures are equal.
+    """
+    print("a=" + json_str(a))
+    print("b=" + json_str(b))
+    return json_str(a) == json_str(b)
+
+
+class AnsibleExitJson(Exception):
+    """Exception class to be raised by module.exit_json and caught by the test case"""
+
+    pass
+
+
+class AnsibleFailJson(Exception):
+    """Exception class to be raised by module.fail_json and caught by the test case"""
+
+    pass
+
+
+def exit_json(*args, **kwargs):
+    """function to patch over exit_json; package return data into an exception"""
+    if "changed" not in kwargs:
+        kwargs["changed"] = False
+    raise AnsibleExitJson(kwargs)
+
+
+def fail_json(*args, **kwargs):
+    """function to patch over fail_json; package return data into an exception"""
+    kwargs["failed"] = True
+    kwargs["args"] = args
+    raise AnsibleFailJson(kwargs)
+
+
+@mock.patch("getpass.getpass")
+class TestMyModule(unittest.TestCase):
+    def create_inifile(self):
+        self.inifile = open("/tmp/awscredentials", "w")
+        config = configparser.ConfigParser()
+        config["default"] = {
+            "aws_access_key_id": "123123",
+            "aws_secret_access_key": "abcdefghi",
+        }
+        config["foobar"] = {
+            "aws_access_key_id": "345345",
+            "aws_secret_access_key": "rstuvwxyz",
+        }
+        with self.inifile as configfile:
+            config.write(configfile)
+
+    def create_testbinfile(self):
+        with open(self.binfilename, "wb") as f:
+            f.write(bytes([8, 6, 7, 5, 3, 0, 9]))
+            f.close()
+
+    def setUp(self):
+        self.binfilename = "/tmp/testbinfile.bin"
+        self.mock_module_helper = patch.multiple(
+            basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json
+        )
+        self.mock_module_helper.start()
+        self.addCleanup(self.mock_module_helper.stop)
+        self.testdir_v2 = os.path.join(os.path.dirname(os.path.abspath(__file__)), "v2")
+        self.testfile = open("/tmp/ca.crt", "w")
+        self.create_inifile()
+        self.create_testbinfile()
+        # For ~/expanduser tests
+        self.orig_home = os.environ["HOME"]
+        os.environ["HOME"] = self.testdir_v2
+
+    def tearDown(self):
+        os.environ["HOME"] = self.orig_home
+        self.testfile.close()
+        try:
+            os.remove("/tmp/ca.crt")
+            os.remove(self.binfilename)
+            # os.remove("/tmp/awscredentials")
+        except OSError:
+            pass
+
+    def get_file_as_stdout(self, filename, openmode="r"):
+        with open(filename, mode=openmode, encoding="utf-8") as f:
+            return f.read()
+
+    def test_module_fail_when_required_args_missing(self, getpass):
+        with self.assertRaises(AnsibleFailJson):
+            set_module_args({})
+            parse_secrets_info.main()
+
+    def test_module_parse_base(self, getpass):
+        getpass.return_value = "/tmp/ca.crt"
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-base.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = result.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"])) == 1
+            and (len(ret["kubernetes_secret_objects"]) == 0)
+        )
+
+    def test_module_parse_base_parsed_secrets(self, getpass):
+        getpass.return_value = "/tmp/ca.crt"
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-base.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                }
+            )
+            parse_secrets_info.main()
+
+        vp = DEFAULT_VAULT_POLICIES | {
+            "basicPolicy": 'length=10\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\n',  # noqa: E501
+            "advancedPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n',  # noqa: E501
+        }
+
+        # Beware reading this structure aloud to your cat...
+        pspsps = {
+            "config-demo": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "config-demo",
+                "fields": {
+                    "secret": None,
+                    "secret2": "/tmp/ca.crt",
+                    "ca_crt": "",
+                    "ca_crt2": "",
+                },
+                "base64": ["ca_crt2"],
+                "generate": ["secret"],
+                "override": ["secret"],
+                "vault_policies": {
+                    "secret": "basicPolicy",
+                },
+                "vault_prefixes": [
+                    "region-one",
+                    "snowflake.blueprints.rhecoeng.com",
+                ],
+                "paths": {
+                    "ca_crt": "/tmp/ca.crt",
+                    "ca_crt2": "/tmp/ca.crt",
+                },
+            },
+        }
+
+        ret = result.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (ds_eq(vp, ret["vault_policies"]))
+            and (ds_eq(pspsps, ret["parsed_secrets"]))
+        )
+
+    def test_module_parsed_secret_ini_files(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-ini-file.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                }
+            )
+            parse_secrets_info.main()
+
+        ps = {
+            "aws": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "aws",
+                "fields": {
+                    "aws_access_key_id": "123123",
+                    "aws_secret_access_key": "abcdefghi",
+                },
+                "ini_file": {
+                    "aws_access_key_id": {
+                        "ini_file": "/tmp/awscredentials",
+                        "ini_section": "default",
+                        "ini_key": "aws_access_key_id",
+                    },
+                    "aws_secret_access_key": {
+                        "ini_file": "/tmp/awscredentials",
+                        "ini_section": "default",
+                        "ini_key": "aws_secret_access_key",
+                    },
+                },
+            },
+            "awsfoobar": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "awsfoobar",
+                "fields": {
+                    "aws_access_key_id": "345345",
+                    "aws_secret_access_key": "rstuvwxyz",
+                },
+                "ini_file": {
+                    "aws_access_key_id": {
+                        "ini_file": "/tmp/awscredentials",
+                        "ini_section": "foobar",
+                        "ini_key": "aws_access_key_id",
+                    },
+                    "aws_secret_access_key": {
+                        "ini_file": "/tmp/awscredentials",
+                        "ini_section": "foobar",
+                        "ini_key": "aws_secret_access_key",
+                    },
+                },
+            },
+        }
+
+        ret = result.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"]) == 2)
+            and (ds_eq(ps, ret["parsed_secrets"]))
+        )
+
+    def test_module_parsed_secret_ini_files_base64(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-ini-file-b64.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                }
+            )
+            parse_secrets_info.main()
+
+        ps = {
+            "aws": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "aws",
+                "fields": {
+                    "aws_access_key_id": "A123456789012345678A",
+                    "aws_secret_access_key": "A12345678901234567890123456789012345678A",
+                },
+                "ini_file": {
+                    "aws_access_key_id": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_access_key_id",
+                    },
+                    "aws_secret_access_key": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_secret_access_key",
+                    },
+                },
+            },
+            "awsb64": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "awsb64",
+                "fields": {
+                    "aws_access_key_id": "QTEyMzQ1Njc4OTAxMjM0NTY3OEE=",
+                    "aws_secret_access_key": "QTEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4QQ==",
+                },
+                "base64": [
+                    "aws_access_key_id",
+                    "aws_secret_access_key",
+                ],
+                "ini_file": {
+                    "aws_access_key_id": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_access_key_id",
+                    },
+                    "aws_secret_access_key": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_secret_access_key",
+                    },
+                },
+            },
+        }
+
+        ret = result.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"]) == 2)
+            and (len(ret["kubernetes_secret_objects"]) == 0)
+            and (ds_eq(ps, ret["parsed_secrets"]))
+        )
+
+    def test_module_parsed_secret_ini_files_base64_kubernetes(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-ini-file-b64.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+
+        ps = {
+            "aws": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "aws",
+                "fields": {
+                    "aws_access_key_id": "A123456789012345678A",
+                    "aws_secret_access_key": "A12345678901234567890123456789012345678A",
+                },
+                "ini_file": {
+                    "aws_access_key_id": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_access_key_id",
+                    },
+                    "aws_secret_access_key": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_secret_access_key",
+                    },
+                },
+            },
+            "awsb64": DEFAULT_PARSED_SECRET_VALUE
+            | {
+                "name": "awsb64",
+                "fields": {
+                    "aws_access_key_id": "QTEyMzQ1Njc4OTAxMjM0NTY3OEE=",
+                    "aws_secret_access_key": "QTEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4QQ==",
+                },
+                "base64": [
+                    "aws_access_key_id",
+                    "aws_secret_access_key",
+                ],
+                "ini_file": {
+                    "aws_access_key_id": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_access_key_id",
+                    },
+                    "aws_secret_access_key": {
+                        "ini_file": f"{os.environ['HOME']}/aws-example.ini",
+                        "ini_section": "default",
+                        "ini_key": "aws_secret_access_key",
+                    },
+                },
+            },
+        }
+
+        ret = result.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"]) == 2)
+            and (len(ret["kubernetes_secret_objects"]) == 2)
+            and (ds_eq(ps, ret["parsed_secrets"]))
+        )
+
+    def test_module_default_labels(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-default-labels.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = result.exception.args[0]
+        self.assertTrue(
+            ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                        "labels": {"testlabel": "4"},
+                        "namespace": "validated-patterns-secrets",
+                    },
+                    "stringData": {"username": "user"},
+                },
+            )
+        )
+
+    def test_module_override_labels(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-override-labels.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                        "labels": {"overridelabel": "42"},
+                    },
+                    "stringData": {"username": "user"},
+                },
+            )
+        )
+
+    def test_module_override_namespace(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-override-namespace.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                        "namespace": "overridden-namespace",
+                    },
+                    "stringData": {"username": "user"},
+                },
+            )
+        )
+
+    def test_module_none_extra_namespaces(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-more-namespaces.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "none",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 2
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                        "namespace": "default",
+                    },
+                    "stringData": {"username": "user"},
+                },
+            )
+            and ds_eq(
+                ret["kubernetes_secret_objects"][1],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                        "namespace": "extra",
+                    },
+                    "stringData": {"username": "user"},
+                },
+            )
+        )
+
+    def test_module_override_type_kubernetes(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-override-type.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "type": "user-specified",
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                    },
+                    "stringData": {"username": "user"},
+                },
+            )
+        )
+
+    def test_module_override_type_none(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-override-type-none.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "none",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "type": "user-specified",
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {"name": "test-secret", "namespace": "default"},
+                    "stringData": {"username": "user"},
+                },
+            )
+        )
+
+    def test_module_secret_file_contents(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-file-contents.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                    },
+                    "stringData": {"username": "This space intentionally left blank\n"},
+                },
+            )
+        )
+
+    def test_module_secret_file_contents_b64(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-file-contents-b64.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                    },
+                    "stringData": {
+                        "username": "VGhpcyBzcGFjZSBpbnRlbnRpb25hbGx5IGxlZnQgYmxhbmsK"
+                    },
+                },
+            )
+        )
+
+    def test_module_secret_file_contents_double_b64(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(
+                self.testdir_v2, "values-secret-v2-file-contents-double-b64.yaml"
+            )
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "test-secret",
+                    },
+                    "stringData": {
+                        "username": "VkdocGN5QnpjR0ZqWlNCcGJuUmxiblJwYjI1aGJHeDVJR3hsWm5RZ1lteGhibXNL"
+                    },
+                },
+            )
+        )
+
+    def test_module_secret_file_contents_binary_b64(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-secret-binary-b64.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as result:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+        ret = result.exception.args[0]
+
+        # The binary bytes are [ 8, 6, 7, 5, 3, 0, 9 ] (IYKYK)
+        self.assertTrue(
+            len(ret["kubernetes_secret_objects"]) == 1
+            and ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "secret",
+                    },
+                    "stringData": {"secret": "CAYHBQMACQ=="},
+                },
+            )
+        )
+
+    def test_ensure_success_retrieving_block_yaml_policy(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-defaultvp-policy.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            ds_eq(
+                ret["vault_policies"],
+                {
+                    "basicPolicy": 'length=10\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\n',  # noqa: E501
+                    "validatedPatternDefaultPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n',  # noqa: E501
+                },
+            )
+        )
+
+    def test_ensure_success_retrieving_block_yaml_value(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-block-yamlstring.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            ds_eq(
+                ret["parsed_secrets"],
+                {
+                    "config-demo": DEFAULT_PARSED_SECRET_VALUE
+                    | {
+                        "fields": {
+                            "sshprivkey": "ssh-rsa oNb/kAvwdQl+FKdwzzKo5rnGIB68UOxWoaKPnKdgF/ts67CDBslWGnpUZCpp8TdaxfHmpoyA6nutMwQw8OAMEUybxvilDn+ZVJ/5qgfRBdi8wLKRLTIj0v+ZW7erN9yuZG53xUQAaQjivM3cRyNLIZ9torShYaYwD1UTTDkV97RMfNDlWI5f5FGRvfy429ZfCwbUWUbijrcv/mWc/uO3x/+MBXwa4f8ubzEYlrt4yH/Vbpzs67kE9UJ9z1zurFUFJydy1ZDAdKSiBS91ImI3ccKnbz0lji2bgSYR0Wp1IQhzSpjyJU2rIu9HAEUh85Rwf2jakfLpMcg/hSBer3sG  kilroy@example.com",  # noqa: E501
+                            "sshpubkey": "-----BEGIN OPENSSH PRIVATE KEY-----\nTtzxGgWrNerAr1hzUqPW2xphF/Aur1rQXSLv4J7frEJxNED6u/eScsNgwJMGXwRx7QYVohh0ARHVhJdUzJK7pEIphi4BGw==\nwlo+oQsi828b47SKZB8/K9dbeLlLiXh9/hu47MGpeGHZsKbjAdauncuw+YUDDN2EADJjasNMZHjxYhXKtqDjXTIw1X1n0Q==\n-----END OPENSSH PRIVATE KEY-----",  # noqa: E501
+                        },
+                        "name": "config-demo",
+                    }
+                },
+            )
+        )
+
+    def test_ensure_kubernetes_object_block_yaml_value(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-block-yamlstring.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            ds_eq(
+                ret["kubernetes_secret_objects"][0],
+                DEFAULT_KUBERNETES_SECRET_OBJECT
+                | {
+                    "metadata": DEFAULT_KUBERNETES_METADATA
+                    | {
+                        "name": "config-demo",
+                    },
+                    "stringData": {
+                        "sshprivkey": "ssh-rsa oNb/kAvwdQl+FKdwzzKo5rnGIB68UOxWoaKPnKdgF/ts67CDBslWGnpUZCpp8TdaxfHmpoyA6nutMwQw8OAMEUybxvilDn+ZVJ/5qgfRBdi8wLKRLTIj0v+ZW7erN9yuZG53xUQAaQjivM3cRyNLIZ9torShYaYwD1UTTDkV97RMfNDlWI5f5FGRvfy429ZfCwbUWUbijrcv/mWc/uO3x/+MBXwa4f8ubzEYlrt4yH/Vbpzs67kE9UJ9z1zurFUFJydy1ZDAdKSiBS91ImI3ccKnbz0lji2bgSYR0Wp1IQhzSpjyJU2rIu9HAEUh85Rwf2jakfLpMcg/hSBer3sG  kilroy@example.com",  # noqa: E501
+                        "sshpubkey": "-----BEGIN OPENSSH PRIVATE KEY-----\nTtzxGgWrNerAr1hzUqPW2xphF/Aur1rQXSLv4J7frEJxNED6u/eScsNgwJMGXwRx7QYVohh0ARHVhJdUzJK7pEIphi4BGw==\nwlo+oQsi828b47SKZB8/K9dbeLlLiXh9/hu47MGpeGHZsKbjAdauncuw+YUDDN2EADJjasNMZHjxYhXKtqDjXTIw1X1n0Q==\n-----END OPENSSH PRIVATE KEY-----",  # noqa: E501
+                    },
+                },
+            )
+        )
+
+    def test_ensure_kubernetes_backend_allowed(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-base-k8s-backend.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertFalse(ret["failed"])
+
+    def test_ensure_none_backend_allowed(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-base-none-backend.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "none",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertFalse(ret["failed"])
+
+    def test_ensure_error_conflicting_backends(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-base-k8s-backend.yaml")
+        )
+        with self.assertRaises(AnsibleFailJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertEqual(ret["failed"], True)
+        assert (
+            ret["args"][1]
+            == "Secrets file specifies 'kubernetes' backend but pattern config specifies 'vault'."
+        )
+
+    def test_ensure_error_unknown_backends(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-base-unknown-backend.yaml")
+        )
+        with self.assertRaises(AnsibleFailJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "unknown",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertEqual(ret["failed"], True)
+        assert (
+            ret["args"][1]
+            == "Currently only the 'vault', 'kubernetes' and 'none' backingStores are supported: unknown"
+        )
+
+    def test_ensure_error_secrets_same_name(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-same-secret-names.yaml")
+        )
+        with self.assertRaises(AnsibleFailJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertEqual(ret["failed"], True)
+        assert (
+            ret["args"][1] == "You cannot have duplicate secret names: ['config-demo']"
+        )
+
+    def test_ensure_error_fields_same_name(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-same-field-names.yaml")
+        )
+        with self.assertRaises(AnsibleFailJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertEqual(ret["failed"], True)
+        assert ret["args"][1] == "You cannot have duplicate field names: ['secret']"
+
+    def test_ensure_generate_errors_on_kubernetes(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-generic-onlygenerate.yaml")
+        )
+        with self.assertRaises(AnsibleFailJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "kubernetes",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertEqual(ret["failed"], True)
+        assert (
+            ret["args"][1]
+            == "You cannot have onMissingValue set to 'generate' unless using vault backingstore for secret config-demo field secret"  # noqa: E501
+        )
+
+    def test_ensure_generate_errors_on_none_generate(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-generic-onlygenerate.yaml")
+        )
+        with self.assertRaises(AnsibleFailJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "none",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertEqual(ret["failed"], True)
+        assert (
+            ret["args"][1]
+            == "You cannot have onMissingValue set to 'generate' unless using vault backingstore for secret config-demo field secret"  # noqa: E501
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/ansible/tests/unit/test_util_datastructures.py b/ansible/tests/unit/test_util_datastructures.py
new file mode 100644
index 000000000..11d7cdaec
--- /dev/null
+++ b/ansible/tests/unit/test_util_datastructures.py
@@ -0,0 +1,205 @@
+DEFAULT_PARSED_SECRET_VALUE = {
+    "name": "overwrite-me",
+    "fields": {},
+    "base64": [],
+    "ini_file": {},
+    "generate": [],
+    "override": [],
+    "vault_mount": "secret",
+    "vault_policies": {},
+    "vault_prefixes": ["hub"],
+    "type": "Opaque",
+    "target_namespaces": [],
+    "labels": {},
+    "annotations": {},
+    "paths": {},
+}
+
+DEFAULT_KUBERNETES_METADATA = {
+    "name": "overwrite-me",
+    "labels": {},
+    "annotations": {},
+    "namespace": "validated-patterns-secrets",
+}
+DEFAULT_KUBERNETES_SECRET_OBJECT = {
+    "kind": "Secret",
+    "type": "Opaque",
+    "apiVersion": "v1",
+    "metadata": DEFAULT_KUBERNETES_METADATA,
+    "stringData": {},
+}
+
+DEFAULT_VAULT_POLICIES = {
+    "validatedPatternDefaultPolicy": (
+        "length=20\n"
+        'rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\n'  # noqa: E501
+        'rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\n'  # noqa: E501
+        'rule "charset" { charset = "0123456789" min-chars = 1 }\n'
+        'rule "charset" { charset = "!@#%^&*" min-chars = 1 }\n'
+    ),
+}
+
+GENERATE_POLICY_B64_TEST = {
+    "vault_policies": {
+        "basicPolicy": 'length=10\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\n',  # noqa: E501
+        "validatedPatternDefaultPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n',  # noqa: E501
+    },
+    "parsed_secrets": {
+        "config-demo": {
+            "annotations": {},
+            "base64": ["secret"],
+            "fields": {"secret": None},
+            "generate": ["secret"],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo",
+            "namespace": "validated-patterns-secrets",
+            "override": ["secret"],
+            "paths": {},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {"secret": "basicPolicy"},
+            "vault_prefixes": ["region-one", "snowflake.blueprints.rhecoeng.com"],
+        }
+    },
+}
+
+PARSED_SECRET_VALUE_TEST = {
+    "parsed_secrets": {
+        "config-demo": {
+            "annotations": {},
+            "base64": [],
+            "fields": {"secret": "value123"},
+            "generate": [],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo",
+            "namespace": "validated-patterns-secrets",
+            "override": [],
+            "paths": {},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {},
+            "vault_prefixes": ["hub"],
+        }
+    },
+    "vault_policies": {
+        "validatedPatternDefaultPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n'  # noqa: E501
+    },
+}
+
+PARSED_SECRET_B64_VALUE_TEST = {
+    "parsed_secrets": {
+        "config-demo": {
+            "annotations": {},
+            "base64": ["secret"],
+            "fields": {"secret": "dmFsdWUxMjMK"},
+            "generate": [],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo",
+            "namespace": "validated-patterns-secrets",
+            "override": [],
+            "paths": {},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {},
+            "vault_prefixes": ["hub"],
+        }
+    },
+    "vault_policies": {
+        "validatedPatternDefaultPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n'  # noqa: E501
+    },
+}
+
+PARSED_SECRET_FILE_INJECTION_TEST = {
+    "parsed_secrets": {
+        "config-demo": {
+            "annotations": {},
+            "base64": [],
+            "fields": {"secret": "value123"},
+            "generate": [],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo",
+            "namespace": "validated-patterns-secrets",
+            "override": [],
+            "paths": {},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {},
+            "vault_prefixes": [
+                "secret/region-one",
+                "secret/snowflake.blueprints.rhecoeng.com",
+            ],
+        },
+        "config-demo-file": {
+            "annotations": {},
+            "base64": [],
+            "fields": {"test": ""},
+            "generate": [],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo-file",
+            "namespace": "validated-patterns-secrets",
+            "override": [],
+            "paths": {"test": "/tmp/footest"},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {},
+            "vault_prefixes": [
+                "secret/region-two",
+                "secret/snowflake.blueprints.rhecoeng.com",
+            ],
+        },
+    },
+    "vault_policies": {
+        "validatedPatternDefaultPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n'  # noqa: 501
+    },
+}
+
+PARSED_SECRET_FILE_B64_INJECTION_TEST = {
+    "parsed_secrets": {
+        "config-demo": {
+            "annotations": {},
+            "base64": [],
+            "fields": {"secret": "value123"},
+            "generate": [],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo",
+            "namespace": "validated-patterns-secrets",
+            "override": [],
+            "paths": {},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {},
+            "vault_prefixes": [
+                "secret/region-one",
+                "secret/snowflake.blueprints.rhecoeng.com",
+            ],
+        },
+        "config-demo-file": {
+            "annotations": {},
+            "base64": ["test"],
+            "fields": {"test": ""},
+            "generate": [],
+            "ini_file": {},
+            "labels": {},
+            "name": "config-demo-file",
+            "namespace": "validated-patterns-secrets",
+            "override": [],
+            "paths": {"test": "/tmp/footest"},
+            "type": "Opaque",
+            "vault_mount": "secret",
+            "vault_policies": {},
+            "vault_prefixes": [
+                "secret/region-two",
+                "secret/snowflake.blueprints.rhecoeng.com",
+            ],
+        },
+    },
+    "vault_policies": {
+        "validatedPatternDefaultPolicy": 'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n'  # noqa: 501
+    },
+}
diff --git a/ansible/tests/unit/test_vault_load_parsed_secrets.py b/ansible/tests/unit/test_vault_load_parsed_secrets.py
new file mode 100644
index 000000000..ca37de940
--- /dev/null
+++ b/ansible/tests/unit/test_vault_load_parsed_secrets.py
@@ -0,0 +1,320 @@
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Simple module to test vault_load_parsed_secrets
+"""
+
+import json
+import os
+import sys
+import unittest
+from unittest.mock import call, patch
+
+import test_util_datastructures
+from ansible.module_utils import basic
+from ansible.module_utils.common.text.converters import to_bytes
+
+# TODO(bandini): I could not come up with something better to force the imports to be existing
+# when we 'import vault_load_secrets'
+sys.path.insert(1, "./ansible/plugins/module_utils")
+sys.path.insert(1, "./ansible/plugins/modules")
+
+import vault_load_parsed_secrets  # noqa: E402
+
+sys.modules["ansible.modules.vault_load_parsed_secrets"] = vault_load_parsed_secrets
+
+
+def set_module_args(args):
+    """prepare arguments so that they will be picked up during module creation"""
+    args = json.dumps({"ANSIBLE_MODULE_ARGS": args})
+    basic._ANSIBLE_ARGS = to_bytes(args)
+
+
+class AnsibleExitJson(Exception):
+    """Exception class to be raised by module.exit_json and caught by the test case"""
+
+    pass
+
+
+class AnsibleFailJson(Exception):
+    """Exception class to be raised by module.fail_json and caught by the test case"""
+
+    pass
+
+
+def exit_json(*args, **kwargs):
+    """function to patch over exit_json; package return data into an exception"""
+    if "changed" not in kwargs:
+        kwargs["changed"] = False
+    raise AnsibleExitJson(kwargs)
+
+
+def fail_json(*args, **kwargs):
+    """function to patch over fail_json; package return data into an exception"""
+    kwargs["failed"] = True
+    kwargs["args"] = args
+    raise AnsibleFailJson(kwargs)
+
+
+class TestMyModule(unittest.TestCase):
+    def setUp(self):
+        self.mock_module_helper = patch.multiple(
+            basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json
+        )
+        self.mock_module_helper.start()
+        self.addCleanup(self.mock_module_helper.stop)
+        self.testdir_v2 = os.path.join(os.path.dirname(os.path.abspath(__file__)), "v2")
+
+    def tearDown(self):
+        return
+
+    def test_module_fail_when_required_args_missing(self):
+        with self.assertRaises(AnsibleFailJson):
+            set_module_args({})
+            vault_load_parsed_secrets.main()
+
+    # For these tests, we need the data structures that parse_secrets_info outputs.
+    # Several have been saved in the test_util_datastructures module for this purpose
+    def test_ensure_value_injection_works(self):
+        set_module_args(
+            {
+                "parsed_secrets": test_util_datastructures.PARSED_SECRET_VALUE_TEST[
+                    "parsed_secrets"
+                ],
+                "vault_policies": test_util_datastructures.PARSED_SECRET_VALUE_TEST[
+                    "vault_policies"
+                ],
+            }
+        )
+        with patch.object(
+            vault_load_parsed_secrets.VaultSecretLoader, "_run_command"
+        ) as mock_run_command:
+            stdout = ""
+            stderr = ""
+            ret = 0
+            mock_run_command.return_value = ret, stdout, stderr  # successful execution
+
+            with self.assertRaises(AnsibleExitJson) as result:
+                vault_load_parsed_secrets.main()
+            self.assertTrue(
+                result.exception.args[0]["changed"]
+            )  # ensure result is changed
+            assert mock_run_command.call_count == 2
+
+        calls = [
+            call(
+                'echo \'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n\' | oc exec -n vault vault-0 -i -- sh -c \'cat - > /tmp/validatedPatternDefaultPolicy.hcl\';oc exec -n vault vault-0 -i -- sh -c \'vault write sys/policies/password/validatedPatternDefaultPolicy  policy=@/tmp/validatedPatternDefaultPolicy.hcl\'',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "oc exec -n vault vault-0 -i -- sh -c \"vault kv put -mount=secret hub/config-demo secret='value123'\"",
+                attempts=3,
+            ),
+        ]
+        print(mock_run_command.mock_calls)
+        mock_run_command.assert_has_calls(calls)
+
+    def test_ensure_b64_value_injection_works(self):
+        set_module_args(
+            {
+                "parsed_secrets": test_util_datastructures.PARSED_SECRET_B64_VALUE_TEST[
+                    "parsed_secrets"
+                ],
+                "vault_policies": test_util_datastructures.PARSED_SECRET_B64_VALUE_TEST[
+                    "vault_policies"
+                ],
+            }
+        )
+        with patch.object(
+            vault_load_parsed_secrets.VaultSecretLoader, "_run_command"
+        ) as mock_run_command:
+            stdout = ""
+            stderr = ""
+            ret = 0
+            mock_run_command.return_value = ret, stdout, stderr  # successful execution
+
+            with self.assertRaises(AnsibleExitJson) as result:
+                vault_load_parsed_secrets.main()
+            self.assertTrue(
+                result.exception.args[0]["changed"]
+            )  # ensure result is changed
+            assert mock_run_command.call_count == 2
+
+        calls = [
+            call(
+                'echo \'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n\' | oc exec -n vault vault-0 -i -- sh -c \'cat - > /tmp/validatedPatternDefaultPolicy.hcl\';oc exec -n vault vault-0 -i -- sh -c \'vault write sys/policies/password/validatedPatternDefaultPolicy  policy=@/tmp/validatedPatternDefaultPolicy.hcl\'',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "oc exec -n vault vault-0 -i -- sh -c \"vault kv put -mount=secret hub/config-demo secret='dmFsdWUxMjMK'\"",  # noqa: E501
+                attempts=3,
+            ),
+        ]
+        print(mock_run_command.mock_calls)
+        mock_run_command.assert_has_calls(calls)
+
+    def test_ensure_file_injection_works(self):
+        set_module_args(
+            {
+                "parsed_secrets": test_util_datastructures.PARSED_SECRET_FILE_INJECTION_TEST[
+                    "parsed_secrets"
+                ],
+                "vault_policies": test_util_datastructures.PARSED_SECRET_FILE_INJECTION_TEST[
+                    "vault_policies"
+                ],
+            }
+        )
+        with patch.object(
+            vault_load_parsed_secrets.VaultSecretLoader, "_run_command"
+        ) as mock_run_command:
+            stdout = ""
+            stderr = ""
+            ret = 0
+            mock_run_command.return_value = ret, stdout, stderr  # successful execution
+
+            with self.assertRaises(AnsibleExitJson) as result:
+                vault_load_parsed_secrets.main()
+            self.assertTrue(
+                result.exception.args[0]["changed"]
+            )  # ensure result is changed
+            assert mock_run_command.call_count == 5
+
+        calls = [
+            call(
+                'echo \'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n\' | oc exec -n vault vault-0 -i -- sh -c \'cat - > /tmp/validatedPatternDefaultPolicy.hcl\';oc exec -n vault vault-0 -i -- sh -c \'vault write sys/policies/password/validatedPatternDefaultPolicy  policy=@/tmp/validatedPatternDefaultPolicy.hcl\'',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "oc exec -n vault vault-0 -i -- sh -c \"vault kv put -mount=secret secret/region-one/config-demo secret='value123'\"",  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "oc exec -n vault vault-0 -i -- sh -c \"vault kv put -mount=secret secret/snowflake.blueprints.rhecoeng.com/config-demo secret='value123'\"",  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "cat '/tmp/footest' | oc exec -n vault vault-0 -i -- sh -c 'cat - > /tmp/vcontent'; oc exec -n vault vault-0 -i -- sh -c 'vault kv put -mount=secret secret/region-two/config-demo-file test=@/tmp/vcontent; rm /tmp/vcontent'",  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "cat '/tmp/footest' | oc exec -n vault vault-0 -i -- sh -c 'cat - > /tmp/vcontent'; oc exec -n vault vault-0 -i -- sh -c 'vault kv put -mount=secret secret/snowflake.blueprints.rhecoeng.com/config-demo-file test=@/tmp/vcontent; rm /tmp/vcontent'",  # noqa: E501
+                attempts=3,
+            ),
+        ]
+        print(mock_run_command.mock_calls)
+        mock_run_command.assert_has_calls(calls)
+
+    def test_ensure_file_b64_injection_works(self):
+        set_module_args(
+            {
+                "parsed_secrets": test_util_datastructures.PARSED_SECRET_FILE_B64_INJECTION_TEST[
+                    "parsed_secrets"
+                ],
+                "vault_policies": test_util_datastructures.PARSED_SECRET_FILE_B64_INJECTION_TEST[
+                    "vault_policies"
+                ],
+            }
+        )
+        with patch.object(
+            vault_load_parsed_secrets.VaultSecretLoader, "_run_command"
+        ) as mock_run_command:
+            stdout = ""
+            stderr = ""
+            ret = 0
+            mock_run_command.return_value = ret, stdout, stderr  # successful execution
+
+            with self.assertRaises(AnsibleExitJson) as result:
+                vault_load_parsed_secrets.main()
+            self.assertTrue(
+                result.exception.args[0]["changed"]
+            )  # ensure result is changed
+            assert mock_run_command.call_count == 5
+
+        calls = [
+            call(
+                'echo \'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n\' | oc exec -n vault vault-0 -i -- sh -c \'cat - > /tmp/validatedPatternDefaultPolicy.hcl\';oc exec -n vault vault-0 -i -- sh -c \'vault write sys/policies/password/validatedPatternDefaultPolicy  policy=@/tmp/validatedPatternDefaultPolicy.hcl\'',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "oc exec -n vault vault-0 -i -- sh -c \"vault kv put -mount=secret secret/region-one/config-demo secret='value123'\"",  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "oc exec -n vault vault-0 -i -- sh -c \"vault kv put -mount=secret secret/snowflake.blueprints.rhecoeng.com/config-demo secret='value123'\"",  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "cat '/tmp/footest' | oc exec -n vault vault-0 -i -- sh -c 'cat - | base64 --wrap=0> /tmp/vcontent'; oc exec -n vault vault-0 -i -- sh -c 'vault kv put -mount=secret secret/region-two/config-demo-file test=@/tmp/vcontent; rm /tmp/vcontent'",  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                "cat '/tmp/footest' | oc exec -n vault vault-0 -i -- sh -c 'cat - | base64 --wrap=0> /tmp/vcontent'; oc exec -n vault vault-0 -i -- sh -c 'vault kv put -mount=secret secret/snowflake.blueprints.rhecoeng.com/config-demo-file test=@/tmp/vcontent; rm /tmp/vcontent'",  # noqa: E501
+                attempts=3,
+            ),
+        ]
+        print(mock_run_command.mock_calls)
+        mock_run_command.assert_has_calls(calls)
+
+    def test_ensure_b64_generate_passwords_works(self):
+        set_module_args(
+            {
+                "parsed_secrets": test_util_datastructures.GENERATE_POLICY_B64_TEST[
+                    "parsed_secrets"
+                ],
+                "vault_policies": test_util_datastructures.GENERATE_POLICY_B64_TEST[
+                    "vault_policies"
+                ],
+            }
+        )
+        with patch.object(
+            vault_load_parsed_secrets.VaultSecretLoader, "_run_command"
+        ) as mock_run_command:
+            stdout = ""
+            stderr = ""
+            ret = 0
+            mock_run_command.return_value = ret, stdout, stderr  # successful execution
+
+            with self.assertRaises(AnsibleExitJson) as result:
+                vault_load_parsed_secrets.main()
+            self.assertTrue(
+                result.exception.args[0]["changed"]
+            )  # ensure result is changed
+            assert mock_run_command.call_count == 4
+
+        calls = [
+            call(
+                'echo \'length=10\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\n\' | oc exec -n vault vault-0 -i -- sh -c \'cat - > /tmp/basicPolicy.hcl\';oc exec -n vault vault-0 -i -- sh -c \'vault write sys/policies/password/basicPolicy  policy=@/tmp/basicPolicy.hcl\'',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                'echo \'length=20\nrule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }\nrule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }\nrule "charset" { charset = "0123456789" min-chars = 1 }\nrule "charset" { charset = "!@#%^&*" min-chars = 1 }\n\' | oc exec -n vault vault-0 -i -- sh -c \'cat - > /tmp/validatedPatternDefaultPolicy.hcl\';oc exec -n vault vault-0 -i -- sh -c \'vault write sys/policies/password/validatedPatternDefaultPolicy  policy=@/tmp/validatedPatternDefaultPolicy.hcl\'',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                'oc exec -n vault vault-0 -i -- sh -c "vault read -field=password sys/policies/password/basicPolicy/generate | base64 --wrap=0 | vault kv put -mount=secret region-one/config-demo secret=-"',  # noqa: E501
+                attempts=3,
+            ),
+            call(
+                'oc exec -n vault vault-0 -i -- sh -c "vault read -field=password sys/policies/password/basicPolicy/generate | base64 --wrap=0 | vault kv put -mount=secret snowflake.blueprints.rhecoeng.com/config-demo secret=-"',  # noqa: E501
+                attempts=3,
+            ),
+        ]
+        print(mock_run_command.mock_calls)
+        mock_run_command.assert_has_calls(calls)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/ansible/tests/unit/v2/test-file-contents b/ansible/tests/unit/v2/test-file-contents
new file mode 100644
index 000000000..49c9a88c6
--- /dev/null
+++ b/ansible/tests/unit/v2/test-file-contents
@@ -0,0 +1 @@
+This space intentionally left blank
diff --git a/ansible/tests/unit/v2/test-file-contents.b64 b/ansible/tests/unit/v2/test-file-contents.b64
new file mode 100644
index 000000000..da896ba77
--- /dev/null
+++ b/ansible/tests/unit/v2/test-file-contents.b64
@@ -0,0 +1 @@
+VGhpcyBzcGFjZSBpbnRlbnRpb25hbGx5IGxlZnQgYmxhbmsK
\ No newline at end of file
diff --git a/ansible/tests/unit/v2/values-secret-v2-base-k8s-backend.yaml b/ansible/tests/unit/v2/values-secret-v2-base-k8s-backend.yaml
new file mode 100644
index 000000000..7194ebc36
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-base-k8s-backend.yaml
@@ -0,0 +1,9 @@
+version: "2.0"
+
+backingStore: kubernetes
+
+secrets:
+  - name: config-demo
+    fields:
+    - name: secret
+      value: secret
diff --git a/ansible/tests/unit/v2/values-secret-v2-base-none-backend.yaml b/ansible/tests/unit/v2/values-secret-v2-base-none-backend.yaml
new file mode 100644
index 000000000..4e1e3cd2b
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-base-none-backend.yaml
@@ -0,0 +1,11 @@
+version: "2.0"
+
+backingStore: none
+
+secrets:
+  - name: config-demo
+    targetNamespaces:
+      - default
+    fields:
+    - name: secret
+      value: secret
diff --git a/ansible/tests/unit/v2/values-secret-v2-base-unknown-backend.yaml b/ansible/tests/unit/v2/values-secret-v2-base-unknown-backend.yaml
new file mode 100644
index 000000000..e1f4c6d54
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-base-unknown-backend.yaml
@@ -0,0 +1,9 @@
+version: "2.0"
+
+backingStore: unknown
+
+secrets:
+  - name: config-demo
+    fields:
+    - name: secret
+      value: secret
diff --git a/ansible/tests/unit/v2/values-secret-v2-block-yamlstring.yaml b/ansible/tests/unit/v2/values-secret-v2-block-yamlstring.yaml
new file mode 100644
index 000000000..84165f69a
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-block-yamlstring.yaml
@@ -0,0 +1,16 @@
+version: "2.0"
+
+secrets:
+  - name: config-demo
+    fields:
+    - name: sshprivkey
+      onMissingValue: error
+      value: |-
+        ssh-rsa oNb/kAvwdQl+FKdwzzKo5rnGIB68UOxWoaKPnKdgF/ts67CDBslWGnpUZCpp8TdaxfHmpoyA6nutMwQw8OAMEUybxvilDn+ZVJ/5qgfRBdi8wLKRLTIj0v+ZW7erN9yuZG53xUQAaQjivM3cRyNLIZ9torShYaYwD1UTTDkV97RMfNDlWI5f5FGRvfy429ZfCwbUWUbijrcv/mWc/uO3x/+MBXwa4f8ubzEYlrt4yH/Vbpzs67kE9UJ9z1zurFUFJydy1ZDAdKSiBS91ImI3ccKnbz0lji2bgSYR0Wp1IQhzSpjyJU2rIu9HAEUh85Rwf2jakfLpMcg/hSBer3sG  kilroy@example.com
+    - name: sshpubkey
+      onMissingValue: error
+      value: |-
+        -----BEGIN OPENSSH PRIVATE KEY-----
+        TtzxGgWrNerAr1hzUqPW2xphF/Aur1rQXSLv4J7frEJxNED6u/eScsNgwJMGXwRx7QYVohh0ARHVhJdUzJK7pEIphi4BGw==
+        wlo+oQsi828b47SKZB8/K9dbeLlLiXh9/hu47MGpeGHZsKbjAdauncuw+YUDDN2EADJjasNMZHjxYhXKtqDjXTIw1X1n0Q==
+        -----END OPENSSH PRIVATE KEY-----
diff --git a/ansible/tests/unit/v2/values-secret-v2-default-annotations.yaml b/ansible/tests/unit/v2/values-secret-v2-default-annotations.yaml
new file mode 100644
index 000000000..af3e2f9bd
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-default-annotations.yaml
@@ -0,0 +1,13 @@
+---
+version: "2.0"
+
+annotations:
+  test-annotation: 42
+
+secrets:
+  - name: test-secret
+    fields:
+      - name: username
+        value: user
+      - name: password
+        value: testpass
diff --git a/ansible/tests/unit/v2/values-secret-v2-default-labels.yaml b/ansible/tests/unit/v2/values-secret-v2-default-labels.yaml
new file mode 100644
index 000000000..56af65867
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-default-labels.yaml
@@ -0,0 +1,11 @@
+---
+version: "2.0"
+
+defaultLabels:
+  testlabel: 4
+
+secrets:
+  - name: test-secret
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-default-namespace.yaml b/ansible/tests/unit/v2/values-secret-v2-default-namespace.yaml
new file mode 100644
index 000000000..a0f4db63b
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-default-namespace.yaml
@@ -0,0 +1,8 @@
+---
+version: "2.0"
+
+secrets:
+  test-secret:
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-file-contents-b64.yaml b/ansible/tests/unit/v2/values-secret-v2-file-contents-b64.yaml
new file mode 100644
index 000000000..47ed72193
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-file-contents-b64.yaml
@@ -0,0 +1,9 @@
+---
+version: "2.0"
+
+secrets:
+  - name: test-secret
+    fields:
+      - name: username
+        path: ~/test-file-contents
+        base64: true
diff --git a/ansible/tests/unit/v2/values-secret-v2-file-contents-double-b64.yaml b/ansible/tests/unit/v2/values-secret-v2-file-contents-double-b64.yaml
new file mode 100644
index 000000000..3a968ecac
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-file-contents-double-b64.yaml
@@ -0,0 +1,9 @@
+---
+version: "2.0"
+
+secrets:
+  - name: test-secret
+    fields:
+      - name: username
+        path: ~/test-file-contents.b64
+        base64: true
diff --git a/ansible/tests/unit/v2/values-secret-v2-file-contents.yaml b/ansible/tests/unit/v2/values-secret-v2-file-contents.yaml
new file mode 100644
index 000000000..e2da90c20
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-file-contents.yaml
@@ -0,0 +1,8 @@
+---
+version: "2.0"
+
+secrets:
+  - name: test-secret
+    fields:
+      - name: username
+        path: ~/test-file-contents
diff --git a/ansible/tests/unit/v2/values-secret-v2-generic-onlygenerate.yaml b/ansible/tests/unit/v2/values-secret-v2-generic-onlygenerate.yaml
new file mode 100644
index 000000000..46992af14
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-generic-onlygenerate.yaml
@@ -0,0 +1,33 @@
+version: "2.0"
+
+vaultPolicies:
+  basicPolicy: |
+    length=10
+    rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+    rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+    rule "charset" { charset = "0123456789" min-chars = 1 }
+
+  advancedPolicy: |
+    length=20
+    rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+    rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+    rule "charset" { charset = "0123456789" min-chars = 1 }
+    rule "charset" { charset = "!@#%^&*" min-chars = 1 }
+
+secrets:
+  - name: config-demo
+    targetNamespaces:
+      - default
+    vaultMount: foo
+    vaultPrefixes:
+    - region-one
+    - snowflake.blueprints.rhecoeng.com
+    fields:
+    - name: secret
+      onMissingValue: generate
+      override: true
+      vaultPolicy: basicPolicy
+    - name: secret2
+      onMissingValue: generate
+      override: true
+      vaultPolicy: advancedPolicy
diff --git a/ansible/tests/unit/v2/values-secret-v2-ini-file-b64.yaml b/ansible/tests/unit/v2/values-secret-v2-ini-file-b64.yaml
new file mode 100644
index 000000000..ff08d20ac
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-ini-file-b64.yaml
@@ -0,0 +1,23 @@
+version: "2.0"
+secrets:
+  - name: aws
+    fields:
+    - name: aws_access_key_id
+      ini_file: '~/aws-example.ini'
+      ini_section: default
+      ini_key: aws_access_key_id
+    - name: aws_secret_access_key
+      ini_file: '~/aws-example.ini'
+      ini_key: aws_secret_access_key
+  - name: awsb64
+    fields:
+    - name: aws_access_key_id
+      ini_file: '~/aws-example.ini'
+      ini_section: default
+      ini_key: aws_access_key_id
+      base64: true
+    - name: aws_secret_access_key
+      ini_file: '~/aws-example.ini'
+      ini_section: default
+      ini_key: aws_secret_access_key
+      base64: true
diff --git a/ansible/tests/unit/v2/values-secret-v2-more-namespaces.yaml b/ansible/tests/unit/v2/values-secret-v2-more-namespaces.yaml
new file mode 100644
index 000000000..be409af79
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-more-namespaces.yaml
@@ -0,0 +1,11 @@
+---
+version: "2.0"
+
+secrets:
+  - name: test-secret
+    targetNamespaces:
+      - default
+      - extra
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-nondefault-namespace.yaml b/ansible/tests/unit/v2/values-secret-v2-nondefault-namespace.yaml
new file mode 100644
index 000000000..a0f4db63b
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-nondefault-namespace.yaml
@@ -0,0 +1,8 @@
+---
+version: "2.0"
+
+secrets:
+  test-secret:
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-none-no-targetnamespaces.yaml b/ansible/tests/unit/v2/values-secret-v2-none-no-targetnamespaces.yaml
new file mode 100644
index 000000000..2a5ef0b69
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-none-no-targetnamespaces.yaml
@@ -0,0 +1,33 @@
+version: "2.0"
+
+backingStore: vault
+
+vaultPolicies:
+  basicPolicy: |
+    length=10
+    rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+    rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+    rule "charset" { charset = "0123456789" min-chars = 1 }
+
+  advancedPolicy: |
+    length=20
+    rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+    rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+    rule "charset" { charset = "0123456789" min-chars = 1 }
+    rule "charset" { charset = "!@#%^&*" min-chars = 1 }
+
+secrets:
+  - name: config-demo
+    vaultMount: foo
+    vaultPrefixes:
+    - region-one
+    - snowflake.blueprints.rhecoeng.com
+    fields:
+    - name: secret
+      onMissingValue: generate
+      override: true
+      vaultPolicy: basicPolicy
+    - name: secret2
+      onMissingValue: generate
+      override: true
+      vaultPolicy: advancedPolicy
diff --git a/ansible/tests/unit/v2/values-secret-v2-override-labels.yaml b/ansible/tests/unit/v2/values-secret-v2-override-labels.yaml
new file mode 100644
index 000000000..13a460be4
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-override-labels.yaml
@@ -0,0 +1,13 @@
+---
+version: "2.0"
+
+defaultLabels:
+  testlabel: 4
+
+secrets:
+  - name: test-secret
+    labels:
+      overridelabel: 42
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-override-namespace.yaml b/ansible/tests/unit/v2/values-secret-v2-override-namespace.yaml
new file mode 100644
index 000000000..ad53cf778
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-override-namespace.yaml
@@ -0,0 +1,10 @@
+---
+version: "2.0"
+
+secretStoreNamespace: 'overridden-namespace'
+
+secrets:
+  - name: test-secret
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-override-type-none.yaml b/ansible/tests/unit/v2/values-secret-v2-override-type-none.yaml
new file mode 100644
index 000000000..1d1106715
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-override-type-none.yaml
@@ -0,0 +1,14 @@
+---
+version: "2.0"
+
+# This is the actual default
+defaultNamespace: 'validated-patterns-secrets'
+
+secrets:
+  - name: test-secret
+    type: 'user-specified'
+    targetNamespaces:
+      - default
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-override-type.yaml b/ansible/tests/unit/v2/values-secret-v2-override-type.yaml
new file mode 100644
index 000000000..1bf8e369f
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-override-type.yaml
@@ -0,0 +1,12 @@
+---
+version: "2.0"
+
+# This is the actual default
+defaultNamespace: 'validated-patterns-secrets'
+
+secrets:
+  - name: test-secret
+    type: 'user-specified'
+    fields:
+      - name: username
+        value: user
diff --git a/ansible/tests/unit/v2/values-secret-v2-secret-binary-b64.yaml b/ansible/tests/unit/v2/values-secret-v2-secret-binary-b64.yaml
new file mode 100644
index 000000000..579c7d6ed
--- /dev/null
+++ b/ansible/tests/unit/v2/values-secret-v2-secret-binary-b64.yaml
@@ -0,0 +1,10 @@
+version: "2.0"
+
+secrets:
+  - name: secret
+    fields:
+    - name: secret
+      # Should contain 8, 6, 7, 5, 3, 0, 9 in binary
+      path: '/tmp/testbinfile.bin'
+      onMissingValue: error
+      base64: true
diff --git a/clustergroup/templates/imperative/unsealjob.yaml b/clustergroup/templates/imperative/unsealjob.yaml
index d0dbc3c7c..4db14be37 100644
--- a/clustergroup/templates/imperative/unsealjob.yaml
+++ b/clustergroup/templates/imperative/unsealjob.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.global.secretStore.backend "vault" | default "vault" }}
 {{- if not (eq .Values.enabled "plumbing") }}
 {{- if $.Values.clusterGroup.isHubCluster }}
 ---
@@ -56,3 +57,4 @@ spec:
           restartPolicy: Never
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/clustergroup/values.yaml b/clustergroup/values.yaml
index bb3a6e278..c74db48cf 100644
--- a/clustergroup/values.yaml
+++ b/clustergroup/values.yaml
@@ -1,6 +1,8 @@
 global:
   extraValueFiles: []
   pattern: common
+  secretStore:
+    backend: "vault"
   targetRevision: main
   options:
     useCSV: True
diff --git a/golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml b/golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
deleted file mode 100644
index fc0b410f2..000000000
--- a/golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vault-backend
-  namespace: golang-external-secrets
-spec:
-  provider:
-    vault:
-      server: https://vault-vault.{{ .Values.global.hubClusterDomain }}
-      path: secret
-      # Version of KV backend
-      version: v2
-{{- if .Values.golangExternalSecrets.caProvider.enabled }}
-{{ if .Values.clusterGroup.isHubCluster }}
-      caProvider:
-        type: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.type }}
-        name: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.name }}
-        key: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.key }}
-        namespace: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.namespace }}
-{{ else }}
-      caProvider:
-        type: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.type }}
-        name: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.name }}
-        key: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.key }}
-        namespace: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.namespace }}
-{{ end }}
-{{- end }}
-      auth:
-        kubernetes:
-{{ if .Values.clusterGroup.isHubCluster }}
-          mountPath: {{ .Values.mountPath }}
-          role: {{ .Values.mountRole }}
-{{ else }}
-          mountPath: {{ $.Values.global.clusterDomain }}
-          role: {{ $.Values.global.clusterDomain }}-role
-{{ end }}
-          secretRef:
-            name: golang-external-secrets
-            namespace: golang-external-secrets
-            key: "token"
diff --git a/golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-role.yaml b/golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-role.yaml
new file mode 100644
index 000000000..05ce87a73
--- /dev/null
+++ b/golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-role.yaml
@@ -0,0 +1,22 @@
+{{- if and (eq .Values.global.secretStore.backend "kubernetes") (eq .Values.clusterGroup.isHubCluster true) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Values.golangExternalSecrets.kubernetes.remoteNamespace }}
+  name: golang-external-secrets
+rules:
+- apiGroups: [""]
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - selfsubjectrulesreviews
+  verbs:
+  - create
+{{- end }}
diff --git a/golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml b/golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml
new file mode 100644
index 000000000..62253f1f1
--- /dev/null
+++ b/golang-external-secrets/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml
@@ -0,0 +1,34 @@
+{{- $backend := .Values.global.secretStore.backend | default "vault" }}
+{{- if eq $backend "kubernetes" }}
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: {{ $backend }}-backend
+  namespace: golang-external-secrets
+spec:
+  provider:
+    kubernetes:
+      remoteNamespace: {{ .Values.golangExternalSecrets.kubernetes.remoteNamespace }}
+      server:
+        url: {{ .Values.golangExternalSecrets.kubernetes.server.url }}
+{{- if .Values.golangExternalSecrets.caProvider.enabled }}
+{{- if .Values.clusterGroup.isHubCluster }}
+        caProvider:
+          type: {{ .Values.golangExternalSecrets.caProvider.hostCluster.type }}
+          name: {{ .Values.golangExternalSecrets.caProvider.hostCluster.name }}
+          key: {{ .Values.golangExternalSecrets.caProvider.hostCluster.key }}
+          namespace: {{ .Values.golangExternalSecrets.caProvider.hostCluster.namespace }}
+{{- else }}
+        caProvider:
+          type: {{ .Values.golangExternalSecrets.caProvider.clientCluster.type }}
+          name: {{ .Values.golangExternalSecrets.caProvider.clientCluster.name }}
+          key: {{ .Values.golangExternalSecrets.caProvider.clientCluster.key }}
+          namespace: {{ .Values.golangExternalSecrets.caProvider.clientCluster.namespace }}
+{{- end }}
+{{- end }}
+      auth:
+        serviceAccount:
+          name: golang-external-secrets
+          namespace: golang-external-secrets
+{{- end }}
diff --git a/golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml b/golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
new file mode 100644
index 000000000..8fdd4ab0a
--- /dev/null
+++ b/golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
@@ -0,0 +1,44 @@
+{{- $backend := .Values.global.secretStore.backend | default "vault" }}
+{{- if eq $backend "vault" }}
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: {{ $backend }}-backend
+  namespace: golang-external-secrets
+spec:
+  provider:
+    vault:
+      server: https://vault-vault.{{ .Values.global.hubClusterDomain }}
+      path: secret
+      # Version of KV backend
+      version: v2
+{{- if .Values.golangExternalSecrets.caProvider.enabled }}
+{{ if .Values.clusterGroup.isHubCluster }}
+      caProvider:
+        type: {{ .Values.golangExternalSecrets.caProvider.hostCluster.type }}
+        name: {{ .Values.golangExternalSecrets.caProvider.hostCluster.name }}
+        key: {{ .Values.golangExternalSecrets.caProvider.hostCluster.key }}
+        namespace: {{ .Values.golangExternalSecrets.caProvider.hostCluster.namespace }}
+{{ else }}
+      caProvider:
+        type: {{ .Values.golangExternalSecrets.caProvider.clientCluster.type }}
+        name: {{ .Values.golangExternalSecrets.caProvider.clientCluster.name }}
+        key: {{ .Values.golangExternalSecrets.caProvider.clientCluster.key }}
+        namespace: {{ .Values.golangExternalSecrets.caProvider.clientCluster.namespace }}
+{{ end }}
+{{- end }}
+      auth:
+        kubernetes:
+{{ if .Values.clusterGroup.isHubCluster }}
+          mountPath: {{ .Values.golangExternalSecrets.vault.mountPath }}
+          role: {{ .Values.golangExternalSecrets.rbac.rolename }}
+{{ else }}
+          mountPath: {{ $.Values.global.clusterDomain }}
+          role: {{ $.Values.global.clusterDomain }}-role
+{{ end }}
+          secretRef:
+            name: golang-external-secrets
+            namespace: golang-external-secrets
+            key: "token"
+{{- end }}
diff --git a/golang-external-secrets/values.yaml b/golang-external-secrets/values.yaml
index 8a37f5545..6ecd32f2d 100644
--- a/golang-external-secrets/values.yaml
+++ b/golang-external-secrets/values.yaml
@@ -1,18 +1,25 @@
 ---
-# Eventually we should aim to move these two under the golangExternalSecrets key
-mountPath: "hub"
-mountRole: "hub-role"
-
 golangExternalSecrets:
-  # This controls how ESO connects to vault
+  rbac:
+    rolename: "hub-role"
+
+  kubernetes:
+    remoteNamespace: "validated-patterns-secrets"
+    server:
+      url: 'https://kubernetes.default'
+
+  vault:
+    mountPath: "hub"
+
+    # This controls how ESO connects to vault
   caProvider:
     enabled: true # If vault is exposed via a route that is signed by a non internal CA you might want to disable this
-    vaultHostCluster:
+    hostCluster:
       type: ConfigMap
       name: kube-root-ca.crt
       key: ca.crt
       namespace: golang-external-secrets
-    vaultClientCluster:
+    clientCluster:
       type: Secret
       name: hub-ca
       key: hub-kube-root-ca.crt
@@ -22,6 +29,9 @@ global:
   hubClusterDomain: hub.example.com
   clusterDomain: foo.example.com
 
+  secretStore:
+    backend: "vault"
+
 clusterGroup:
   isHubCluster: true
 
diff --git a/scripts/determine-main-clustergroup.sh b/scripts/determine-main-clustergroup.sh
new file mode 100755
index 000000000..6271dbadd
--- /dev/null
+++ b/scripts/determine-main-clustergroup.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+PATTERN_DIR="$1"
+
+if [ -z "$PATTERN_DIR" ]; then
+    PATTERN_DIR="."
+fi
+
+CGNAME=$(yq '.main.clusterGroupName' "$PATTERN_DIR/values-global.yaml")
+
+if [ -z "$CGNAME" ] || [ "$CGNAME" == "null" ]; then
+    echo "Error - cannot detrmine clusterGroupName"
+    exit 1
+fi
+
+echo "$CGNAME"
diff --git a/scripts/determine-pattern-name.sh b/scripts/determine-pattern-name.sh
new file mode 100755
index 000000000..fb503fe68
--- /dev/null
+++ b/scripts/determine-pattern-name.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+PATTERN_DIR="$1"
+
+if [ -z "$PATTERN_DIR" ]; then
+    PATTERN_DIR="."
+fi
+
+PATNAME=$(yq '.global.pattern' "$PATTERN_DIR/values-global.yaml" 2>/dev/null)
+
+if [ -z "$PATNAME" ] || [ "$PATNAME" == "null" ]; then
+    PATNAME="$(basename "$PWD")"
+fi
+
+echo "$PATNAME"
diff --git a/scripts/determine-secretstore-backend.sh b/scripts/determine-secretstore-backend.sh
new file mode 100755
index 000000000..ef7847907
--- /dev/null
+++ b/scripts/determine-secretstore-backend.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+PATTERN_DIR="$1"
+
+if [ -z "$PATTERN_DIR" ]; then
+    PATTERN_DIR="."
+fi
+
+BACKEND=$(yq '.global.secretStore.backend' "$PATTERN_DIR/values-global.yaml" 2>/dev/null)
+
+if [ -z "$BACKEND" -o "$BACKEND" == "null" ]; then
+    BACKEND="vault"
+fi
+
+echo "$BACKEND"
diff --git a/scripts/display-secrets-info.sh b/scripts/display-secrets-info.sh
new file mode 100755
index 000000000..124a34542
--- /dev/null
+++ b/scripts/display-secrets-info.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -eu
+
+get_abs_filename() {
+  # $1 : relative filename
+  echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
+}
+
+SCRIPT=$(get_abs_filename "$0")
+SCRIPTPATH=$(dirname "${SCRIPT}")
+COMMONPATH=$(dirname "${SCRIPTPATH}")
+PATTERNPATH=$(dirname "${COMMONPATH}")
+ANSIBLEPATH="$(dirname ${SCRIPTPATH})/ansible"
+PLAYBOOKPATH="${ANSIBLEPATH}/playbooks"
+
+export ANSIBLE_CONFIG="${ANSIBLEPATH}/ansible.cfg"
+
+if [ "$#" -ge 1 ]; then
+    export VALUES_SECRET=$(get_abs_filename "${1}")
+fi
+
+if [[ "$#" == 2 ]]; then
+    SECRETS_BACKING_STORE="$2"
+else
+    SECRETS_BACKING_STORE="$($SCRIPTPATH/determine-secretstore-backend.sh)"
+fi
+
+PATTERN_NAME=$(basename "`pwd`")
+
+ansible-playbook -e pattern_name="${PATTERN_NAME}" -e pattern_dir="${PATTERNPATH}" -e secrets_backing_store="${SECRETS_BACKING_STORE}" -e override_no_log=false "${PLAYBOOKPATH}/process_secrets/display_secrets_info.yml"
diff --git a/scripts/load-k8s-secrets.sh b/scripts/load-k8s-secrets.sh
new file mode 100755
index 000000000..33c2f9a5e
--- /dev/null
+++ b/scripts/load-k8s-secrets.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -eu
+
+get_abs_filename() {
+  # $1 : relative filename
+  echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
+}
+
+SCRIPT=$(get_abs_filename "$0")
+SCRIPTPATH=$(dirname "${SCRIPT}")
+COMMONPATH=$(dirname "${SCRIPTPATH}")
+PATTERNPATH=$(dirname "${COMMONPATH}")
+ANSIBLEPATH="$(dirname ${SCRIPTPATH})/ansible"
+PLAYBOOKPATH="${ANSIBLEPATH}/playbooks"
+export ANSIBLE_CONFIG="${ANSIBLEPATH}/ansible.cfg"
+
+PATTERN_NAME=${1:-$(basename "`pwd`")}
+
+ansible-playbook -e pattern_name="${PATTERN_NAME}" -e pattern_dir="${PATTERNPATH}" "${PLAYBOOKPATH}/k8s_secrets/k8s_secrets.yml"
diff --git a/scripts/manage-secret-app.sh b/scripts/manage-secret-app.sh
new file mode 100755
index 000000000..1ea0d0bb4
--- /dev/null
+++ b/scripts/manage-secret-app.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+APP=$1
+STATE=$2
+
+MAIN_CLUSTERGROUP_FILE="./values-$(common/scripts/determine-main-clustergroup.sh).yaml"
+MAIN_CLUSTERGROUP_PROJECT="$(common/scripts/determine-main-clustergroup.sh)"
+
+case "$APP" in
+    "vault")
+        APP_NAME="vault"
+        NAMESPACE="vault"
+        PROJECT="$MAIN_CLUSTERGROUP_PROJECT"
+        CHART_LOCATION="common/hashicorp-vault"
+    ;;
+    "golang-external-secrets")
+        APP_NAME="golang-external-secrets"
+        NAMESPACE="golang-external-secrets"
+        PROJECT="$MAIN_CLUSTERGROUP_PROJECT"
+        CHART_LOCATION="common/golang-external-secrets"
+    ;;
+    *)
+        echo "Error - cannot manage $APP can only manage vault and golang-external-secrets"
+        exit 1
+    ;;
+esac
+
+case "$STATE" in
+    "present")
+        common/scripts/manage-secret-namespace.sh "$NAMESPACE" "$STATE"
+
+        RES=$(yq ".clusterGroup.applications[] | select(.path == \"$CHART_LOCATION\")" "$MAIN_CLUSTERGROUP_FILE" 2>/dev/null)
+        if [ -z "$RES" ]; then
+            echo "Application with chart location $CHART_LOCATION not found, adding"
+            yq -i ".clusterGroup.applications.$APP_NAME = { \"name\": \"$APP_NAME\", \"namespace\": \"$NAMESPACE\", \"project\": \"$PROJECT\", \"path\": \"$CHART_LOCATION\" }" "$MAIN_CLUSTERGROUP_FILE"
+        fi
+    ;;
+    "absent")
+        common/scripts/manage-secret-namespace.sh "$NAMESPACE" "$STATE"
+        echo "Removing application wth chart location $CHART_LOCATION"
+        yq -i "del(.clusterGroup.applications[] | select(.path == \"$CHART_LOCATION\"))" "$MAIN_CLUSTERGROUP_FILE"
+    ;;
+    *)
+        echo "$STATE not supported"
+        exit 1
+    ;;
+esac
+
+exit 0
diff --git a/scripts/manage-secret-namespace.sh b/scripts/manage-secret-namespace.sh
new file mode 100755
index 000000000..bcb06742c
--- /dev/null
+++ b/scripts/manage-secret-namespace.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+NAMESPACE=$1
+STATE=$2
+
+MAIN_CLUSTERGROUP_FILE="./values-$(common/scripts/determine-main-clustergroup.sh).yaml"
+MAIN_CLUSTERGROUP_PROJECT="$(common/scripts/determine-main-clustergroup.sh)"
+
+case "$STATE" in
+    "present")
+
+        RES=$(yq ".clusterGroup.namespaces[] | select(. == \"$NAMESPACE\")" "$MAIN_CLUSTERGROUP_FILE" 2>/dev/null)
+        if [ -z "$RES" ]; then
+            echo "Namespace $NAMESPACE not found, adding"
+            yq -i ".clusterGroup.namespaces += [ \"$NAMESPACE\" ]" "$MAIN_CLUSTERGROUP_FILE"
+        fi
+    ;;
+    "absent")
+        echo "Removing namespace $NAMESPACE"
+        yq -i "del(.clusterGroup.namespaces[] | select(. == \"$NAMESPACE\"))" "$MAIN_CLUSTERGROUP_FILE"
+    ;;
+    *)
+        echo "$STATE not supported"
+        exit 1
+    ;;
+esac
+
+exit 0
diff --git a/scripts/process-secrets.sh b/scripts/process-secrets.sh
new file mode 100755
index 000000000..509d6d71b
--- /dev/null
+++ b/scripts/process-secrets.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -eu
+
+get_abs_filename() {
+  # $1 : relative filename
+  echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
+}
+
+SCRIPT=$(get_abs_filename "$0")
+SCRIPTPATH=$(dirname "${SCRIPT}")
+COMMONPATH=$(dirname "${SCRIPTPATH}")
+PATTERNPATH=$(dirname "${COMMONPATH}")
+ANSIBLEPATH="$(dirname ${SCRIPTPATH})/ansible"
+PLAYBOOKPATH="${ANSIBLEPATH}/playbooks"
+export ANSIBLE_CONFIG="${ANSIBLEPATH}/ansible.cfg"
+
+PATTERN_NAME=${1:-$(basename "`pwd`")}
+SECRETS_BACKING_STORE="$($SCRIPTPATH/determine-secretstore-backend.sh)"
+
+ansible-playbook -e pattern_name="${PATTERN_NAME}" -e pattern_dir="${PATTERNPATH}" -e secrets_backing_store="${SECRETS_BACKING_STORE}" "${PLAYBOOKPATH}/process_secrets/process_secrets.yml"
diff --git a/scripts/set-secret-backend.sh b/scripts/set-secret-backend.sh
new file mode 100755
index 000000000..e07b15bfb
--- /dev/null
+++ b/scripts/set-secret-backend.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+BACKEND=$1
+
+yq -i ".global.secretStore.backend = \"$BACKEND\"" values-global.yaml
diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml
index aef52f65b..948ec58be 100644
--- a/tests/clustergroup-industrial-edge-factory.expected.yaml
+++ b/tests/clustergroup-industrial-edge-factory.expected.yaml
@@ -186,6 +186,8 @@ data:
         useCSV: true
       pattern: mypattern
       repoURL: https://github.com/pattern-clone/mypattern
+      secretStore:
+        backend: vault
       targetRevision: main
     main:
       clusterGroupName: example
diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml
index 3fcca694b..541d61285 100644
--- a/tests/clustergroup-industrial-edge-hub.expected.yaml
+++ b/tests/clustergroup-industrial-edge-hub.expected.yaml
@@ -347,6 +347,8 @@ data:
         useCSV: true
       pattern: mypattern
       repoURL: https://github.com/pattern-clone/mypattern
+      secretStore:
+        backend: vault
       targetRevision: main
     main:
       clusterGroupName: example
diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml
index 5678d8bc6..e7c662027 100644
--- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml
+++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml
@@ -306,6 +306,8 @@ data:
         useCSV: true
       pattern: mypattern
       repoURL: https://github.com/pattern-clone/mypattern
+      secretStore:
+        backend: vault
       targetRevision: main
     main:
       clusterGroupName: example
diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml
index ec8099f3d..de02651ea 100644
--- a/tests/clustergroup-naked.expected.yaml
+++ b/tests/clustergroup-naked.expected.yaml
@@ -76,6 +76,8 @@ data:
         syncPolicy: Automatic
         useCSV: true
       pattern: common
+      secretStore:
+        backend: vault
       targetRevision: main
     secretStore:
       kind: ClusterSecretStore
diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml
index a3dd7cd47..9bf397326 100644
--- a/tests/clustergroup-normal.expected.yaml
+++ b/tests/clustergroup-normal.expected.yaml
@@ -268,6 +268,8 @@ data:
         useCSV: false
       pattern: mypattern
       repoURL: https://github.com/pattern-clone/mypattern
+      secretStore:
+        backend: vault
       targetRevision: main
     main:
       clusterGroupName: example
diff --git a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
index d92ef4277..e6b3d6fbc 100644
--- a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
@@ -9225,7 +9225,7 @@ spec:
           secret:
             secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
+# Source: golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
diff --git a/tests/golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
index 43c5d3fc6..3fca7728d 100644
--- a/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
@@ -9225,7 +9225,7 @@ spec:
           secret:
             secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
+# Source: golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
diff --git a/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
index 43c5d3fc6..3fca7728d 100644
--- a/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
+++ b/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
@@ -9225,7 +9225,7 @@ spec:
           secret:
             secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
+# Source: golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
diff --git a/tests/golang-external-secrets-naked.expected.yaml b/tests/golang-external-secrets-naked.expected.yaml
index 6b9d3030b..fda091752 100644
--- a/tests/golang-external-secrets-naked.expected.yaml
+++ b/tests/golang-external-secrets-naked.expected.yaml
@@ -9225,7 +9225,7 @@ spec:
           secret:
             secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
+# Source: golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
diff --git a/tests/golang-external-secrets-normal.expected.yaml b/tests/golang-external-secrets-normal.expected.yaml
index 43c5d3fc6..3fca7728d 100644
--- a/tests/golang-external-secrets-normal.expected.yaml
+++ b/tests/golang-external-secrets-normal.expected.yaml
@@ -9225,7 +9225,7 @@ spec:
           secret:
             secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
+# Source: golang-external-secrets/templates/vault/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
diff --git a/values-global.yaml b/values-global.yaml
index 24feccd56..684f89f2e 100644
--- a/values-global.yaml
+++ b/values-global.yaml
@@ -12,6 +12,9 @@ global:
     email: someone@somewhere.com
     dev_revision: main
 
+  secretStore:
+    backend: vault
+
 main:
   clusterGroupName: example
 

From 672da04a64123630ad2ee8d004a9900a1e821b2e Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 9 Feb 2024 17:02:49 +0100
Subject: [PATCH 07/10] Upgrade ESO to v0.9.12

---
 golang-external-secrets/Chart.yaml            |    2 +-
 .../charts/external-secrets-0.9.11.tgz        |  Bin 86686 -> 0 bytes
 .../charts/external-secrets-0.9.12.tgz        |  Bin 0 -> 93006 bytes
 golang-external-secrets/values.yaml           |    6 +-
 ...rets-industrial-edge-factory.expected.yaml | 3982 +++++++++++++----
 ...-secrets-industrial-edge-hub.expected.yaml | 3982 +++++++++++++----
 ...ecrets-medical-diagnosis-hub.expected.yaml | 3982 +++++++++++++----
 ...olang-external-secrets-naked.expected.yaml | 3982 +++++++++++++----
 ...lang-external-secrets-normal.expected.yaml | 3982 +++++++++++++----
 9 files changed, 15434 insertions(+), 4484 deletions(-)
 delete mode 100644 golang-external-secrets/charts/external-secrets-0.9.11.tgz
 create mode 100644 golang-external-secrets/charts/external-secrets-0.9.12.tgz

diff --git a/golang-external-secrets/Chart.yaml b/golang-external-secrets/Chart.yaml
index b60b499cf..38549d5c7 100644
--- a/golang-external-secrets/Chart.yaml
+++ b/golang-external-secrets/Chart.yaml
@@ -6,6 +6,6 @@ name: golang-external-secrets
 version: 0.0.3
 dependencies:
   - name: external-secrets
-    version: "0.9.11"
+    version: "0.9.12"
     repository: "https://charts.external-secrets.io"
     #"https://external-secrets.github.io/kubernetes-external-secrets"
diff --git a/golang-external-secrets/charts/external-secrets-0.9.11.tgz b/golang-external-secrets/charts/external-secrets-0.9.11.tgz
deleted file mode 100644
index 0f813640598414f183461f5f42e9d774fd723a86..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 86686
zcmV)LK)JskiwFP!000001ML0lcH2g_C<^Ddp8}iNYuMhONJ_Tj^!B&2)>0%VtrcH1
zB*i{G`t*p4BqX8*0$cznSxM)6tMdZq$-X&fT~N4Jksxi^g|Sx0BB}~iv#RF(;(yHi
zBx2z(^{0uSrQ>h<fA-<|{=4t+zX#ucx3B+KKHnTX`|jCy`}<G!pFI0!|KQodv;A+p
z@3t_P%Ckx{mU!Mbi(oqUL%*?I*ZX_=_~rdSnzJMu-LXa3+c$87pFexnxc}epAJG0k
zdGh_!XYlX+gXjC-AAIBO_cnu;=PTcTwhZ3+NgBk_3-9L11GZe|f9{X|_vql@!OTym
zNwCc5$Cu)~c>KJ03l^~}f8j@&cNr(%FRKZ>_A@_yFpn4h3vZrf%k;%~d=+H#)nqh{
z7vsv2EC28ynBu2o*M!}Uc=uK6C-5qRubGWBUa%k<voxibX*>+$EBGIlT=}DAboJoc
zzq^f-S^DC^(7RSsA66zb^yI&=m4eX2fB(Td7#;lY(f)A%;RF0u2LBIlaXcUX4qtfJ
zei#PPV#;pfyZ^kx-*D;=JTGDhAO7O{0spJ=;p}b+Kf|ts!Ia?+Jh+h`7rV3J{#PKD
z`HN-901Ew40(<=b{NU+xhyQo+wCw+zw-+zZN7=`0({FU)|L<VWi}?Th@4kQT@c%BJ
z^8R~smU<K4kGz?`4C6b0=B2CY)KAmPRT$p=j|UG<A`eiepLkge4X=X8TctsCr6|KW
zA860Ji&x%l5Qbjl!zj=iu&}pUdd%ZZ&a*i29{|xf3SkrcMEliC09mh+sqZ~Ps^WiS
za47vfZ*u2B8$g8cJ?1^UVXH8Es1Nse^x(m393Y6G<APA82mhDNeQy?AUit}AD#WU(
z7hmc<Q;$V6Zyw*`Oo7N;23IQ>2RbeuOj!g=1p>E%Ca_?bn)fqNq!->Fe|RI#GyN3^
zp7-aU4>m=~JAGR2|8H>Kmq2Ys*>W>pu>JlY>_6RqUcCQL_Mbg>_kSnPAAgMh*MpZI
zmw5Q`k{};~Hv|7YrDOfze~sZ#|MABVFv2BpH{PIpW=7a);0^O;crWF(c!ML3-m!4y
z^OkRcg-L>$@BPcml2tVIo<F6328;96<z?{E8w>}Y7|Vxg;gzCk9^uvZ;o{3L5K8j?
zd&R=wG5{O{d=f2S^x(bE$ENlfegPMQm~F~{i}X^wt2wjEmknctGr$9I?ZaRZWE^W{
z^C0ye0p>xF9KSiowupbyr9TC9b8-pDD)d<@V2AuEFo7wD9{(-KI3ffb0w0HY!bfQG
zVz%87#>Pb`2bT({@}&Z-XwvxJ1n^<1#`&MLh!;PY?`%Ft1r9#Q=#0aP_m%T3{AfA3
zWddCHr8oGubog)Spfnc$sQEdo|7YR!Y1@i-MzG_!rL?u;obXm5oA{y0_EPhFZ_8`a
z!Oj0IL=ad{0%V#2p&a~w2HxPef&Hb57Yi7OrkWZ|l{e&b1%$X5rSmaOpGaX4O~ci!
zWr-s`iI#>bY~U0q@+<M7k#?HI>JOEaitpgok8<H{6vSgCBjv<d>+&za7;)y8piv!#
zi?*}j<c<#{Pu97g+yqnA{}vblbql5hO+Iz8(k%WPTZH*CYR^|Qz=yZ~WFE)YTL--Q
zklTP-xC|FQT&HRA2CNUzn&tBGUw8x2aj=u+P5mSrBAQO(F!Yn{pR@7@-Fa(;kNvqb
z0&v^;D-F=&IRt`pE@op+a?0}`)=r;m&{~fu=b##v4@^qNqN!ipd!0|wR@8~Dw=icp
z_SWX!b#D4tL+KlvttIEm%A!jut}L5QL1@pAj|cY5=&Vu4L*DOA6U$v}Hk$HTlmwth
z%@E1?`O)L1K_h+18pkV#ABcYpj0R}uYWsqpcK(gvSl_$>o{e7{bd6^ZN|S+h1k&oY
zGy*MlJ8J4>4B;{<FdW_<;1=Um;r^+$DEIei(f^hC5UvnLQ=g@IxI_PUu>bvjN&olk
z>652U|F?@rAPrPyG~7giDIP^}R>6+g^fhtK$;gk`B=jG1<|;QT1A$M+HwO={gJ|}`
zJ631t0kE5F#xnLo*+N@+2#sRa@ezECbjj)%2l`nT13bZe;<r7IU|`Hmhl-2-mlwgJ
z(4g>)4_alDi=fPJ&|w7NB<n=VyR!U;d{T;~uKkigeyE4UE~p3!rYz;lub+Tub3_D)
z21@*!05|HdK?<DS-7D04wvSM4&qtEnBA@<(Wz+d94al}&t_m$V5T5fdN>nAjsGTSI
zxwg$%#<R*U;8WR&mfiSE-c8#P{zF(;d>^Mw`<l`6a`DXb%okEwiacN@Ukw(33r^vx
z3M*hfZ28Sbu&uH{?bySJhZ<>TV3oxSd~;rCcM)IvQQPe(aV=_?;!--c4FI%Cg6s}|
zg@x#=F1*+Xg7Y}d-uT&VoLsjpNNbk&6*_(LbCFXR3LIX=%cci5ZCZBg(p#2)@T7Y5
z3ouZ}@`X2O1_8A|%o(QvqCDvTqN{bru3#c1b4fvoH7L&kuf}N%*!iw)Klt!V)wZ}8
zmRzMeXoj>MwYxF&hQnzx8z%mLul$ui3;?dl4GVv0L;ckBM6@h^8pji-e~2gH2ODB8
z6&uaN5e5IDp03x-1HaPWG}LHTvk>aEA)C#TA6ia~Qttsp^&>z4Nmd<f?z1qP|IP<%
z+aflDi<zdUNj&jK*c$$5Ke44g)$bz+FFl?8gM*U_zOcr3V_2Cz9yEgA4{{6S4pg=z
zh#UKgCgiNq(NSLYVFdvsEV}Z&|9S1-?Ro$62A6||%?8lGM-p}jm#PR5LCY`Y0G0Iu
z#PAF70{5z}m6)QCjGKB_JCxB^?T@&HX%R&ZbEJJ5C#@V_=Xs=0Byko`<M4%dadcXG
zCmb93FxtD~K`YJ=eLa8nOL(2Hq@5e>IJ-0m%jPe<F}A(?z3?uGf-GR+u^+NKIKgo=
z1Md0Bexc3MPXeOJ{OxxZ6pfD0%jl*!B|p09k9>7aLHbdZPO$p9-<dRPp9mE1;&8R_
zUn4_Qn$L~)=EZ~h37HOTF>m8JYt!XZEeJKnGfWMcv#wo@;+e0^D5{tK>qfj`*XP;g
zCEgqjL&;yZ`q?ao|1C>v+K*fQ_%aUTtGn|h;t_a}!mb8|gWT9;<B2t&(Ip@!;)_F;
zrqV{jJ62w`A<~v{>Q%0vT5si^ejW?`FNmhIAWc>j2{KvDu6#p9aEJf*!FNx-E9rlq
zKY8|@)Bo<`G1mV!>no1cq4<#>3a$yBnW~Iu6`k>tWZPV8d|LfTzv|=RayI!KRLD}*
z)`9eEV7>^V!y6Wa2v9yf{g+nMZ!}tgF0C;=_VL$<l_psD&3cM8BNisPYkl<nB#svN
zKbf%UT7jV*`2XpX@5}!GPxqfY``=EUP4Pb+3Of@a;QL_-;nOH=mCb<({hhe^(e+=r
zXP=}2LeX>v{C@AI!!2O)WEFBDap=K9e@^1nQhZ?O4d53XIl{%KVx?RmToTNo?G%<B
zFXZp!BodIg!#mvg$s}(Kh;bnQjrtq)$1S2i_19_%(DT)wOZl>PuCqmu;zSewDnN-w
z+nuI4->@*4QIwWA1u~wB?Q-T#vjZf(j8QJDn@8c>`lN2x`qYiz@Ev|-Hd}}|lsf|F
zG>(&55Si>hu}z)xDuJMWF2mt)15EKF`~au$ULXvZ?wNmyV@lY!tQJ~T(PAHKOIMSB
z0-qyLSNC{!mQ_0jTduKaguSPX)@S-y@PA@w?ODJs`Txmx75?w}!M@}FcJXY=|4D0+
zJRBR#{tAtYTi>&wpPQwOak!PoR~a6xe@8E#6GR~X6STf5gWs^zVpg7?ZZfMH^)k$q
zl5vZnZqO^6_=>W2e}eV1`zu)AlgA$a3;%TsGSG$p559j|!vEhLIQf4!&!+glKCEDU
zO+Xp_OQz3`3fOR^pIqrHhiZ3@D}b47%0>6ib}~|<z_s{Xk3`HN^Uv#P!~e;wpCn-R
z`M<uW{C_V0*Y=;T{b$pJQTnG0eV^CM3)xQppBy}ST8{sD^8I%%|Km=ck|~dZZ^Q8D
z>^Q9k@>G@9n$nHb)Mr8!c&yaa1;SlRHi~ozJxeR(rkTFf5jSO@EHE|XvKmJsQ-G3F
z4VaYHHf%OKiT+6fOieTi@c;|alwzB)>2S)1mr1;6VmSW%bG)wGatRO`_kIPp7Xz&)
zt00{5+1zNEJ`bLb_7!VYy!7b^`l6FnoYec>O2PDsD=j-(3yzB)08G$y6(>RNP&X`n
zUDE>|9-ST1iwpGvb=$wxynF?}bD1_=B`mBgiQc7i5NzMDMaRc6yWJ{eNqG>Id#5qV
z;%e(=4?LL>Na?&eNN)~UxSX>C@u3uu$wGxHc^(WC9iE=NdwO1a;dzDhtApY)Jpk$|
zi7=hi;qREP?nrw1dS~2RbLY`qy==}hPvo(qL`9faZ@Eh6u(&bC6JSa!iY`b;-Wy<d
zUtlUD8NnbESn<!n#X@kyCoU5|oqK#LbdM>i6^D`cXy(JJQ2#D7@CA5jgY53{$h*L-
zT4Fu~#hEvYZzG;?3-kY}aEs8t@k5bgaD+!~MD0i3NdyC=qPqvf@d)Z!!)!U&_+&@k
z{~dvZ;lnpE;YCf7S^_6hzwsoDCp?cVHXa`y9uMChuCn=PG1G%MmI=%v$%3*^t%gDi
zzn3=lA@0724&m!a2@v8mVH!p{89bUC77Gvp-~&8GjzdIuUQEjS5eZMw5l{FkoOvAY
zWzc6DUq!+1YP3|sn<zf)b0o6+lFRxYVbBG;gN`_^w~Dk8Za7l(RJz3i93_FkL?J75
z4IL9M3MMN=4C5JY>NpLqhAf%RgA7I|crSw?O*SGl3LySgS(hG`z{k~KaKzETqrV_z
z(F$wC7<gcq=+4)YgA{*4sGPk#zsOTj64*I}^QLJIYy=d*0W)J_OT_RrinKTK#9(27
zgezT57D0x)_}>7;4EJH=9TDN98%nmY8J+PXz#rieQiyGXn$ltp5q##rE=OG!J8)<f
zUg^<<4L6~H;?AMHx)CBhr=T!A$AZ8%9L@QotC4Jlb~9WZPXY)#eme&q&P#H{h?sEX
zrG9;$Y9kczZG3~WvVU8KSQ9=VoB(~Rzqa=wVDkh;CjyPuH!6Yib+HdFITgf0yz<n$
zGSCR6Q`=F)r@Cg0kHq>Xm0Q_3>61%u0dyx=hBdRqi<`oEj%0pD-&@8ro^KW@3Rfu8
z?|?XYnp&cHEnjau-{mGXCt5y2X>tl<OoJsb9VXjzUh1UpkIXxjzXT?Vpuoa(OPj?R
zHDQQudI~Ez(tSHPZ_zw8LB~_1TGPUED6WgL>oO1V^A9|vtZ6N#>%oWP-1g&FS=I#{
zA3kN-y`0Ep$+soc7%FYmC}ebe&vgFyT>FjJy>$r~NG9eD6HAan(H|VTinu*Yy$^`S
zKky`|+NA;dhPhH@R;E-jAiN<GJ!mNyMIWvq=0}Dv06`2g`5MVw0NdLI5qu1;V*U_w
zy$)RT%seGnz=ZLPCO(kzgiiBTrp<NEwsX&=L^1i6S$ii}5x-QI{CDI$VCRs@m~!*s
zkn`T7(%*7F6@M62Kg-AK88n?pRzCbv@||1rULR>gxV!D{c8}9`ce}A^=iN4FCXZY*
zgoimJvo1S_IWNMP*>T(NOPzFfPQKeVzg;xm*|2iw<(?$1@!aaQDeO?GBy<c?uXGE`
zDd0*txU{Y^X!_vn*lGqiyb{OUvCKo!ORbKpT0X#NAK<dEU_l7KK4~9HnJ4ub{b;Y5
zck74Y@H#?mR<6mW5lK2dIXge};E$h=PV0`uoRoDa<H)tC-0^IQ`m|i?38j*=`2lf%
zVL*YbZ!t>}cGud{1bcU2Zv8NBfWeIyXN<Y;HP$u+M>meehpV?Y!{!}LT3`FoO_0P9
zrc}GYb~XJ4;9hvAt4SD4kHUCWrwJ(Ppk5ZoEnx~N7s5#T43wrX6}lz5^wT(sVCqz|
zCYsfvMvn5m9}5cid?eCv(B#E84-b#kw?=evF5@taZ*jnU4p_%R1<37rAY@|+9^V80
ztxe%|6%R3Q6`bNsQ+%nP7&X#XosO>JZ(kjJ_e2Nqp7-nd&!`%sCgP`~c@Q!2@1Ol-
z!6N#jtU2TRx?0qqykW;aVvEYR8`|X)YG|O%vhid#+$5=HtUr?4S)<ZKF#@@O{?KHh
zRFy<HF5`Ftd&+Aejc6aHNipw@(agBfs%u(<W1f$e2pw5iBu&&6u6ulHXh0gHHA%iC
zfl0ICjARNSpzJrntj0)#_=~Jbn!O5ZQISPSSbVr$3iW)lq|_3i1|zkZj`r}^#OG)h
zzd4(-WR~9yvIPmKrZ2SaFBW%0?Jr#89<8yp367Qu%MyWM=4bFF&B}ytM({t^=v)Wa
zPVVv;kqln6`Iy!_9@y?|=0~ha(N(0iyy0<P=t@Uy{4KB81sJPfqc{^}ftFTLUgG3w
zigiS&W$MkuW=Lb!{4AknW_PIh8M!z3B9=>$1PpbMlnze+Z8fRMmV*k+6{gy(rd@7u
zG$4z7{yQIv;_3XWI}jW+Bfc=`%dh2~&U~~qyek-(IW%shVVUbixK37^F5f5}y!Nj2
z)%0k#;XM2i`Iv-JvLU7Or}m5aTAnWdFTsTt^S1Sx|M~m<?+%`o^FKd(^33^v?c&i~
zr5@Edfj!QDttR~|R(!0<{OlaYz7mJAS}bAYEVh=1Sm`_Tdm$XQcrxjI?kQH=rs6PG
zza&nzYy8H5JK*n>vsmo_50uZCn8kyt!x)?px(O^q#tPaTVe+^lz5iz#N2f$bxl5E^
zSj;(jN#!Xy&-}|#Nlxec#!Il4*`yMSR{fe_)h~jYA*EB8OcQH2I<ZxF?KlY1zyHUh
z{~TezAAT5|VFJg&<9~=&HD8AJ?VpprcoV=eo4VrF9wU@8NO{GbwWP>Yf0#V@jLs-K
z7c%EU=3K~19oBIntG${9M>0~n_$f)Uh)ziDQroR8$+np$idgt{!@4TdMFpM&f->le
zp*)EzxYd^PUv<i;E|W=ZS%Xp&jqr5aU;1#FD%VK(wDW1#G#B>vO@no#)uPe9r?nb>
z*|nLku>eAqNibRhUN=R_N>$!BK9)@vq%xCZyd3)Vm3s9UeaN$0-{;N`T2W^~lCS+c
zUfdmDpK|?ULLYAUZimsVFs&jyHkzdOh?py!*y#Vj-~ax&e%8$f9y7CP;xFRN@30G(
zmU$-ol*|%*EODS|x^ng0*;c%GBzTaqnBm=cG<u9<T>9B`-fpon_oT_CwR5Rg>$H3-
z>(DX(hd~DoEWZkGM^U?tX;bjz96CpAwsjPrq46Ba1`-9+c-Cf`<Bx^ucLtmrhI6a|
z-8aC0ZU|cW^=$z55cnLUhCc!m_57Jd(_hbC8MQV7ki}jZ`IHp^{)>Mnr58j-<jf%)
z$|U;PLl5*BhIVxW-(s$k_Yvh!wt1>V)fA*=gnEcgXIJT%b0VDMUP^2$==2^Sy)+Fl
z&1k&j>Ke4I{)7YU(IiIlY7$~JnwI(DG#U;Y(uDfl7>TVdPm;X4!V#ZI>-kg-DA^iC
z*SPfb2z799#+HxwP#u@9mYANV)p6f?O*i$D^x8|3=)QJE+ggU1a|WIXxXP_<44v}$
zP57k?sg%6QM4tjjgt!IJ3TF=lizHNzJO)50Ef9PnOfV?)B>pK65HMI>CqTJ$ZpRUw
z%RU}M*Nc?Q(r`l1@gRW{zzyeI>?f>}ub3ZpvVNn*7>%jWpq&d^u#cJ$<Q=p&HfNbs
ztZwJxD*zb$to7B{LY5Ee@#LjS|3RkqW7K<~R(Hn53w;XG7b-wwJbG_%8bmzt-~Tb<
zS`q0EhrH(vdK{uX;O1adXD(kCF8DO7-I|~y$WnU%^tcoX+%>3v<_PKBaW4!tJBfO7
zuuFIweZk7Pxn4D9Id#&Vm7L{-BgrXC)7v<i?UmxWJs@o+?#R~5F?BL;S&lBJ?_v*3
zkv~2|+ApJq9gckZL=ECIxHCmJPQ|B&YDlw1Nu1Qnj7jOSMlI1HCd<bT9jtlq^~0`D
zU+IJ&>A%9ksa8~bT;MK0Xm37zMpxoZCF-KM&`*64`aR!94NWFE%=Iy?trQ2=p#U{-
zwQY9Z#(VP<8k$Wta@ZJ&wha5^H<BS|qb?U`e>9f4pv@}8`eGOp_CWDUg&yqbfjnH9
zm!QHtxymKfJWc_KN1@QA{&Xnz%<uu_UYm9VofVBmQhE?w^Yy}N#+(~mvLF$V!k}fL
zH{%YEFGaUm>~r==NEA8WI#RqCVvw4j@sBz`TieCs<J4?gTc>7oYPPQNoSMz4+1ehb
zW^-yb{#<s-81;+=_ET2n3BzA8<rdsHk3>;&Ndxu+Jx<8iOmG%IVL!)KIJTmphhr-~
z4O?L*f)^l;S2?Z00YX95w>AWD3ZRoU)CARe_OBSQ&{9z_iXEg6y(Gp+HiofIF}jZ>
z+%b=^FanXgS#^WlChQt;dG|c+Jf_x~NX>TEQy$ah_oZyXGkKeUh;KnaC7KdFrP%!o
zDH$#^;4iNHO!{&za(_(GPH`cxr9gis2Fg!?OmZm$A1Pk<jtA#1mti1tUWM$=Po)0B
zdvqBjDTUyLEX^LbuE;3H-{y9k-|bdll3k{T_uvuB@D~CNK#O9KwCPaNwpF%VQAQpn
zrZPJ7mm!<_htNnt*2ElOhts4X(5!7c#pAY(^4jI1Mn~~t8DOS;!%tbNaAoC|zE;9V
zLzIVVcD{;r_hgOb*eH5QS8A?s9*VUYBS|Bw0*w<Er6B(ru`spZN9=GXz01{b!c{-g
z(2&K2qP-LWehU3exEX7!7fXJ$w*x5`p#W6?31@k{4<jz{e&FCpHKU!@PO4wzn4ifZ
zmec9?WLnbPt~@WBc~0m~1F5us<t9{a^PBRN){<uwK_dW8Hp_Fk!V%%l0kD_Tcrg)m
zDme|3`g0hP*cA%X7sJGo(kM-XX1f}B?=c-uT07x<p5^g_f;cTme!(;>lXi<dm<zVV
zN$@GP0`l{716jihq-RmY`DxTW&QHVnX*fR(^Yu7CjnCvFd;&j>9y}*RNVJT4Zg!v$
zwCAA7f>a8-DU2!&hipM9@o*D^1?HK%q>Cn9OS#<)86=NgVO}Yvx6t=nncv=FwRS!d
z#(whNgD4&Bd4p9t@E*ZoAN;@nPda!EKP>2H`kw{<&wSv$=6PUKpY#>K`$?>Mg21H`
zH30*da5OF1@D3V-e>zWCF}~f%V`b|&%LG$(;iu07D;ZtzE)3Kc-Z7YrNlMrj%+iSg
z+Vv^&S~q^2?f`&6*xtRjw^5^)5)K#odh0VxAr_gO@Zwp$;A$J){k|G`SPVkFpj>G}
zXBkH%Sm*j5Kk?e5qvd0A5lS#=Jx2m-wu7x41zs3mK_OX%DECFOOo%{FSwV#&V58rh
zhxG9_YiGB`YS_5~YLkH2(X`#N(QEX7>uA$qmNL5IrL$<VORdM1x76JT3m<6QCYp!I
zHu0}-x=%E#F8G@4K_@Vbb|F|SRv9K2GDf#2vWJ3ba4D@+Dg<4r3Dx+W6P?6y=(n6s
zdzzr5r?%AX98rlHI6N|l=cz}vk6P_<DT;n1-JVAJ*d?0Y4-GO?bCwb@3O%L-0`n%o
z!D0D<EYBVzaC2$0eI(Fs3%{4odPc=<6n*fcD*%$AvPYq#n<t$ubqcC~qm=hoX`T5*
zlv7e&9(1HE+{iQbKl;;ER#IH&9?LSoiKicv4bZdt@Bio$j?J7TwEU2*jk*A3yr<-x
zZRTgFQ4O*u^|WBK(aeyz)xw)|zUWUI(<TmpOdq3AgGv!YST9xRL7)YNH~K71Vvsea
z(0on*18d!fl`XD4%gpCKe{)rbhB>+>ZCDq;PV>f-3BP8BZb7y-MB`bn*?gTD@yD=$
zkN#L2^i@Z(%ZHY8)G+P4ZaY);F?Gi)KEw4sh8@uf=P;VB)qhRs+L>tcsdjn))=kb3
zcNIHzm)*!8bM<gOz6Hc=VKwB}(YUpd8W<l-aE36Aq**~*H?}cUQloNY{BhXNVZWA+
z4*OL*IqX+`EWv5x7MKTDG^ffdJ~p>xXg)0Y_~(L%ai3Sj_xF$Jt(o`kgPS!JFIr=c
zTdugIYCfD(j8>e~O}mmqQpEk`p<R<Z6}N;ktjcAcmQ?cPe3L<~dt!It>})!JnY$nx
zSqsaZc)DNABaT``T9H@{xseb;;02L{KW6?5nN$zo95+|Vw8=Sn*z$3alUTkX&6M(>
z<JRFlXaG2yr)I{C&r9J7LyZ%k5;>~?Rcs{kG&j!9jC1JZ6AFvG&f{eHYVik}A$Q*t
z3*=6$X=fQY!^<OKVKGq!zC58b2k^s`0~62AJXi`hM_y}IX1?aOcR2(<Cnpg`yJq;G
zmmdSn?2LPG9Q!H!O2727R6YfZg$mySJYW$=X}A(S{WUB|ltxrQfz~Gx8m7gH3Qh_*
z#A20FzUnBBhQQoqceP^(K)@e599o7GLy?t$zu^hbQ7Jg{W-FRBlLdIt2NTtR=;7X#
zkJN~-Hl`;g1i~zhNIM%gRN!njUTp3KLn!mrZj(A!aW<a-$ArSQ_76mObWr}}sWwJ{
zMX^>x=oj7zS8#n8907*HJ%C0&FN_5@z~>ptaP%^z*z<1Zamw+hGEoiSufbmBWDicF
z!JbO=TR6)KZ<8H<K<@_Y5SLBpz2|)#UMr`8AwXj&PC*tgf@w2<P`j%|1N}TkDCIqn
zE8w2{MeE+%GnwX%MRys`CV-USO_>+LMER+=T6$9)8rs!Cq~!v49JjXPuhqmb;)uxK
zsxc8Fw<TezglHOs=sYFs25@QsZ|45=T8AB)12~)2WAU|W%J5R7<|O^RLRzW0L7IN*
zS1=046JD#W$4vcsg^{|=YB?d@tPX5Qibdo$!D;otvl^mZqUao;i{=cyN)?vkYy3jX
z9qT|w^>=KI9Q-dUT_ji8><*ABi@OMo>LvUBC4-ARdt;6sf1(ch6=%ZBQ~QbVARju9
zg#zl-IoFmm-hD~cDsYag#4qx`m!*lrfXgtxBWj7rE69j7W@%HbS@$I~DAn9hq*>d2
z{(}xdDqfx?cSK=qpvfO2KSf-&;jGW7F;4k*eplzWQr`G-ZRl;@|Mrh;aLdUtnO7{b
zxGkr3z3OhvEqORLUTZ2kt5^FfKHFd(8emoPv#VL^yPBoFK8E!_#ajxBv@8DkO-KFD
z=kV&gC#CwIPrrZW>VNL!*`)qwA;`cL|NP2}e`+Y=6ITAz&Lq98l>O8iG}ZjnSHekN
zUBS<^q2Q<1`$7NJK9x7KjGjP+16<d|vO*^he|}lvCT4m<fi+5Ra`v_Isq?ZdSi=j=
zw7mZsuOdrw7GkY8tjSpnFVZ9v*c+5qR3Wx7p7J~as64?fL&jgFqZIiEcq~lfUjpA4
zq4pRU#3kl@0^#w4jGp}<yfR%qPgl>=)${DRo~L%7yQ_HW`8(`1f`a&Uikc5gX-c{B
zHc9Z`FVElVirh!2t-gK%J9LG{fsy#{QOMF13Cd&A1(!Ne8WUI#Yy)YbxaK?0P@**@
zB^F-E%OFJB14HS#|6nAU3$`vGs#Ri@@xh(o_*I2Fpa8cL!nN!^^4`iQLKShmP!Yp5
zV;iJ6Sp-p6lg@Ie*Zy4yJ7MGra3~t*OH4U%QyDFs-bGWD25*HtLEh;ddeNxGH+;{;
zgf8d&^ZUbP@ax$t<0vCFm7m{Z&1vt~BrMk?DwZUr;AexnL`G&#w#w%GQg&pSD9#yr
z>F}m7K;3qR!y=}dlDh)k5xLGjBBOGf7tX{go<obVZJ8u0mzRJBBxO10`i{ftl!E&+
zN~b~xOeF}%+in#GX0u>?7-e!fIW}?PDl8dirxsRP{}2emJf4Zchk;3&6Dxl#Aa<xc
zYO)8kPCTFMkm)CmvrsZUm|WWMXV}MEBPT?w6{IHDqjvspmt1&|0iE1tDlEs`$Dt7N
zT{vU^_5Okft6diF6ZR`!DD=r-0vxFpyN0bWg_iIr`aq}lgH*B$4?^mV1VARnDpvNu
zHxro8OmdzYeUtI2ILmG1rL*u|u2^u<x-Tm`!-Q3Fy3+l8n0g<O9TF0Pz_7F+?>wgS
zg|r@3(~^<r4F#1HKtyQ42V(dFkoh2!uce}XYndc%JZW3YUzg)~CqAAtlB*KpAhx=M
z4r@`%I&xJ@DHm4F3cQo6h-2(aDKTd9*bDu@kW>P&`NhBGKBpBUPX1Xw-j={*<w=|t
z5Xpv!i-tn-KuD>A!E|FS)97*un<>As@_;(R+N*7m%1jtYauF%&XvYjW)(<PZQnZAC
zp*9JD^NU|YY~Zu4AUn321*pL=j-4nmWW0ANCi(-6`T@=|3l=IOwG0Rj*aj%Us!{B|
z^}}#@9mThirud~1DdF77+4&*5|NVS)>b;MX>o8_B?*!GlAl>4)LflbnR8VEhC5YR;
zqAsD-`gK2+Av9~mUDyUT^oWcLoPa~hpC?kbO&V($H)4V7&1W!F;)6j`jc4y@Z9G?F
zCc2zrjq7!}f3{4DRPdYUye#~ihcM_uow?wN&rW2q3&m?4iXl{mzA`C`+p`SWPZ}S`
zQ+Ga&r~W$7w-ry#FZ_i;Bp5#Bk|aemrgX&*F%X526jhlhotHhdCZvT6142A>`M_-<
z@*?ot;{<SrEY@FwLl#EOt&znkOPGC?35PKp#;Avp!x&#8#xQJZ)NIOrTtzdBT$HCT
zUymnLP!Fyh)-{}YM~B{o22t7aZZH%UC92$7$&D@K7l)_`YqM}`GS`${7R*l4D(d0?
z2hs}r*NcnObHp)OJdHzA)sZUB7jeXQu%8QF&`tXccO0+G40~L>I!D1U0swW?%HidD
zUU-wc)<mL4dp>2SE#~-IpkHW4c%_-k!OknEm;=5KlWI5SuEp3YFcR@DEJxlhwK@c$
zSkN91mZYsC(R{#h*q}KeDSwQwp9z9(MXbVSi2Tpcqb#c~s0(LUP1XpN*3MW4$!Ilq
z3EV+bE{3({Xp;Y;8bXQl0D$IT<7YZuVdnW%ZT%i9jt56FJKdnKq?#SkKzT#;>3+av
zrjj#I2DU`$=@V)t2PTQv%Z@8;O?79HhIXB^0)#eUlg1>RMMjvnwR7zeeU8F-HS5K*
zr^CghZpP9<hN~!<W=}$75C10P2&)eVwwWA0Ns`*-G(FUHq*R3>%@o`?6wl7i5BpS@
z#=&eVanxaAR1C_B-@@^!$k9(h=${(ZjkPV55{LdaW}foA1f~u$7Gv932TJ>6*rNb(
zgFXU=1}!zHd|DHPcA*vO^X74=>Lll~IuG+#ILqvk<701m_{G0FIX3d!t6dZl=)-&<
zXM%7#f^96p=?ILPTWJ;H!U`w)er~@wAr1pL46ubII1FIad`r$AMJ~anTM5PNP=A^D
zSFr!>o)xt+;u&?+F1pgIb;yAE)HW_+hM2SEwOrfUqVug`NX+|lJCPaM3p^o$p?5Af
zKO~7+j~&CfIayLY^6^}<<gVi3qoh|@LXfME0a9K%yXJm|JjhSu$9a6s9iS7SAvZx1
zN0k01_5D0hZx&C}5eze83-)^)ji&Kp3?mL<Qo}2Zmgj+b2!`R+3P3fM5C@13q2*|v
zEy8a_S#$hNn?PFuEK_3o&)d#a!3IJ<fQ_GlTDQ<%C6~?Jk}G!621iNfpX>Z{YaZvH
z`*rbFpWZ)r+q$Xu=N5V?WC}DIIEm3WR#O6Dq_Xas3csq1y__&ptYe%AYYxYtn1fBD
zEKb#>KTgo?e4L>Bbs%HQ2(|(m+U)k1ahk&b4g+jq2@V4oHQ%{I99O!StCN6D+O{f*
z8<UNvbQXs`ci^Re9iF|>a)a<gUsl_20gk2Vs+FZRnrlt2&(`S*=}0Ma_*|vrTCK!O
z`AqaYCoLZ`sSYmkL<^8~G$sdaAJdYltaSBHPZ~mg8e19&IIXQB{C$=9*EeQrLTvlX
zJ3Cb&_Q3*ZJ!a0?T?!hU{0OeMbc2Ux;<RFZziF^!A@%F@@iS!uc>1uDP7$;!vJjkQ
zcZs3pC0g>?h7CdR?XIsj^T)@Kh4}*57b}8h%C>BuWwD;NF{^U#*%S-V7_%q*Ql1-?
z6K%NHN7@kXZo9kP<Fwt~Zfx3*Jb{<7D-Kvy=PYv<cIHs>p_gnlF*qgbrvM||#v9_s
z1P+m<>r}xiSk(|c?u(Ndc#p(HA7i3OQFN_{hJYb@l=%@uE@V&fBYOoT_!tN0?DkAr
zl?HM|@q2D=!mN5%QEpON#xw6x>iZsJvmyL33`EPvZB|k<LBJUJ*u1oYj@HtSX3*T|
zpvqOZ^NNK-a&qY{VDpGpRKSe#VinSRX!WM7$y$0;%<-0E=AOhwGc#|U;F$N+a@o~d
zMllaaNuH!4F?9){%KOy^cW-PH{#tFphBjbpOx|tt-8cxWHyiJkL&5GF<=$-=l@Udk
z^vyhalXo~SYEC3`&)@PC)Km>nOBvpS>cI$r#18zLgvLwa+MHeH9yZaI$z`mo4ZCF5
zjkl>(&h6UQcasSv7?BRlULH)5%Np}YS1MAvfyS#Y0lWSfpiOfj&q&0xz`z88{zrVx
zmIfXHR`qGunv9j5;-<b*#0C>E^;zjEDQqe8v=LO3i;5?D-Aj5kU8aq^eBqV?&vO3S
zN?rYP9Agz>9t(OJvJ8DnKeeyxhOVvvg&ufUV~-;{7f)xmzmLi>e4O3hb{+SP^<EQ9
z+wgb1ElJ~jA|V03SE77W@BD!ne+vQIYHZ+c5QJv=MJ=PvofH07pm>pwbHaDj<7;=q
zw~3o9(GK$-28k*(@17j}?$B_xG$AVGvfaFg>?`VXrz&P#<jC4g6Vxps23g1^W+Gyc
zy<!tP8IgB+$C3bx#HOD{9xS;s@hQrJvvtl)Oio;i34K^Jj3qYvI1b7cW6y2meOm-T
zm&(*hfa@>8(Qu>YeM*3)<{gs^1Y0M5xwyb;2_a8NDoEkRrkj<8)dsVvmTXWZqJT|C
z-m!Lov`Vx<R4J}~2bP?c%m|(P7fj65!zVx5DTlHBC(07I7RATy#W~AW$ZGVTxi)wi
zI90G?1e#&w7y-u!bTR^IUyOi|z-@dZgr-TPE=MrGlqKTvH*!PE>ljYu=7=~XWoDFW
zLwT1!Z=#!*ax|j7S{+*(5?m;ND-QcTp~i)&o5<h>wbND8?i%Vg(7*@N#alU+&6&s%
z!Cifipg*OE;C~_&W-`?T(RW@>vsXKg{O;y93RghIF&mEA_+pt2FULv_S9Gq};R-Vt
zIb882;tGqLT)M5!igzO6AQkAuAZo>0kFkE<Md$C~{5{m;{5>2d?ioy<-rvKxX=Y-P
zF6<!{u;S4m97EI<9PbfzPkfg6$(ojP$JaW(wiZT?ue~?e^poXGTf~|F#$<<7ssr&4
zQ>E(}eL}BdSd$5i;tV%6s3ZGkQJS-4PuG;Zd?4>|HiMVFRBkgV)>@h1(IM}|(J?RG
zI@C(HYK1{NhBYjLijVQRH7kZ%S=7Tq@_qj!+`)*2Lvap9K|H?MA3Yl#jFF0szpZU>
zz{2I69gL0+<rLa7NZ_-pR5^H%c2Xo2pWSD=>7iiiS`%L{*Ud!%kK;_&D4uFP->f5L
zOyg8(PFpCXijP?_ReX#Ks`AFBMOE>!0Hcj7w~=7cS!6YzpaBu?aNWX3k;~k^I_jpJ
zyl2luDqmVB><u8WZF_W_uxT@)ECA;%HMO!si!Qz9wA_I=m_BVPpYAV~+1+05{g-EP
z5-w9C@9mOD(1*|t$0#Ms$$JpuVbN?1cm=v96yz->oOHEZhJltD7f}*mDH+(O@)?oM
zn7XTxcj~ZK^5l?}60m*&OYvkR@#+fG(*j}6f}27xcAuH{E&;fHf-taG!Tyx@l^!VC
zaFPlio}M6#Z%_{bOox-qon*fL5}agi)ZEZIEw1G{BE%{0D!g6=rcL0M;B`L_t|Ejf
zy^Xxnm#>9Px91{d99HOm2@We5HSawvRipL>t#fSCo23L(noT=zc{NGeRADVKg!lI7
z<XA+{5LcK7k@l8I5688d>aSuVEE2Jbe3oU0USa>;afUk+&u0>3Ie<G_A#66)4o~C7
zk|i0|%rus9j`BY8MDUcg+F%6rQjWaSRXXp~JQzXTkEY2T&8EXktT6AFdM`P1Ivt8?
z$p%ErgjG$gZ)?j@(o}aY;zos%lJvMnsfJrXnKJY*Gj9^I=$Z?RB(B2jRu~3{E(<fP
zpRoucU#R_b0dfSN1gOPA=#*4hl$Fc#y8^1`l6XacY`bnIS%3$Fjs|%9O>+dF2sXpC
zy>$H8bhj;w*oXo);<)n80_pNwXNGlMzTe{G^8I$K+vWRp`F_^}$1d~z5(+fNQtu?f
zR5blzTHpW_o5)dXLyD9g#8`LMmbz&%Gju|(6>2pQvr)hQm8J9G9_iiRscH-TgkJ-y
zJ?p3lSDiiYQ#VCEJq}vp*p^FAwe=SMbk3q6UF_uxO6YAgljoK;i^}~L!rV&Qhd%Y=
zOV++~IShmW4Pb_|w$-OSJcSR5OIm?V&iQ&1HoeC5-EeXjND(+R2(o)fSzmYqF@r&u
zmjOOjdITJ`yJlErX}AnMDfvt))4JA3OjPP;#67K+6|;~I4grJS?c>G<o$9iSZjRSn
z7pnXkiE9LyWSBj-2o7=BWg)_fC#N*5A+NwaAe+P&ygI;B#hI#i$hDc8I9S%)$s7iZ
zPYMnbzlD5KPEYIfwCgXy>1mCc_pYZ!B4*Hx<9CCGX1YI{+I6;3;5_WR%3@r+I;VHS
z(J=KUcVtk<Gs0srbw9*C-7w9g$eI4W@);yK3qPC3T~OLlK>1M~15aL;`rONuBj>xQ
zJ!i(&S)1+p@Nqc4^Km%d;rPn4KKohlDXOxc3buj;)exkP6Pwx3GCpyb#9@+tm*6mo
zQS*L-5C3^<$B6ycZ7m<hQG~{PDNW9Qy}uClgB*dtZ{xQo$46UdwQ}#~qF#NyP)6yp
z>eUQZvZ|Ckp>=x+nnXlhv)B_=*#J*-7|~0q4f{YNpYbLi(9`Pk3vO31$qhFGiK4zk
z+Hj<5LtC!DSjGv~7is}j4wE{=lZq>y;lcY*F#vujCLCoRo<Gt)2}9Ti(j|XDRE@V^
zsZmU?@8=ig?tfec3Ed??<#9CIa8L8$yeuF(hztsj`}u9}!9J!dTVWuB;hJUGSrBE<
zpIL1P^zg4*9a!>btx6~O)Y+(WBtmyg<K;4qlrs(Qm2j0QY;2JTKGuk&vdXW>M6ExT
zcm$s{a7o_H9G~E0!(HOD+w2+nsw{zF&2d)Nc3-*9H9=;VQ3D_2tQz@@48>&o{2sOy
zPpqe8Z8!wZdsCw!^49kDLiq4@Y=vuC3b`T^S3)8~vldec4V!5)cVrFJWCf*{L6(Uw
zYih2e$;Brl)l9o&<*a#5KePT4oPNfr`KPev8GpGuowj_M(rTM1e`+{Aj>B?)9=SiW
z%AppUXX@L8j}6Wus(5NktaG?+O0(-hX-K;BX?!LW{IHaVt1Oc8T|ASNJxx~&e+0eg
zmq~z{gpy}h;nau>=c!N8#Ud;|4uff6Cg$&&*b7gd3Mksvh!nmyN>aLz=VA4XQ-eIo
zzsSuJuQJX~?0FyPqJ5B#qT&Ek?>O=$B30daC<VTmz+{vFi&Ka55c)|$$K&`1$3LvU
z1jj!ZH8-{tZ(2cF!&*Hl7n}5NI>OqkZ6OdR=MoSj7F5gKn6Z9LUJF7YJ&`L!&Opj#
zg-;<W@Yz-{oy#I@sT=+L>?<yd@YjWrKYbQq8$nTtHU@1CVit^N8P3?!N}PNJ9gGA?
z3=>C~j`4@vIGMqlAkp+)uZ|B-x9&w?t=dI^Y$_+#t;|3|#83Ax8}8ICP3^U$X9Nn$
z($Eni(Z|8S$H_2VkCS0+*YTB5Oe+~iqIYYo@~h~`jYm0tpx<hdL<uwO%!aguunh^d
zzQ{L;2gZeQi<h&|wVkBHdB=C84Wm!?sny*iEAsuqzPnGW+zZCtQBvjmh-IzQQ1p{r
z-z4dKF$Lhu*PfQ&eZsT9OKf|?!eEA&RyW+}0ZJq9tx6~!<Wev+5*2Ml4F1K%={es0
zES|=p$lJ4I2|zgG>9GQ_ZO9%jLtq-IkLrS~WCRPBd4ovx<MUkL=^gCi0)(Hq5ElkS
zB&k^m_P_u$ZNL^-8D_CJ+HJG!^_5$za&t@0Io~FcTghmnT0UutlMV3kr_E4rl^$iI
zj4nN7rQdQcmy3B1ndpt@Xp(_`XW8e?GS3@loj1=ozuSB?1{vm!Xa?YwTb9gDfC|9%
z1YBy7dhe%dUoZ2+FcpXh3$O4duxd6NvP&emw@Hxs(y?68TizptW=Ima${vqL8Z4H8
z5@4&6J82~#bwe1(OF>JfEP^huoea(oATz?-s8|<7iRXyJL+?jy68bZNA`u;pRB4dg
z+uIR^55S2;kYVMISv*b0GVKM46ywBShC;mfmW5$_`<qxJ%<i|Ffc-Y7HFWOFB#vRV
z%}I5PE`Cwp^hU!`JY|p?WR&w!DHpMX1^&`!8Re)EfaUw}GRi0`DAE`7aifLGZS|v@
zAc-SPtVr93R+u=+@J7K%-fL(R3`Nq&kx*hq>A_&+y~ad6Y=Xw^D4z~)-vpBcqPd#1
zWu05%tND%df!cIrW|<E=w1PF-Jz<n5-5vFp@aLfV<(<;-!T(e7PN~-83b+B!0dn&M
zn+lVeA6;R}Lpq>wlxKk&j8R}2@Xw^H%gf*+u?1Az2=9ho+bGX2r7|R9>{i8w6L5A)
z$Z`}9q8t(ML!*tMidX+{z_Gu_d*8}rl#;LL-2f;l9n&C<L!!DBjFS3r=|NKE83Tx_
zAW&ujaQFaAe<oRePrJfYbPtD(Jf8vK5ok#qRV`z`IJW)`KxxH@CFLk@dZ#qD8=hos
z$c?dwWofF1f^QecIcJYO#>;&u{!?c$<x!T4<atT`j|@<@Kbppi7k_!OzdzXg2#KrE
zz8s;czj<Q1=y&3RiAAd$TYC*PQUg2e2Pp7+gPVf^u_rfA;3CWMbWxJtv`ok(&*;rT
zSA(`C_ml#zrNWAI#&0Bgos7t>KbgnzwNVbZ_q?rD7C7cz`H`Ps!et-MCgBh9&4y2!
zNJW!)W}fc%M`*mc47nZoUVy?$_#5ud4kY}Rt#UHH_Ba{e$@osj7Y~<6Tkk%wc>xy_
zP7QH|At(xG;;(!no34jj^^CEs<QQIe83PT)nbao9?-?~0geGf;l_{G3XBtN)@eai_
zAJ9ojsBkM*NyKq>KS$nZ;{;b`k;k2Lai~Z_!4*w;f`LmB!K8UTUn$t4t4Z#fC|V<r
za=D6xM3WND;`9ogkARDb2suHAs{jPNu6t?V#b|EnG&AT`Ok&C^Df2;Vpy?dV!ail;
zCsea_Xf@M!4}K#LQx<kl(#~ba*kR`jFc@3AaG1O5?7~rJjmcX$>D+tc@jB&yO`JkZ
z{Z@>8UQIKITA8=oy|yu5O}sLvycfLvru4p}^lmMu0e$c&Oj+1g#-+F9{ApW_-yzOs
zUB%2D1IqXjgrMt5{Lx4~^Ec}8iubTm((s<1?Ak}p{$=n|Xx)vskk4Xt6vnF=RYH_{
zd+!m2O+17_M^k(|;=mb2e)i(ov!@RqZ+g<~OAG+s2_g|TqU)+7A8U<auBNin9J|6~
z<yi^XJ@BOXl{g80_h-NOcWb(y&3$bcqRS1nCObxTZf13lb2Dq3`+ejTKAD@@4iudQ
zJiHxkCl0qBraH`1*@--a(nk9b@WR8~NuhKD_PmqGOAFV2Pt<=Pn|v|y-g(nHG}k<B
zhvpia_JQU$w25|nq4hQSI-T>PIki{295_MuO|jbKb3lV&L^15$B@05oPVd=;Ko;!d
z86Tzz3R=R=r%gua?gX2(;1hI&0QBGVsg6_70@3EJ95zWAjiaHv$f^R48qL=^N;>D%
zy1=H#6C!3a?s!r}A=IaQBic3z6StDuzIKCJ)Rf(%BV=iIk+3MG@llp;z6tUaAmJXO
znBFYIcVFcNN-kF|Uo#S$S=#0<VlYJgMq3ThZZhi}pbG;H#T*-7H=2%&kW-y9rlDia
z&-{?T@Ulc17*O`djRkxZrs~JlL{cCP*aG<8AAdgJOVQ0!h)I&8I9x6CV?WHTBHn1>
zXAIeq5&DG6^9zG6bo(CBe(&(-mz9;^Ij$d=Pi&OmyTAX(qyHRXuOEIGpvT(X;PF33
z{P<Nqbza`C+9Oc=J+@?%APn%rR)#&Qe`!8=`(i4GjDMBhw||Z|yg8V_Zb%oVbUODJ
zEZ;UjL($>s$-AfLr5BYlImBORcoMz%xYHu{W+mTK|6_)cbRoCf%X}Aj@-+X*J&~+k
z_;P7ksTp~#kYDTvQdMD6YR;(^l2bLIPqqx+)w`+{z3p(txwDv}4Z_t7i334H@ycqc
zd`+0MB@*{-Bph;5S-%*z^9HMVB>ptMib#{fM^nrg*@!Zt$OJ30gzb@gDDvBhPo58}
zNE?Bgq?%Xc3+35(6=b99zoh8UIE@#JRTN}*W6CxaOjZEHbUgEK{BWEGS3{Oe=RlRF
z=y5y-U=3-q5goqKV)m^<1!a%HMr3&%L=^;Cg!L~053gsUyD<DIkjfy^vzO-=TFN@A
zEzW&F@`IKG8vzAyAgf^@JZ`y=B(#O(M#-zO0FGM(S*p9dkKoo~P8O1qmNP2jin8Gm
zT$%8QrT*4IjSx+T2tIRQOSD=Bcr&*IVzDu=1Z@kq0UDAltQe)OFiB0kG%TOtKC(L0
zg9>aZ@#p^MBS4Cwf5V^`xi~?qYF|4(tpf)h$)$;g6H5G}7L1P2sxHNJ9>=M#``yEj
z05{YWdoKmvlm_>JBhK2zOHsaFbnE6U)eO!>Hm7DDskr>o0+erO$R>U$2WuS5Oj`nc
z>~#L}BVPEl>Buz9uiTX*9ZZgdhnFUqC$JLC-GXD4i@9I;g<KmC-yC;oJdDyQl{8n)
z6OnNt;!Ux<DW?E?GASVv3#35+Ql=UwKKIPX=6N|jK{-CLDvOeoq=Ne4`nlJl@aj`b
zW|U4W-G<6WLdtsT3d99|2i1%z2RNR!d9W0UNFLQA>GeBQr>Y_NxjKpVyf<-%|9SZ_
zKzfAxbR7FB{7S#{zIZ+z>!tH<bSxt-k5ELIM#fW>Do%k3S_2`4e~2|I-_%qLA#3bL
zaWwQ7%j~Xp3;`PWLx)VuaAGKOedcdC;}$aHEN82PBP*mUnSTX@W8o)P=zs)R!vx?K
zsnga<@L`fN%_j8)oKS;S66F2p^-R}7sQMKmf-bA3wOgbG^sCf^Pl@B<1zX~2{{zu2
z9k@Tavl`~w6=jd~cS0|(4}&9M%p>d>G@{_l7;h3_J3{v`dYNXSXoN%-(IZ#T!vF*L
zYp_?jA%l}>zzIR+PAIBDe9(a24b~@fM!Rp+=;JU?bvXq148?iL;zcm+;#XRBzLim-
zfV5Vhn$Ejzbf&t_{@Q9EPs<+M$wNPsOf;veBAzTs@ZT@b-|C5oAEA}(8g;{0cmPM@
zzegcUQ#4dOrV~@@L~iZKfo1`Z;}Hp^B|ok;B_j<U(90mqP-=U5?oAj@FBZuy1>bR3
z7opY)^JR+#v_n0w#}SD58qC(L%%j5QmDW10FW5&76M1!!VT&N@YSP7SF}U#|?1YiW
z&!K2+<?N$6i45R9IQxhZe|~?s41PU(W$sBMr}FcAa`^c*3AsEkM5lS~WX#Q)6mN@0
zT4>aUxQv~CjEvA#?;j1`^Z2%ipKJ0q$#wP;C~Tc$gCuLWZHryDZQHhO+qP|W*|u%l
zwryKoRb9HZ_j~TS{PINpfQ-n<HOCsWsP4=lY*EqV;yMIu$@EFtD^IRJNJc@Gm!svx
z$idapp!gZigFXn|8~sW5?&L2Wg=lM+#^^%!tjpLF5?R+2IvqZFD(eTvpZgW^+Z(j_
zVLcu4)Uj_Vd+h#ElKv*0Q6Fb=4Pa^7_+AsjZy?7iyp`hzxAqU1jyCPDmCHBDxQEY)
zW4d85q-~3t#+PDr7SjT$`AJYVv;HDv8lkMz5Wg@BA3`^zex%&&F+;T9tDML}cg&=h
zL+NX>|DSvh715h_&>Y4ayWz|eyP-}eObB(EOboR&EqKZxY6gWX%HS7K7(<V6)V!T@
zl~2M5gJy9qAJh19nif@ieKC>Np}{!iMo#OziLN!QxGktR9_ccR6Wz)4vHstUtl#6|
zk!9E`m5e*j8N+j)pn8TAB2U++IdWMWpy=}sk&^29gEh~UuIZS)f2E^E8AeHhcUF|$
zXe`WEIjH#kkXXxuy~j$&SRY$lWB3c;<euij@ZwZZalTy6Wd~6*q#Jn&Eannco&(Mj
ziETj4K8Y_8U&Y%T$aAu@@&1(SMhC4c7qko(vD|lfUv=#pcvmpLD8c_FEvK&T^<TDc
zWq3^Tn#kx_RFASTk|Mv3HHZZog82)Mj@h)7_h12ox)CxHi9T~^UxH{tIi9o1EdO7@
zSLuI(FIg5PjsFV1>g+K?eu6Ix<e%W{9AAa8E9d`-y=n;lJNDZAPweH3{@=0Jz`wCq
zi_W5Wjg8Ix+X}t^$!B}^81yx0j{7vB>oHmP*fizRJ@lIIBlc(5u<zC!OE%Mj=lGeM
z_wi5qBhj3PS!_wDH-wyM1pke*<3auNZ&?^8Rhb_CThW43zbK^~gPlYZh1uMVw`qZe
zdyC$L&ekiA>TKWH<NPW^D7KVv-WVOX-x-Wtoo*Ez=aV}dd?gpFpPr~izjqV?)f#Is
zTqtenjuLkl`_7rr-8oc^YK>9_0tufjIHk~|1-$pTMS*&TV~KQ5^>MmwX4uAR=L9nN
z5`_eS)z{7v$IdJH53Acpjd~82wn8>o)1!ZlM;6%A>Ts;DC)}CM<>OAS*4aZ`{DS!&
zvFNRlj6-PsUdJQdN5zAixDd`nY($;E1N3j`2vLnJPkFyA$Gk^}iGW&Q46PAx)VVp+
z*50T^>|gfi`cP8#=zV4F48QO*DKJb{d%xh`K4-%$JKngNG(tApuZ-j7*5Ra}Mj$N7
zoWClRGVL8-J*OI{WBfqdZ_E@4K^k|P1bhec{en2)R36k6shZB=jt=QnRuAcuuQ{<x
zG#kqmn9_4MNAv*%v!&%O0e=@jr^d@8%yRQH9F;EUD7Q7%+^Wdz+^ksGY=-uCr$v<t
zOS&rdO1XFywqy(0Ev`c}2Ga|o&pvj|$yf}Tz*4a+M(~-jm6Z!!<CsvHDbe%?Hw2Ew
zd(N>Be#v|q@jWqp^T_QuoyZ+x@zp<0`?}XS=h1rzAGnK~GS{T+5X!+LZ!7e;e!zdA
zPakZ?zqGoC@NU83CBP<8F}W{rMp*>LBNDDU2Huu$N;ps5C`x203XiFWBxt|i>i20>
z{dxk<TEkU~k-Z_7R1`@){sITRTJ*6Su`F4)QQSMEd9_c#)1TzGup0?0CF^x4dyI7&
z6m)P4^9;%#E9U(ucNpwI2lpKyW6(xfp+zNOfp6i06~<PJgy2V-`$^-&ub6fZ>jC-{
z`F${MTA>q1ps>)hbOG?^g6?8+i7em_=U8}YrtkiG&PZ=ZpL5b^<`<sMM#-vb^%HgL
zn2kFt4r$@5+49D#Co2J1C?l{Cl6t(tk}xeLVz+pgZKnH~$0XF>mvd*zl;0m4iN~}d
z4_#E6j+Y9K%+k#i4`ZBHV~<Yi=S@pbp8)-iH#h7*RG8St6=SBu-OhgT7&9}|FS;$Y
zZ7MT#IUF1Z2yks2jE_}iCsThH82W?Q*#J<5PMz=50Qv0CVW<PmF{JaCF%2c7$8r%L
zmLx@EQ}5(O<v?#Y?QKebQ*USeZCW1>P6hLmBzs%uk7`zz>xBFQd>gKmp-d1-xL8tA
zBbDq-8#kp&EysD+gNhb%zlLinP&KiD6z^sofuFY5QrYy!y@QFI6`tCkCtPzEYJQ`t
z>HXA%+pUb3zv5T}+cs{kURf=jo6$1w3cUv=SCaW8D{ln@I%$q<TeHbP6Hpc130jr^
zD;Q;oROUhW2}TEJ|2r6s23621{r?7|0~gXAP_Reg2QOQ(@JI`KBJH(%j5!{$in}l9
znK1jY2Kbu1wu@wG5%VK`qbJ2E&P^$>3BRVJVJl7yti3yA)e`B`6qj1>`#m*2WXBhk
z8?w>GYTmgg6QateEch9=2_+zMu&7N`Q~T4Lw)jpoY5R8G#GAgG!0)FA2aTR-bT3aB
zVFzDP!KP0A6Yx6?1ja}SP`9C#s*(=8(uND=&mDR);wYm^7<zs)0Q2S5Fk{ILxHJBv
zpsCCicgD1;loeCEZ>@#x@hSlJoPB@(FjMwXK)PR?=MGPMeVHvXDdJ=0=`($gq@i-U
zFwd21E6i`nkdbTaTD@M7-*3v%K9Tf?Bov^MK}o%e??8EMF>iLN1K^+WvaTU&ypyk0
zqCVki76faS-7Z_CJ;#z@QFL3KKre@TTVBilv~n?GbJlA;QR&!TW|Ku(%Jll1g7j;f
zZO6G)!)fZG0|Iu2yBY1)UV8~f^2@*X_<7v_4$YGBB~P0P2%n*=mo)!Ap{>U;HKbhn
zsoxRf^1{o&@2lO?8H+q+sjx(KLznk2Eh8ibQjv*%USl0J9{<OxR{~brIo+2I-Mtm9
z(}h{N;=m{e*hbA^Py8cGzwz-1^eCG{+JNyetWsM4n89y41SRzoA%UKeqT(ZE=nY8e
z<y4w!e6Ie}zR72K9;VnHl496w3f;@FI}Mza6{#hIY4#edavC^d_xI$A=ik>-^;BKr
z6+$Pl>9xHeVN=l=w>={!ji%{TwoQoL$&P6bgv|u?OUD3=2Wz3al75|V$k=WpncjVZ
zyR;#{rScUY+mI>s&{p1`D3p;IbsDqs=bQ;AkqOiw(R>IM_;;U=S_g+KpKs^TMv7!7
zTPk8dC<Ez&9XB!uqQlWbE^yj19Rkx{=I8eh4c|~6Diaxui-1qReu;%uV2j+8=BYb%
zpNaXVMmBR}s1{;OFf!K+NZdQ1$ZCfqP8?EZA(JfyxT;;7&TbpK>Qvh`WxWw(xi)%|
zk9N^~yqsJ!st6=(WoUu>Ar~eLqHR&VzS!S{O)_AwtXpOjr$sR7mIxUfU?-fraO;qa
zq1)(hFh|^zV;XvZNivFVX<|o6803{Zg3ls(KMAm}Na3VfRW~s^WQ<TQ|JIO_2%SU2
z2Y%pnnYozJ==Rw7IqJ&;mW+^dH6H>3a1)Lvb>PhGX-m;j<ZyY)KJxQbEJKnXU`p}t
zea$P<{SDBql!EjgDd995z{B*kaKrSh@WS+Pd|86Gx(92w7?u`jln<89xn%{kL%yfa
z%3`~j$6k4DuXfTyP-iM?!;?q;_A*IZku1O9=O(21KS06%0<EGT<tYUD(2g4h0l5P^
zw$u=*6YvUY<NydLPzhwwgb$ZO`!bBsP@huKHmfzxEoqm4INM!_kFyf5$~VuL?=4pM
z-`idAlVZ#6jp!mj&YK~{QT&k4nrJSbbZ>{wM2QeNPiSp+{5^a~@_ya5Vk)!})JmfP
z_w<JQGrCDwt>5PzYKf0<pmFr7f|*O`MoWW%Mxio?b(dSfJ{pf-V|;Bn5+o2ytU<R&
zR;pnwA<o6n&L5|Igi>=>O-m``A(RMu9I@X){|TDbNq&N+8_iO^bKf)>CD6u!E-a`O
zVWFsV*?3vc*rcF3e)EK&<n%>w=2*7lbm0N^MTsxrX+Q@9b$T-evwNFhUUYUYcE^M`
zCgcXXpt%>^dx|ERWn#sbTnjNxcW!2lBQv3(6kq4X`GXjmj)L`oIvu+lE)=>eP}9qS
z>N@%vONA5sOJcwqaO|96#53}*M0;~mFxe1Lmze^p;tB%o{^;7qJ;gj6UqaTcs%6AV
z2N{D8TKtSAh(j%5cZALx=1*-{KvdJwqIc-KTitgg)^+F9fI)s^gJ>Ax-tD{~7#Y=U
z^?O9tIdRih2+Rv^cBBO$hD{33V43(>OeYM#@xUSq-~tG<Fl*J#5pNX?<l*qz^@Tn(
z?PX=|X2ZN{^(aHzXrmv*>L>+YS>TKWC~HCbQ#OKe>?@bTj?d5??LNBpgN{}WBddys
zu{!aQuv(LGb4=^qn)PDl#;*Ts3jk~<zGD-S`_rWJiYB%g0<!<Tg%+|sgLYB$LW!M{
z4=+2Xw`GCz1AA1Bz!Y|nnWB_nG7j0cFu1&#)9}+W3m{}x1#4dtio?YpBPxq?Pf8gK
zovoY3WcwTm0^+V4Q8a3&9gX1&Yw)mlX023PnEr91C2HKsB~T|$YVj~o8~gd}2Rz^%
z8x|GQDZn}5*-4Z3QWxp{gjX&!l|m{|WH0y)O_7ZP7cQQhm=;d9CM~x7|1u$D$TjC?
z20156*uNQ>U4B`TlF<$a^M2g_!-FU;UZ$79J@(kFSdam7LfBuEuw&XTb;&`@EjfDa
zq#mnE$#<o2$X<S9T|)-uERx)w8GAcdLA#c}oH0LPjJPH9n7Vs8rrm$uGm{s|;QB#H
zfj;pX3)#YAT$C3bikC2+RzE=$V`WCwCb&0qbFkLRJvE-;3zv8D#6t=22agmUc4!Ac
z6P?qTgdO=f6*>lvrrs~b>z?T;hE5T;Wtb60vS|B{XG5zI(+UT4TzB0zgd%v;03Bf&
z^Ys&&`<&!)Q@kt<DQOHijDu@|*PWC{n+ZsQ9tTGlbH0?W2J%C`x_Z&OE)#48+f1nq
zSZav(d<I5b4QecnNHk>?HxJ1gB*wc{<?GUjbaahy*~4!SabihNK~w$UEa@tBJgwzh
zaJm?+Xs6U_1Q{*YJApn+)OkAsT8sFMHkR6ekzvE{;|5^%lmG?Q@!ertotas55b)}a
zuY>|8hM}v-*&ctRLLk--ip$vMI!_$OORZ=G#=7ZfI&aV8L+3<KwbPC&w+?sECPdo;
zp_CDicHSmmkxG`-F$1R4l(tIV;t?M?HVYHEvGk9KXKU3Tm@P?{nph(qLO6ilBoWR?
zC<yK|jw&#UJSq$T=N#WGlX)bzdS^3xyZ-p}S^K-HNkk&F0+i~NO}3vI;s`2V>>#~c
zs0cnMn#Jz8t`xot@wuk*Sr~EdPjpuS!xCBhV1)StZJ;3Y5Kgk%9LdX=+9Xvd#$@C#
zatoEiP@06qc*ovGQ0t|2L|k7YNj=PsU69UdT*w#(Lx+6g3i#D*74lISGNR}cGJs7s
z4`1ISw0tQ&bY{N)YM+42#hFfuO>DPbb=Wn(%Fu6^z^klF7(~gYa%~%c7KK&wj%XVY
zWT|=|)3}%QyfH|us9U+vrfMa_GCQtaS6CmA@TfktILX>l8fd`HPS81M;N>?mI%2fv
zWfe6_kLWcrAR;GYjt#b@)m$P9%y^~NU~`E(+`)cPg(Dj6_8H#FRA7qQoc&-U<s!y^
z68sueZgv;Vox6k>>Jn{ESxI>(vMpiyBRnB&lx;SCTBWQH=`=lUde^XQH>>_^E^k)E
z*k35L6H#dNgy;DsoqSBL+JA<wdPML*>Xt1NJzK3YoH$W{Tf!Sf_xbV>YY#?*I+69K
z5FdB<DmEt?c0_!5WOs#?U4P$k23FLgJh4U@v2%j3>zb0}^@{h!4h}_XCF9jo`f2!M
zQH8Evw?qOZaRbG+G690ubXoe2p~idwD^r!F|8#L2<(G==0|aK=6|9-LH?qUDO-!LJ
z=cLyk>4k^lX9L8YmQ5+_H>s48R)>Yx2*d92F+P;*Y8+iy<ypBi`)=O`OrLXm1R~+{
zQ)g;VefyP4+&mcwv{W>tw9$R(4AtiepfZffRsuTzIgf(ssv2x|;%K{*PS2v~rGvJK
z;Xgs4+YSk>iCwFDfr(u|KR&rVd9V>rg9_fiwL9BVdPmAdU^2Vp0!&$y2!59#_Zr`q
zOaN36&i#hDex!PUGrAb8R4ve;EEg!%8t?}*yO3{F80CA`0HOojzE{0l!3Vx!eWSZ3
zK9p@~I;d37jFwt!(%@1&!YC_8c_i()OYnLbY>uh<&1zF|z5l}%>Ex&=g^1Dalm1vW
zpkCOsyI_Q&%+t@b6I2&KVKHW|oXW66>c{Od^hYGRIx+^`6(HFjOZxWyjPLc!fYcE!
zU435oPP|W?0okxiG{VZs*{j*cegE<uueXm0(ei_c31PCdJtHOiL54JUly+2v2_!+F
zT0v^xJ?uk7(#ql>v;O?U3~l(#7Ed^+=YNy1SLrWxx%JEb7c-Q~nr;~>Lo+z;ju+89
z1i$lhCmR_w5Xv&l60T~2qr_OTEb9#ms}m<A-)p1<v4r61$UR;u6{tS%mRxJ`60cd)
zX3*6USE(=-7k0&RBM^6=2O%tp?W8{d0$sRtNS<b&;1Y$u&oj3dt~<9?rY7)PbRSKf
zJCj$CVA&f{yLl^KZf-axeYngUOk33-L?9Gl)Ye>KiTfudS^NM)p0Se{RFv!SRV4*o
zH&bBHT|dB3n)z~_d0~hg(9!|Ps;77bw0NibHIh6}YNm;$IUPK0sm<zik^Qv(+&qBY
zcX^hx*d|iHX<ADvY*Xfq>w%uj5emgyufCIqwuf1O^IJ93V8;k9{Rl<zrQykA&W1;s
zi*1d=KIvt<ulYTAKI5Se#jrb`B$!d^P3>~_=3Me-U^%19{tdxEC)uhE+IcrDyL5X#
ztQsWISBQKbLy9LELP^0n+#(QI-kNZXCYB@dExro&=%dcx2bbmJ^Q4e38YZbn2U<+K
zg1eOU)T!nj&mL0FCI@2gSNf0w#iRz4xnlh7WK2ybCjBA41h}*`Cc0jlItB%<lm|^+
zAIcIo2c9myjLdB=hCc<>4i5Z2{v+zE2Fkv*!UT1u`FAbT8fzF?lNP8u4pdgZUNX?w
zg#R$>9zWy0+3cE(AoKgPwpagri<-JrD~Xp7C{l4QnTiMA<B74-=v<uAQ_WIrjuC(7
z?0PV2GJO7EOua#gG+~M3k^5{LLzDP!sW~GGm|+=@ZLj%tRrToR(4A30;u|LzJunWp
z`{}g%^Bb0kS0|BaZ*0Ed$b>XCgRvw2GNr5jafv@-i`?Njk;eU7ha<Z#%H-xDK|y35
zY!Nr)?h^;(ZkwB!g2&Uy(zBnZtRlOmMd8^csbI;#gB4VUFSA*>U$Z2p6?>|Et)<;@
zezDK#V#hKtNf1>c0VehPJaFJr$vUvdA%xck2f6o@(1STYLQNCu^#`}%I8H#d7j}S6
zW+zeIYg&aZ$pwR@svvo$WEUXdH#bb|!>f8>-=h?2i4Ekb;eAL(EjcyZyRYw81$-XW
zbe^~Cw&*~OCQYP!i)HK!t@H~E3!O*ArE+|%8f$w$MOPpeW%zlCV7|>VD*J;evcvmZ
z{XGkqf)ud&Zby`SWp=@csKMaJ$G>RVTk#`GNp`=*NXgdm19i((wEfuol1#iD9o%Mc
zNsi?u&Bu9`h(O2MBwEtkra7q!aFYh%FYU;Dn)pH9_B4{q8k#`^e0zdEXfqor61*J7
zD!#%7WMut9P-5A&rwy@XE!{VeJb}1vA+0}9cKD|BXOi9iu_$o<g|1A)$;JDOvN4ZH
z)lZ>1R>ZBK`Ls`}QZ+-C0Ac<Dx886y9@+SdjfAZ=&f2FLF;d9%l97D?@)D4W64oR_
zvT=Av(%y-c@VXi4aNdap8d>Qp+O-qXMbJSe<??8>Z=X=wzbQ`Py898c_?i@)2FW3e
zmbrL&@`(j}_~@F9OZbLH^Gj+*^GP>d*q4-jt00f-XNa>;bU#rWn`oK)sic%e(j(PQ
zb4q%}>;KY*P8_T_ZAaA%t}P15dgMc@&N(FU1yx-S%${TqL%S(A9+1;D3TPVn+?WK$
zO}Z`RK>1u&O}qNMvM+7Fu`gZAyB%xfR#F>7l{qH=;AV|W|Keut6aN=(2Bi*C#T0Kc
zZ#jhO;*B0lI+sRgfNqxW_WG4o;}6GZj;XDHs&Ez9YZPI}^Zxt8W|KNiI%88etQHl3
zeK@s%>jHef`Bw?}q%MuV1-ln=<fgRDL;c2=-_Ay3<SFs(?lLm^KIjU=#>9`%(wgOT
zd=%A5Yj}gDCjY>G9{%0f^VC``AXddC>92}6kAcfyBLx}}-jyPuTT@jY5nfhjq}**4
zC5oB}MD&%WriPYxNx4;!^!5>9-cXH%XABHTfR=X8sObV5R#|+Dfu~4kR5v;KkP4Yc
z*6l!^MkfC}SB$KBbC)}9H^E;ce<qyCUHtDpO3U*dvmy}_IMQBIkB<5VtP+Y3R`5rg
zOM3(0DbRmqlPwmD9|~DZnIsS1j@PRQ?oU9%)8L&1H6J1G5ccX5G_KI@`A$^7R>{<P
z77g-@*J06&&g((NX&{P6>@BhEVjE?lfjO%W8o-3H^l(?jmjIBzSAf1EW0=P<J?vv%
zqQWbYZ_^ng;P|)C6y)JFMETPrq8gu?Wa;<+77R4(=3JuADIwY$7qjm7jV1aW$;08z
z1FOK48qJ`wG+U{E5*xH`w}IcgKiAuz74{Hb^v^h3hTY2>+tq1p+Mu;M&^l8R7?Bgs
zZV{<vF9dW&K8Ww5H?#;HJ+O=mB#G&W2&R23q@6<L9>DH~sj63m-O-V3DnfCZE*Tc!
z7Sy?I0qS8YP^#Xejklvdq8ECfvVq!Y@zVLITQtD)#EcqXD;zUAV+gR2V+2n6&{zUI
zAw{mtDGCW4`0GliSYVg_e!UhTMF^}jhTixt)JhLsjqEN3DHosG3D(hs_b??~$}Zv@
zCW5)xYexmKHiaUYU2DXEUSyc5B&N-zNaMtQXeMb#`6L{%AI;Yp^r=E`Zq1#H0{@T6
z6=PjK@}GlVTdVAto#bd8O74T+9X)U#A6uHR-4Q#vnAjHEr3tD+6qor+6d7NtME#W?
zGSV=qqU`(+gmFZh9|bn61*kEQ=#ye-ns;9Ota~C{+K34jZShJ<7U6;t|2Pdv;B?v1
z1bK~Gy(3NCM1Z2%xq>SFKt3MjNHg4U6{|n&9)O~BSRJ=d-sKZuIz~~@1RDA~4U(R*
zPCjJBalKfWWqWukV0NbC@04G8%@D=y`=j4&(1;xYeJI28){BX8v8N{ef*}2ieYunQ
zV{EBwIvfO5*4~L=fI2k|DvFZP&UJ9i9GV8zB8xDoA<jYMUSCs|P@R>(j^+4DjvpBt
z3M#8O#7!{qrkOu92O?&kuB2yYo~Toghq}D1JX<oS>wbswWqW7|e*%T|ma|}cxWDV`
z{jiWgKC6(A$Mb+~h!!EX;4tz7<EHz7T#Ry7j1i8mqPUSiFyzf^R-}dK*UU9yR;0I+
z?Cj6Lf`bQ(<r_KPZbWYe6qxEdf%G|@JpEr9^1&F}(a$tlh=z5RnE`^Al|8cTpq!?D
zX1|4Ex(2M6;C!a^K3)E9P?5E*K|G@}Ji<5LX&u~io-PqU1+KV>Iz&lH87(rSR*+-M
zYbORbygS^p*1y0eT72KirlH|LQkN;k!4m$gS<fU!+K}u|7o77vulOymgMYaj_8Ve+
z#ZA`({QpToQXKv76eMh~wovU_aI>c(E$jKNb8xfTrr^mvDJ>v_p#a);G{)s9G+>-V
zLEMgIJ9IOKcze|yg#q*H2Q;T%zU|Xv<JePpgx5+CXH*vq{kkOv%yYIDB6701(cB9D
ze%?LxAcmG^L}G1TP&|G_4KDa1!<Ri48IwB_aYoPO^8Nn#N;gWCN+)=n%<)i1GKP5g
z>-m?-VD^cpycf+mMnGVfFXuwUvjhE|1Ecinp)vZVi#G}KqGV|N**0e72PLQDp+XGa
zS*s?o!T>Z^BY_RUaC)$&-Vs;hZ$@(68NpT81lUuY-FVh0-g8Q^wh4skMb~5^%uLKJ
ziy?&4J~55$6Freq81+ZFahJm=*5eKmaC3n_TWqrXQinY>7`GilM`?DW-Y<0^quy97
zyEKnBQ*Km4d+v6Xrb>SfDKj*Z@Hl<mFzeQtMT_6(^V#xuEZuC?(WmUqoWY=YxNgV1
zutMAhFcYjQ^W(`?sUf$uwX<@F8fFeGuw&d`>nhs9u7#gT2#F`*$Dp1SbmGp0>+I8*
z((T8Dg(QxB=(>Zfn(q?WX^BNnOx&ob`f<~AG_dMGRTr-P98;TZ3g>@RVoD0<qwa3-
z#S;(wzei3shbDP5ZIma;WFpD{@2f~MI7UH~R+YFSH*!*sWaNuV>Q;y-&mJ;pyejrB
zL^m`gFnfI(QW{5J0hPIek<MKjM1`wdN3s(3u4JFr=T(BJoI&DZ?@uiE-<4s-)>r`5
z@EjaTEc^25RPCe+Lt82f&W*6kG~xI@&mn<%l<fM<IP>!60yw#YYBb*GE0|Qs4V`$q
z1pc!SskvU8xBz_~nW>20C)i4zo-M2%%;S%Q*gTSh+H(INa8o|PV@-j9yDDQk^a}B<
zc$0X{8$+*Tjbw-Dh+u61Ue4t_a2Roh#ahLY%;wuUXOLYNaw5o`EL@)pBMXn;C-`_?
zn^s(1`f>Sj*daJ$pdG86{pufLa~Svc@9skUllj#KL=*-pqo^y?sL57p=)=w3Axs0;
z-ffU8HeAu2b~+swu;@Dxg&d#4eAb+ERT##J^}VD=+kx7fA5t?p8tETW6Onk!I2}Yh
zdd?{um9lj?);93RNn5ww<a4HlK!&kHjy~=MV-rY#{cA0-Gaf#s@JS!PU~e5nXQjZK
z6SP5~sn|)%o2A!*S3dK~#+jqD36^C8c;8Zt6Yzp=e^%gmlB<}*|66ZFplAtHyAJP;
zlATSiuG~I&|NaUWXO4Y>>IHU$JPh{LY~deAdwg2B6kp~HFlEma@Bv+-I{_)cW26c_
z{fao1mnlfr8zQDAB$Ucc$ZP&exFk{8!SXj2xc2S+PHO{k@q>^j8-S$bD6{xsT(}Ep
zVG*ykXB>sQ155!Wc#;MH5N01@2YAHvVhz1?j=Pk4Yb?eu5KTlemT>mLaG1CHXFC8%
zDp6=^F^@&AVu+19Vk;rrC?57eCcde_$$x;&5(d6s{yZvM6*F-Yh16&gP}pyH7<txs
zPU>B+lZl_7{U>7L+97|A!DaTQkrqXIk<g^6HMiF`tjgjs*9`dhd1BbwIMCs}ekfJi
z2JD~LnYqjq2p1<Rq1%(ZN`cJ;H>HMTyztOp{}b1AS$u)&{FBq#OgS~tMaB1k)R&Jw
zHFF>KYC1?JV_YV|ZH1Btx%h>EX-Df|D~5&7zyAdI53%_KNTc-(!2*=E53N=N9X2dZ
zT81wXd3@y{kjxqr1+F-EiD-7`Pywj5?4Nj_9W_g`u+o`ZD!|1ugc6!Zo)yvi5MkYc
zYfDEz(vV=}zHMSkk8HM(0{M^}o2%d?VBX-Wo?dY7SK?rdIIJ#>_$xap7_!wcSs2^w
z#px)TRo32Qq>l?t8=Epg-d-fTL4QwCnBF1>L>98ed|(C`R@mxDfmSU(&Rp^5Jz6(^
z7s#Fgfq?AH9>w2()rAhm5NQf#-PE-0w}=u(W=K;(P>B;W6jw&bx4`sD{=CvI4^6w(
zsl96tz(@{&UND}2vCY~Rm_8aVz|W@Qz~67swXbRbW9t{T=5Q>LhBVa8X2#IgQA2}`
z4tEn-54xWnn)6Reh-wa)vmh~pi2?if42+q$CT9Qjs>-x>BYq4%OU08wk*f-g0UG{8
zyCn@Oua6A37RBv5fv1D<9BffZ6s$7)HAZ)er-zZuDKlnH$irpmM?cExo|o_e61;)D
zLW&+7hr4J(KCk<$^~JDQHlE0`V5Xc?0#llk5&fFIrRMecSc)x%a-($%F;W)WU*2%o
z)V>U|fxDmSGCEO^4ijMnls&pM(5IHVFYIcME$zEvJq3PhPC{rcIAtPG>>gYl3fQ(h
z(kc`%71SMYfOOnbI+&7d`fx~<r6E?mr#}9)cx|A)X+EPOOYHv#(V2(&uy4TKoil_-
zlXk1tHOh(IdUeruwc_z-&;&}KYo_DUfp`?2Hs;8CpLo<^C8p8Ud?vr04tv@rwb9lG
zrY=AyJvT3mc5ko)Bgu&9e1yVOt8U#8y8=51*rM4@bZ2syu~X<J)yH-Kl}j}-Dj80z
zRpC0sg53FFi|jN=6MDHG{OP7xfc_dEyI%@5*f$$X1PxcaF4oLDtz>$s;(^=d!Q#4R
zKnTiqv)MasWN^!oK11%PPD0%h8>V|!4aI&5eSt#%GD{P!DB4|+*<<8$Ei$c+b*$1R
zvBY|uQ~;gX#$d54rpY&Co#v1khLk{b@0Ht|RAng5GlB293YDSN7G4+kL9HU&EYeSu
ztr}J%Lx-4J(!!gWkhKukLpNRtv%sfe-F-cp3yqvox7mAoOm}R7mCqxH;3BqY8UDH_
zFdNu8|06%m=<rfBmxIVs-YmrSO#P9mH-@f@S|LY89Ms+js<)c7qQs#`7SQW9mJjda
zr>`RZ`V6OoqPWlkXb4EQJ4!Szz}oNY&EHmtKoCeD3hd!R7Nh8VH6hVw=X|Oc;zJ9e
zJ8xR_N4XUWNDr|krI<-8XIycM#NhY?tm<>?wq?BS^nIrpta-B|YnIF(Q$p9T_hI!v
zg{km;WK|9Xh?@C^2ly0bnfy(C*{wvc!=cgTMeaI|ersS1#0%B=d@KE$wd)xxg+8c%
z0KqzJ#~7?t%oP$(Gu!Jhik$nvdcWiL`vd*$b@%D^{@3q37i^dB`($t3Z8nGd?d!bp
zGsy0z6vpe%(>UAC*PoPZzP`tXp~oH#kVTHHlo3~*+uL)c0TklHkp1~}hu>y7G{6q6
zdU>R%a8kl-KF*)1$cJ-#DSBWCdsRgKMqTVk?&s(b90>hjP<%$@ss}Q&Ou|sg0eWO&
zUqCer8RK5RVH#iU?63Atz9%F1GReoe7j+}8D8GY64CV~c5R+~}DKYW|1zsu9n++P*
zC7$Fa(0tXiSzE9nd(lAD_+`SBScljrNwJ?#a}QnW^&#Nf!RfmKts*hj{$s%wAG+PX
ziiQ30VB?8nYkQq9B7h1qs9SJWOi_g6<pF`VCPOmz-f?O|X;04rRs_`;W_RPQ$OY~^
zAiX@C{YU})@^_3X?({M?yAsleQuiqVX?qRYv#<wh*E78fu91YW#(s3zgK=}A##S=H
zVj5>9{5)ZXaJK)ru$d%8l=^s~QWB-mNjbTBJYJr<o(hI6R|WU5U4N6=i^;y5@l~=C
zbV4jUij-fDlzN_eQpHEs=iRUB<|PCm2NY3qyB|ygG8C~)zpb_@weuZvHbHEKoz5!1
zVw}FXGq-~mWW9Z$=-zY74O8dn1~p-gsGZSa)1gvVn4%Jz=pE?wQ;6S)riJ%uB>}m<
z`19O%GtHM|IiAH=^x(<?YHSaD)2-e5E7d*xCHO?j<0U1`h-P@4U4{hdtVf5Fnwx4A
zd9BVGv}6A=Do;KHcBfNF0WU$<3B*{@SFz+wgCBp#2wO7AB|R4w+P5h<5aO2hfUiIt
z9NHh!$qOoR_KTo9=;4sB8xSI1TaO2SlDhv}<t_nkT$MNbLne<g4v8sEkib&cob<Un
zJ=E<MUW<Gh94HAdQ!a?M?Td57w)o}~medAHBa(B2QsIlZ84ZN=8;77<a0e0L#4PSv
zjwPI92lr5zGNJ?5g)*;)&%K&6ysOr49E%@`Y6Q<IQB@&uL`Xw^m_Pahfhwl|y|_Al
z3sK#J?58!HR9<8TV+DfT<DUl)2tPWN)HC=bE{1nFBp0F%q+V9CkS9f7f+|>Xi!eO5
z4(_-i;urf7UzgbgVG?BgE52S?kF*TqY>voN{JTiH&Zgm<Nz?uVX7V2I@4r8?DC>Q9
z*)(~poygZC43dRd^t7~z88J{Jbq1@Dq`PiP328*~{s>@~m3mexC_<MNt5{yQmlarH
zo35)dCsGD&ZZn5XTk|V^rDV;JX6Ks@Z+?DZ*PG-VyW)m1p}>~fBh6|Dk}F5@Jd!dL
zJWzO^ejMy(V<ROFgemrVLam|m<YQ_IBOwe=F{r8UQDG@$$Hyx3Vi0M$AIqLs<_|%)
z;BsxsBHH^+t#(c_*42-15Ollr86Z?u)hv6qHbg0HO*^wSnpWJHqGq`4Ofjoi(qCG=
z#qCadhnHZDFQTio`A^D@03spfLy*eOJ*%B^Dele=-*7H3j_+HQI}4&9ScH%CU$NQ5
z?b@I1>dy!jui)z_Yo)M+3H<PD;e+^@93eU^#)Q<xKK-U7)4;cp{(E2azCwW|E6J?M
zmUN<WLsSb5j|G=yRHYf0UnG>@s8^UTXoZW*HT-st?jiybXI#`~D<`PKXgA)JS#lv>
zEqBg;{lZ^9nu`y^+%-S>VE^R$d_P%?e;-nO<UW3{4Ih5+Wqpe+e;3-HM|bh8INg)`
zin-mu+ci-~WvGemn=EG+nl5Sb#WY<tDV&*~Rp*=W5kEdFVAr6EbW|tYco2bXl23Q1
z3H-%QemeC2fdoTZDeC2x^Q8j7k_~2s`2}QvgXrM-m?wD3zQ6Edznp?UeP0dyC01{L
z#r~*FV}@9uC^>dkyzN3wZ6-1__h$Y+hf`$X{%qN~DT;PKIEcETpW5tq(PXs_pX{L0
zw8mpEK0y(fNTC!cTH7JzE3(~AILG8G7yxN<1V!X-|K(Ma{{%{6j_{r$p}ZSw_DfxW
znRv3Ec%9F%YgyaU%4?iI>Jk&ivllG<2KM`YKm5DCQmNRH>>tq!fKjKCzER)A#1W`z
zWMIgh>pGW`v@NZY?i6sUNN=ZtSN;G$`hkZNZ3T4j>IndNocrgfRZEOXLY0R(1Fhwq
z1#-@+p*cIhq)KUB%Ri`2*F^A;3WxQ%vGp{+k+cJ<RcOfG_keg!TG3V&@`HWPn+9JS
zmb5wMLfujD0bB$o?d#zlR}!b7NWmtp@R<|3A{CuZD5q;f<%!1yX*Z4_Cv@cH*M#~^
z*5`sNs#iF=Qd)I=NQRhAWHZqy`}AK35)q`15SZk6bR;q(8#3zN;(d{sQuDBaa6>uT
zZqSrH&Co4;q;N%yikih7+nhaOxaI+0$7H?pE^y@bt|!Sa)<T5sryuVH`eMkJxgZ)3
zeLm>6bKhQI>%q6po^KF`%i)Jy@GZ>APQ<BO_@Nhnx{SLIu(ElQf`Il|P)8Ch36_=t
zvxguC-ALFR6zas8NCL-rZ}4@UC$?MNOffGHtq#e!huA$GGoqwr*9*QRnAeVeGHjQa
zdi&A$r{4k~c2R$zZ^^gD-uD#Pj+JdriJ@ryOK0v7rY6`9&QByq08ff-kUnBGt?fzQ
z+5(H(tjH?x!O7c`4Mxv{gKIehUY78uSmNMpV97<%@0wcTwYG$H?D#|MZ>_pzo8sjk
z2f#YKCN?}w(>afz4Qvq136>=}zix;oy*<&e?Ul_;hCM(_A{0&Wzo0IZV@)di$zEP}
zgS<j&5yHulC64k8aSC59)O#EG1bwBK_VcCsEu{|V(pcjW1FUv-g(JveA<cLwBPx}$
zssx-h!i@I9+E)9j0axnIBnJ7pLt#(*q^sGkss?MER^H#39vvw!b^uqGxZnEq>L%t|
z3?0B^4b6dR<YZue02ipbn~Xq$(c7HuEtqMpsY-mEHniLy$WB^wQJrB9cqCQL#j5Vw
z5AGNe(VOCUox#FvLcek-zYLqspyt(SvOJLRqotUA$)DT1s)`|O4~}+<dJ<<>D&#TR
zQ62(wVJf}{7?rE%TPCtZlFDOs9HA1l)M!7X>Kg`d>BpsTWDkcK!9VN2=W}a7Vibgq
z9I@<Ki^z{qmDd4|CwspS8*9Zks)|=~Sqq3)-Zh~MWjnA_^|rcds@ab(FrN@xR9TZ-
znVWgvUY~N~VIJ{hKJIp=R?E_TUpGlD;6+;X@tQ%su3z*KgioTU8^vW!>IZE7H<#xa
zqX?U<ExDk+&{rQ1VohWyyrnM*j^#RQ8f^uCy;QH|bL}PYouG7A;Tr)b67YeD(!fwk
zY6L_*M&5i>j%I)Vap*03+%;2ZUQzZrS^rvjD6w<GprdTC#I&~&I1e!?m~M&WfGEJA
z?oh&bAhIicOU<KA^>T=05EYneZX2Kz5AH%kBEORchI#(oNgrO{_Aaj`T0R!Z$(C$Y
zJSZTC5~U(YmR#ODwcy|#M0IC3+UgKk4<hvRjqO-hYUGHH?I-npPrHNL>$8tDW6Es|
zR-87eLf&>8e`3`v_P3A64rS`APy(;PcR|&g7xs|_2F;oS8I3p+t-onurx?B3?m#ih
zmTb7JA%;0SY=CEFL$VWWom_q`S7N%**<bmBCB>1ZN4!I%yKO<G30~KlMURamY@QNY
zf~f4>M^$atxT6jDiZOBL^rtwg0JN|M?T+FLF)yL+yjj@Q{d|b6D0J91^mB+xr@*S=
zqn=71;@f#=yxWtk_PHC9F^($aA2Yh{EE3<(5On5T!*4$;CwtN9w7F=Ov-EU!{G7v0
zukf<K9tls(QE@07Ws71cQVd8XrZ{ZjM<ZVKL6xQFy#Ge*JD-$_nxQUOH=IVR)e<1*
z+bp+-17vw^{X|4^!D9XAa=mgUCENd1@MDog#=?yuUP<RN37ihe_y(K@e)u2Xx7IoP
zy=sqT;PK|-WleYi6@Q%H0N@{UAQ8648H#kAmKlRO1epT3z0N%VG;DskXg;C>pzKY4
zZ-6rY#QiFDl}JhF;&!jI@XlwDkes1RfZn%3kHkP#J%!Gj$TVjs+e7V^QGEYb*5{i8
z6qC4sX<2=@_MJ4RuV9!5m4`toUX@9eaDltEy!1i(7Msj^!U|V@GnLVSKrlY5PiEA}
zV_;7uN#(dsVvlb(5Of+it`TMFzo#Y@1^V^SpP=E08Gcj$7`g-FoOy+KVW}(?WPcV_
z=kr`{PFlK6Av$3R1GSsb^wCoX%3%b&Wx)?)yre2MB%0!b+6T#K{HU$1ZDf0YEiUT>
zJX+=?*}o+fpW9?j{plJkWXg$(E_DM=Sk&2>GlVd0866=xll9*WZZ4;B68BnIFIx<@
zFi)1&@?Ly2bJM+eGxAMdWgq%^@bLJxcy+Bl+3Oj3o`iMeK5nd!h2Z+C=7(*&p^upl
zl+g4DiQrTnwTQHO`_R8LoYtjKi-Q=`M+uyH?DUl+;zo5$8|F6R2LjK&^~E2!-L0&C
zMENnF{&BX<UvZVCQTE8v94im`_qeIoJZnh)t|8l76VnBylw}*V=jmd>jnGTtgB|0>
zl&0Xw%G>)fWsCLTyxCfxkFoKDzR%I<qT>HvrK@gl6^vg<6^47ktLZ6T)5_NJ3#`d!
z4Pj)?6ndPKGVC*4i!>J*NstcRpAlAdbZk5`Dn)2@1sSVG5HW@BpHN*k@=GkXtsw4u
zbjbvno^OXS7k)}0Jf<V2*E8ksto@Mg_@;J5!=0B^cwJRg=RpEK=AtgV1x;lytf=X7
z2Gyb+<WDhzS<lWD*VyuMhA5yFc`W2QJ{(zg4joO~k#6)_hvZ&3T%B{%9c7K35xeK#
z0Dw=sr_`z;j|E3sM9+SkjFb5kGB3hkFV<{<_}ae;lDLz=T1F`TC3%?)g@JSbx?iM4
zW{bhSn8h>T`iBt-WKuq4(yRyeiY8Sb_mk-f8YL6Pf$}+#8RE0Q4)AGM_fm3ix<{!v
z?O1+*iD^MTeE66=I9F<kVZS7%T05ae8Z29W4lX0B4M-LcI&1ijH>$1gB_IfYIf_G*
zt6VkC$ai3nqI7PyyfH7prr-2ZtH*`Np7NTg{XA+jprmW8r2>E=fybbrl<TTPa8{We
zXlrfKDpD>m9M87^K~W7#2(i;&)QLlynj#>ff`w~z%q#X-dvOEe^pQFi4_R1JAP|aF
zpsI9c+Ye&}L9dQPHc+k{Av`w>!w-haSFWn7vGMTm>S|`@=AWbI<cXJyt8<d`yg|03
zDp5~oMZ%ZHicfXoZY=@Y;UuhQ=V3}rBL6a}gF5wvc=C7?ME&vP@A{@pkOrrg4%eLf
zlRMQmNhQ7gA?n<VOpCvt$2L#idQ*QL)JQdy+qkGsgF>oxlK}?hy1ACD%+JSt25DBv
zvC2(7slfx|$TfR|?LucF)l`}0mUFX&>?IQ=8@-T84^8)$+((ApZlOpIi?myv&g=ZY
zX>H6Xx%r=Bbx53I*rH6AJ+w}y?`?X@C(>2?(81NZ5bA6t^A|d-8w-c@i96#4q+#jM
z{H7PY$y{!$rRJ2pC8gfxtUuGy)2KFuceNqlmoWR@q^D6@4Tn){od(0ysx=ZS*YV#v
z4F_^bRqEf>RBHEle$ew%j0e^?<{4Au)ir6KW3ljSOt*4VmRa93VUi}&DK9&@Q-`k^
zzTL;)DSDG!*>B;qps$b?amh7lr*u4o)$y!4vXf6f2N0g$ufX6F%-Yl5cJlY%z=-gM
zjR9<d=Wuq-6emVSQmn_o(K8=&qugb7N3%P<UEjI}wqtzXOP&g6F>I(3b`ZY4!T<|j
zZ_(pQIrr+n75PC8utrj^Ht>GxZOxfAKO5m@AI)a}XIU;<?rjc_*Wc;>#-HoIWw-BO
zyH|YceqWz2yYBB;-ixmq2Kb4mKEOo|uzhyctIuCKyv3Dh!T>S!+?-sp_uv*^bz}W|
z1`+N6QQ~7zsi9ehT||y!$!F*2E+4{AcxNX;zcF!pWxp0fDr;GOs>-lT?|1jG2Son<
zR6MdVjNUO_H?u!K$U)bM1}TEc#@`N4W6SLGc9V8m7%qiQo01_E46$=m$zo~2q7_j1
zQ{|NmQeYLpsVyddKhEBFh!=x|b8BqhO~i_hp~|WXupc(YyDxRF<Kb}QT=T_|!_fI~
zTE1BM;x}UJk=$FZAA{0_qHe~Nuhbj}A7Y0+$@~q<EzLd3HHb6qEz8yI*L!+o)Xt}j
zkxNDj^vE){dx%B;B@-}ZAioIpro<T?pGA>JL}jm(2Pu^7-@Vt{ZTrhLtNTQXI`KGe
zc~Wlv+3+aaST|fCG_6!F1P}_$_h}Ru5)NQE5wDK^*i~)n9%rYaQ~CAdohh|pyV%-|
zV$(}@J!Ul(vAI&6V8Q6FQ{z-_gB0h~ygl*SPkmy#Un!0h;_LnRO^XNToM>(D>@TSG
zFv^Hc%#dF!KfXA^EKdn~z9QLgvp^Gk$#LToNg8DdD@j=a_ZQkA`oY5Io1bR4im-g+
zl|;^N(Msv1BYl0_?Hl-zO{5*G_p&*1IN@LsilXhSP3yu!C&#5!a<T2zQmL=b4AQ8B
zCdQ~mO*usC)Nj}vZZE}@?;P*%kMhKy`a1Tv*>OLVw_5jeHyQ}k-kR}XJ~Ts7sRe_3
z6A@WznsNohsyBC9E>+zd?cdZjih-Cog+%Ud7x(8L%zU(XztIuTlO|RBZUGv@{7=>3
zLY)x{6VbDW+S-TKNFVoyFO&Yj<}2)PP<x{~teRgR9JKtd^wMN9Ow~y_JV?2-MWUnQ
z1s@gpaR{917^$Xs=4*E^<AWBb_3UUurA%AjGu#PPO2aFyg8%H}7O8^rNamBmDcu6&
z=D-n7gof?zDekEbC+&cWTv3SXK{SnG(YjYv+fVjmuigPZ;E6NzsdlA^Zq-0TjOfyn
z?kJ+DHw|OSc;8?Ei4zfUE?z3PYnw6cW~EXd=a;3IyE&o^zuN7g7Z-+4)iNF%v<nqH
z)}{aWZhI&$kW~1nu;u;&h6TJRnjt+ILm07g5wJKqwP+<;k@VeDo}@Yp*^#sCWX2p?
zFs)c15|PWsu;I#+(*kH2H1)t#a8YyeGn}K5gfdPT8eyL|WPrZr%ZjZbZtr(X0_x%E
zH^Bi&pi(Ql#{d93W-xoqSmtQ2^nf6TZ;e;ug$`bl_e3)z#EBMF(UX~-hM|MRLSK0~
z{LJZi9klaxl&zHRQ>`JqAETUFhQ1_PdfynH+*)Ac&i^Q1175D+Vuks*1^G;81#o41
zMKk)k`dFxsbZ^t_Hpy72i`ZQvq^+z@vKnhoDbi`BFnWh02rIT|2CU3H%|Txf!00?S
zYKAPnaQS@u_;oyeOU2jQAmP=)e%Ida$0mGz@4YFVem5tMo_}Y5^%i`mruwdC_`T`K
zocdLKCt1B8&!X`3W_T8c_TI&7x7L1kIaT*)N7u~0AhP$U{}$_^TB6%yxTeY>z}O(B
z$9WhBcVCG4XB|(Z!;k0C{!C15-Fr532E#Nl<WIo{H=Kq6#%jyoawc&0Ab%$Crz=5H
zyLLw+;HjzGfuY>SOn^xMhkh500Wg)-LRBeXR4?AgR9-8Ys8gMWx|R!ZgN1Mc*hj#h
zddpzJ1hlUxu#r>J2<%E`E=iW+feg^P-Db=5f<sgmDvR=hWy1rct5<SG3A*@m>3*kR
z&kFPzG8BgyNX%fe-OtS5c?8TFJ5eJn1h(xJ<BX$W7TbYjE-J2&RK6-)Xa)xIRMe*X
zRXEK)H3}b>j_XG;=1#gZ<=!MPq7)~ANs7_ccVQG;F4sxwcnMFo3=xAwEdByh%Jo9$
zdvkjHNDmatB@LFmvaS`s+5r|l*m9kCV|Z_855`(A6dkb@A5;8#PD0pIWfu>aX>Qg>
z7R$diik-eJePHA}zfRBHcKP_o-~Dj8{Z5|vI^CI7#tSh?<_<s9Vjjs?Pbjb<Z-DOB
zEFyk#op?bQ(TV(LX2CZ$=i)d{Ka=J-PX!g|WYGm?zKiJm8!<RZg5iOGXG@x&v&=EF
z5x-6}Tuer6q)h?Xtm~`fF9vh<RA1B6b)(AZ=}+ZEJ%D2WHyuTm!F|C`&r_5;ZsbJi
z%%lgNCHtyOvbL<tk+PVqi}FQX%7yqoOF1{;b*)}4?}XN7S#*Zro#lkx9Y9AyRg`&>
z*TI+~u?ymt=vy!<b!JOa70uKWOJN|%jtamg#c8x`iMC6^Yzl}j!=b4h0@HWpke)xW
zu^PvD)L(rY^Z{=6dLa0B%5Y=VogPLWp4b#hOS&Z(k7fUnVBO)-3R8l>W3<Gh_~^&!
z)6$B=qUdMFm8^1)W}@bTm6Q^a4s)FBz4FekV<~<5Y*_ZRKK(Skm=V=qR<|>vx<f#W
z<L-GR*k&3dB^%dhW`Q5q`o&a)zuZGnHE%yaBIeF`^l9QrUIg_k6`ET#C%p1EW)99R
z3EtvQgw({>M1_&dPVG_RCy(Mv<E*AwOcIVF;mxi$VHVt7Qt1>b4nrv^L|}zgY3_yB
z5!bRg=(X~l+2khoa0DiqVdQ(KOlr|~{L!#54#B`gs$c!TRnanbvd$WsJtd5uQ&*&n
zlohLvKr1Li`#IZ)vZNbo^@V8b(F^b`z!TeNOxx3JIF=1<YQ7$UTUO7MO2w!IOk6Md
z6bSf$wIw({XDO0}w5@E)HKsR7&{zjMc_uDL8U^N76!S-tsKm_8<4Fl^Ydnlc=-~(4
z)6uwF^B9k7w9EK0a9WGlr6M{|wJrBt3Lo{#oVWKg4{PSoh;nZdq<kNRgOQ1M@5m+7
zpM#{_@j(r(fBaPnBig^4c$e7kC7g>6!w`hm#Kl8Rxib`eZ3eqGLQM1?@u_IH5B~m?
zLNJvE8IE@$yIJl@#KfwInm|xomQ%r_J<JY#;FVzSxv!k`D<*lKtS1z4&sY&o{Kqr_
z;Ai%4EkqKVLvD-_Ux?m$>JHj$sZqDH0w`l1xn9ArG04);lQS_9J#tze3;4txT>Xe3
zhXl4EAURxm-%l;Xmtp$$atr}Ku-{pn1%@oN2utZJR!v&JBMXyVOMwKF1@hp;l6ujv
zYmvo`gZSf7LcMMiMCZq-L)Pad8O0(vlrgRh%u*0GEvWnpwO=NtD-?`I(4UmgdrAlH
z>d3VJrJC5U0>MWGh84r1rT6>G)lYaaxCc&;e1pOKKw%2;AKS#(S*rO8uDyoCM13n|
z7OQ{nFRx@QM)rtbUX;_;`~T=BP_V(CZ0mT_FH13Ld0jCI-WG9tmd5LoJQy@|GMAXD
z37ED?j#p9*7Eo2I2(;G|uQFfG{?e6?a!ia;^1>$D?RX?|4pFmqLQIiZ<RAtzRQr?r
zdL=fv=^$9*h!~1-CWYg^ic=qDOV<nG77Z^XG$3B0{7UuZ+Gdg5+Q#8o{vYh!Q*@nu
zqxbvRw$Y@qZ8TOJ+qP{rR%2U@ZL_f&HfYSo*4(qbpLIW2_p{b|-!b-BdymnBInQ!3
z59Z8uUH|Xz<M^HDy^<Q{H*q<2FT!uhWno&CVM{J_E6((;$_7`!h3F*Y_Hv^2{)kW=
zF;y)Z!X{<zlU4MfqmYm!#CEJ{m6@8(^t|48D>orI`GI+`(i|1q_ZIN+u4**TiC4$g
zhKflwA}37ftBACy=~kc!A4!eUMw+@(#B3OkBb0C1I~U6LP1MH5+F}+x**oa+Ow`)P
z8f;TkCK#L!mn&2ku@LMjZdws6op1vOOEq&hY2?Zvcq)Vm2^Q?tw~34p6Qq6jRGwwu
ze^$5=$QbnzS9yx!7)@=p5)iVvsb8qBTfjP0WJzCWDs7z6Sh%)wL@5{|!rIB8q5aAy
zB$GF4G7LS?z2JnY)o!ePoEf`QS~Rj>Z{ucroXzQ{t<pxXR%Eqg(%6kX-QF;KB${Sh
zKO?Gh(>~SssMFQi2tA{%qhFxTw5i0aE!%u-Y&j{7&y#+8WNA5kkkOuDJGc2Yp0dfF
zXD#O2=c34pR@{~Ghp&NNoX$c&dLbL{Abi$hN<-`qT*W(6PD}B53)7dsr)Me3IXC@4
zw3IG6O4g_<m*5x9UsabN$N(34^P^+6_5G5{L#)Sla77KrZuF-imaMC0I?QY8h(1kI
zMtkNvJ>zj7wddyhw8`r>(C?KO8&h{Vg8Wqb0533r%f&{!yY{Of_Oed+$pXX6?Ynl9
z5=(ct<qg5uvxRkKu#OukCp`ItXGVHxKdVlnmV+~}-JHAv_EYUo$#>}wH8@#$+^+py
zB#Y(F_<3KP<f8Cx)fgb+n<<6{!W1QFmR}Kk#*^ttv8RwfPk)JcL&z|k2e0fFaO4AB
zW_6eLX8z_I2%-WxIabcj@|CH_A#G{)Q(f~`t76v~#BlZK2ZbGEs*g%tVw^5LYOO;;
z$|TZODmL)93QBFBE<|C!Mox;9jTirrCtBU8@UWH0A>JvMB>2A`1lqgP8be&ZKbx*7
z!|D#e(wKbMzY87vzF4m|1o!4AJK-gy+@Y5cxBce*rsIt~&9#~0Ol&mAb;ch1=n1Wd
z!VJr=(Gwi<ycBbk-U!DmpMyRpm3ae^=*FSXfc&;5IW$^fBWY174QUs3cSwRfcr+T$
zjvwN$i^p_0#JUHyofQf{;{P^=5<oJ(od%pkaXvJ;sGY3_uN6U*RtqRu3Ey`jWO*5I
zz>1ir1<_-$xo17uwkc5yzk%b4+-INEgBp}1BZ#F%BYnq5_5NGTEbdeF9rjJpg)y~|
zOCD2LEUbND`W$ytgjyPc_KOfunrNVbOF_$~XS+0kB%0R==I_mb9hdlA#{Nhl!=f<H
z3%+DMV{ww5a*+_*c$SeCsSF<FNq^QngBAt%ejeCPV`gij%c>H&s+t_{%mueZ%&*bl
z(9KPv{!$>K(?<snVXUf~#AuAx;&$FBew~TI1&*_*2472cH0Q&(v;QLlu}$OKh<}Tz
za+MG(rpzU<;64Ie0utnZvz=Y`imA30=h&@Z=Tdy?jI&^75PWR2DqMK4KdrpI%&V#O
z7_;QXm=sa!s3<Qv)#ssc@0Plt*3OB_cd;B!mmDfX96`E38_+pfc;Ue3vcK(qR1NN<
zb@BDNPp^STc>jYJy?GI>Z&+&-j8w0%+3r<c=t6LVy@60zDDVUey{ImPuU96>Y24tW
zjQy9s(pL65u0a+bBqQJ;v;hKe5IXAOts%mkkV3-G!;5gN2YBBu-|KY|6{tKuu(r6)
z;UqEtVKrFT+A?LlkydVPjK|mdvVo|8{!CplqOIhr!Ne<7UK$D@mZUw=V`O+gg*t3}
z!G<KIB2mVrM_$qq^rG!96_t_Y7ee`={2#G~miDpIk`Wz|Vm-ng!oOn;2Lg|ZtSLeK
z)h>2W_X4tI$p(aIM&$_ZVQvQ8ngqytgn{yO=CNjj1%GM{M-2a^){wf*3YSgipOLBT
znPKF0VAg+aP6RSdVErsxLW__iGrw?_x8-h6KDUF=W@-Z*Yh22VtzMP)X(P5z6DN0}
z0oQt`a0A;I51x>kS+^~%rL?9|n5VN}0g@-TG(bnYNNQ)bze4s%@bSWOA=2zaXr$Cy
zR8bIungYv2cJLRXSGgfntlKTb1ab>2K24YSwwOenO#)U(PNc#5`m25c%wh+o3~2(F
z)CSS|{aBrN3mgC#y@nuU-iOm!A3xG?5kGv^4<2BeO3-Qakdeu^!!;71TTng_2#A`N
z@(&FZFhAbWe%+ril6_5)29^DC#5W+nNmnlu6Wh7Fi48d2S^8pE?W!P|i+mN33EOuF
z(^LylLdIliTci>UPn&u0)cUd&%!TlssRt|hJCnb{6+O2XMk_>y?OTj`krxx->4w*4
zFV(N3VP;<y+7G0w7f8YPl)iBd^BGPiFFM*-MNT${kTRc5{SY-ZXFLyvaa?a*eU2kH
z<#$Ec-jkP*sd^R2mKl=Cs?|KiOh(x`GV)JMnXGEfAw|BNyLTYcbAmpAF#qzC4pxDb
z@)1P-nlU)%4ACF86!=0UQDD)5^T!MgT)}sbT%te&_eL=J=(hu)`6A}r>1L7VTDGn2
z{TmIiUkAOG{jqZV)?Ig^*w7w9t)CITwtc*%X|+C0)~=1@;F9J6Xz%A}U2y?ct0S8q
zuU}igEy#5WHc!itD&@}fNJVwkrlY}-CAlmrk1tWkbU5_M*2Xxzso*9E3UPxBJW<wp
z+=f`29ENSvgJx-p(x=VMo3Qo6E#dx$k1mUMz@aFzl?QgI(55`Tg?ZUs+H5+N_k6Y+
zX=>fPRro%SvD~HwWO&wjesmUZqLE_L<k<P6b73O4ca@@JW%6`^H-%?*LNc<87eI0<
zN7=uyfSKF;NgbxE5%^U5ztS4=j3-}A{*%^V_;0lal|d2h{I@waODGT<r;nDbe%=e8
zdHe*I{|m0+tC>~D;=kb<lB{U|9oK+s@S|6#*n7}E4ZBAJY4q=6Lv~z6@c%??_@qik
z`LDYq_3`PjU_(76hI4~Ihe=%7g7(CrRjS&u)aVG}fl_&Zido$MjBK!yuG`3Gu4f=s
z_UL~6ej07lr&mtDG!11PJ<@K|g%2HYW4gWONVVisu-cATz><Fu-<2j|cZoDCHW6-o
z`k<8^$dit#6mpmA$pl7H3*JppSyT%Dmt;fDb53qvSB5NAZ<w?G?WKN%_Cl&e8-qq1
zn+3I;xr7=hGkAjq!wzn^I~Go=&@|vz*-zG!f4!ZaP+O<8%7*<z(+O-(tgKzyNo$19
z24a3Ee=_}8%58GnvP~A><DripGJE&AF{$lwpQ{Vb2lanPZ5aG&Ul)23d2}Os6nqX6
zL7<Ug5!m*2fCPSdKvoo?PR-holI)V<OdU=CV)1(JOVC?23IQ<<$)?G)@R4vC<~-!c
zklF!L;$h)d!;{wN4!cN@1I098sQ>c!P`|?{K0yC?fDs#8ot|_DRtl1Ob;-HDu4YA_
zV?G|SOcbML<O}ZtQk-fyRv67-<5^GqTs&@`6Cf}=&GUXof_Imx2_UKgwwQn4(#d7k
z3a4T6%DM=}2wno`8YRRUML_l)C*Zv}$&W}>6ttFTyWnZI@UOctdnt9Ie6QlR<{pIo
zpH~S`Lkq{F6m6)^F8Ae}uM}g%8`R2;tV9CgA?*hZx+%Z5Fu9=PuI9S7S+3}atU=-3
z>$kbn4%cy`bH8aRKSRAP!9acfP}nD1oKEsMIc9NdIs9p3ZB={|u9VBPpBZ0|u6}b@
zePlBNxW}gbbB~R-OH|w7Q-VzMJTMq1CnyBV!V#@hKW1K-YCm}9&+HEM1itzQ_=67T
zp1g24CuHenKk^rXsq*0k8-=w6Zu94#hEJghYRoyF-fIpoF7$o5XuN~U@U6?Vh~&E3
zNIi*@b|HB+D0Aj7_;8?tV8s%kkhxh5<zl=+C+(Dca+n^Ug1iHK8hu`uGHOFHs7Z^?
z$Fq~g#j{tW6{>ltTFGQSToWQDf59x!Y&s}U8|kSo*>&a@%!^ZNPc_*~6*kQIRA5#R
z#H?6*(cFmm^Wa{6(9BF;<~uDYSZ~)P8ffI%_Ys9#^-r>#{1~!2R$IrrZLL(_9WoE`
z29+xJGh7OzEHY^(EZ{#XUog`aN5nb^tE?|Il+p-b={Gp+a-h-iL{{vfvyt=>R%zW+
zIi`J6lUPekxI0Oc+?6>F?gWKsvWbmB=dhtjg#6x7RIKW1K2x-qnaq0*HCH0HJNE)S
zb^C3s6L3lQzR$#Rr&H$=<`HFO6Q{_S+XML>A6<GhXtmH{a9~GKa6(n`7}GS%_8Vz1
zy0_p@$^v9{xJqv9m+uJ|q_YX?6u}l4^{KO?$aQrLJT*ziHSCpOhE7@M*586Gen5e`
zrCG|k?3x7^!+)>1**}LKe1UjG>VIe--<mM~GcyNn?ci&c3^r;@1as}`d|WK=0Uk$0
z>p0!-RS9M)YX0Q*c-aWNKdN0A)erZ=*lPe;u-6${WchVH*Cocrvp!K@y53@+zM4WR
zgQntb$oV=^7D40z?iSn?$?Q7X;bx1f(u<00u-F^bPg8X#)3hhuyp#53TMx2<bkOz^
zw80a_E1MP_>UHG(>1jhOlM3q+*)Z94s`yd4x}%@mepcA&(0^9g?%|kwFN$Yx&EA)Y
zD9|tao2S*3eZH}=;g(K6niN|tl~;@>TBMq{ho@2sc{SOSdxxdt6!2+4C3Ow1|NFFw
zLC6g&mhcXIV-AB*%=ZM4Ms=91c$&yMM-N{$p&M<qYM3}+fK3j6{wu)lwut%uM}8ec
zoN?M@f{L%uBTk^Uu0f*XdpurKHFl@vt=+W|<I?Wk&9HIi`F+WxOYdF4kor-UXlg{U
zpe#IrzacuerH$mLx*(k6$rVLTdee~iUmD+4LK$)#-F4SF6RnbUKJlv9<mH@O2{oD#
zVs4hz@B17Te<>LjmLd4&c=)+#y)S1{1EVmq(_0v}GurfWb=Fj&b>m&CmekX9iLdv_
ziW@^{08=jLxcx%YV?$`kIjMsbZOsU`o?Tz@Vrm!u`%^G#uuv#rS7hqrKkC{`mY!kh
zSYTbdh)_<4n36~NHb=@ta}h5*T>2%drDVR&5No!VRDZhNXLTu8Nyl|&;v)U{U6LM|
zLo`SNLj68gFDX(xov8Z7PGSiA4rU9qal(C|8nk;Em(mSVD~A#~^jJD?TEG8=RIkBS
zbKHl~LyN3zSK#+4f2G3J`b~r607AOMv+eY>?46lX`y>ZkW~h&vMielly?)PySG>Lx
zgK*?7?oL;H8ro8VU+jUwJ-4AI5JYaaX?E2DFU<=_B{*vIedJg%$1BZo#~ZtGe;jx+
zsa}Uz0BP6__~Iqd^H?wwgclG~xmD^_t;xj;{OVxH`lK;LiIl)4J9~ykK*4OeZg;*Z
zX!irB7SL9?+s_pN%xH^79)OpBeZFyIDEBtcw>$Ud#}%rlYuaDStFcF^bW}Ujd!<#A
z;wc+!8HE$VO0BTG@@eqDTOg5nQa2h9oA0o$?|^%1`uO(#fTL*L6em&m>L!UFqikb7
zc7r{})%*C4K6lhW(ac@Zp@@~wotOry2YE2KV7&iIVujKG=1Hh+2RW?l;+B>@;_&9>
zIe+yfc8nyi9io&k#uWe5LLf5*QWW}=aIb@4_YeN1VP_Ls1Y;)cdIVnh{F4XPa>M|l
zSCw*bnb!)HLx>z6e3ux}gBXhr?cz_4#haaIRV*K)>Ct+J@jfZ5K47Mm-VCF~ey@jO
z7->)2M)$UEk@0rT;3v~dddpP7Jvq8^O1s!f@#TcY^1D%{3R%vlyj1I)jsB*s@SDU6
z#LylOJ4-gv^_6v97~=JqN_%=4QZ?f(X-Q-A1w)!V16H}cn2Lb(irj0KFDx@AauY6W
zt@p--=@uy!ne0=CW<bMlZVCrjDlYJCGrE<`C4W%Tv_aqffLJo@pnf_<c4wx_{nhYF
z)+gh<wpT+G^Mg&e3sSS3g)2W5qLiCJ^i*&laq^{ol9*ywq*;7j$)V+DY%cZ-3#@#C
z{N)KvCf=t_z8mT`_29u_117}rfoC0bugwu9P_b`#pZXTXrKGVh`6{v<EaNC2uv;~@
zRECzr`Om<08jxodlnL~Y2qn5i3(I(si+)OyQE2)ONA^VT1gQ_)2>{>kLvK>P-$NJd
z4JB{M(NbBdms9Q<CcMf?sCzZiLu~D6gBcD4TDIb|F2s&l2~!nPI)41}N3JLeDew)h
z*hwRp-lZTX$7j$4^|g)ZvSjLwH5nDn%usHn@Oa=qmx=~ke^n~N{6(qQR`j_u`8rBS
zSObse9r+^{&OH}y@v#F-)DNC6v<Qp0{gT(V(JH=}gsm4;!^qcK^zl>%Az90DO(;#I
zc?;MN6c;@$Otu$}SZz%S&Rl2rF%1USBLa<W8OCB=dP{D17D-;cExgiY-o&*PE_e~X
z@y8kDK8(d6-VZBtm+c?iZ{5Oe?104~%G^;1KEIH~PNxd&V30Okh<JW}Wms=_3m5-z
zd(Pk-7lwydG94(486UqYNfY97zX^;i+0W!KDN28n#SZ1OuXi>)UuTexw*NUg_Ew*N
z7&$vIIK<H}1`dDI_S4;px7#Flb~#$9*xHV8?|&nAq{aQ!89LN~3cNPp9#zg3SSQXD
zg;rc^P3}4}pOK<>UJ%H!OrOy`b!hB)Y*$?E;qJR-#14`4cc4yybU2R1FT=`%wq*Ou
z&?}z3DE~M%@x>_yLp9jMT!&DdFconPhq&W_WzpkFru7{23Z6!g0#jSwzK{$WM3V>m
z830y76xzaUyHlHwB#KQ#HYM~vfEtUt<6|BNQe6-@xF5WP$-VQVkSEVC_(X%~=;g(m
ze-6s^35KQOnK`oLP`$X5<db3M{g`|h_C_63l${^CRq*nQD|*ewUPH*FPuc);MHBbu
zn3+Mwql|TPu80x@#h@rh0h--6$u&KCk8}kD>|izC#Jb|RCXix}fdaM-@~xG=&gkS0
z!Qq$|Pt$Pde{TWvB=NY>q${ZSaiTgFQ%ghTrdtSi=X!r+=*J7OsU<X3{8<FXjMH5i
zgsRqvw^K%47Pc3>qP-F*cXue^3Ecb9tW(c>YJ+lq=N7Wf)>krMxhkNQ^^k;Si@Bte
z4`PO+1Ak3(cJaXVCU5eOz~5Y(w!+_CE>aE=jan;PvIm=d533QgC7ehG=4;--tbB0<
zK;*i;b3fBci&DJA?8FCoTV#Y+=pd=w9H^j3%)l>M#%BbgfC({52ZBVbe>g=xc4ncL
z8gaT=^J$-zgb$29yr9hF1bcX)8<eUNr?!w_SMDrv$hAMA0<o3(wuVmbM*jTA7T5ks
z?XY_*@}S=lT`}LN<0n4G&wx*$qqh=s?iX8(A8zlUGl)qYFjrE@*lsvK$YQ^|*Jc9l
z5Exli=ZRbDhrWP7`r6q$F_GNv?7?aqb7wP1&jKsJv>n_|?gPu|rk!lXo<?Q$Pm}l2
zqSXngtv8fcTwNTapm)Fwa1?C#R|Y8Ca?-y{{!H4nd@hCl*&J<ZeD38HCYm#aw3%!J
zUY-lquYYYhAb6ur<^9ki5#=`TPq|@h6V2jy4Vr`TyJ6pF(kdnhu}#_Mqz}e(H}>V(
z%*jav{l^SOxp`a(E94LS1$%+h#y@IU#O469+h54n^HTS~d8lDAZ3k(>xh7Bdzu?<s
zejlZ~Y;j^h!jz(F$*2CnWKaDjm92W87E;TZeMARc?4L8gE7X6^{5o(Z=(9|rIwPcH
zHQt&Cm?N@f6=*D#&^-rRHX&7-KA!g4?Ew3{Q>m5K6CB<XZ%`;BD{LeuwJaU3qY7pZ
zc*-m<J3if#=jw2!u+JM2pQg$!pcH7YT-z5p_R7Q6_7d*`n>P~I-4fR;ciD20i9S-p
ze;aMNPR<mxDZk(y_%rtlL~-U17sUH)_A1V=dqJcsjki9Rp!4))xf?+juCo0C>rx}?
zr)F9p9j0h^#-Cpk4n%3qBkUvyxC*{Z>Hh4XHn-(Ir2B+}_V5am_lY~}xa=5JGLO$I
zyQUkdrB?9Kg0@3vV|1fY_MW|-U;}LB7VBH95k;I^^A?PUOD88PP91DbZJfGeGy5o=
zSic42*ZYSy7yKC5T<BL0^`PPX6e_=BP7J2&p2|y|Xxo$RhUQ_hxpEf%h-{p|D89~X
zry07JUh-pF+h|T;dNqV&CWf)0i$br&NtdnU)-na0@}P@aHNzXp93_e>q_f>v_+asn
zza8aEpby`6Kbx?yOv^*V2+UfRegc+vU<``?YlgtQ1DqzwN=H&Z1$BV~n=`hCN{>Rp
z0}oIR1-5rf*Y58ItcM6cL{J4kCfbR9qcGS~Rs6PSD<7F&m*E^tH^G30Rm3JRIy=EB
zoDD|4DuOYWVRC<3-XS!yTefQ@ZpbS0ZB+~*q;$i)oODIb6xh@m<o?mr&3!_3EK?d{
zbFO$uBfiAeO{M||AAN19^^fgSerZXUgewHq0@--lo`UwKZu5X+mU6@hE&u3y656UV
zfKUG%Mas+aE=S(O*I@di?FQM(8R6@5T^$<V@D2D?c=V;$-5tRFI*07!rXLynTD={g
z?{zqgxcldG@^30$5SHD;$<}DWpt?(=H4-<B6VP^gvb%8?)w55xQx_qe(CABuhkc3f
z_g{hMa-qzr{!F%TKj%LY-Kp-_R_r(*`HeFLGweWlr5%99X71s%Qr0!VQ!>yKvXi-C
zI)=Rn@z9KmPiTC7r&>nQF_PTd?n&I3pFzmLeut(cDtw<xszSm<MWI2TR1KTZD7uv&
z9ZdP21|GX#U|k<Kb|7a+4fV79y?F#Y*|xlRVXD3uMGgNYyqGxe#mKG!rUjXNg0fSn
zcb+z0b)fan)Q%sw<ifBvBJjjk)}lCY1WrFS#_Tnk_&@TfFEbcA(Ze7Wq;eejN}QVG
zT`F9;Cp1f8Z>xh!192m3Uf+IqxRG_n#u9{7#O3$Ay#$)_DiUIYtydDh(~kONxgbc!
z3<$yH^eHjH>2c4L9=KRSwvi+<E_!#U+G?^x@3v+f#c#9}sQ3cg(THllZt#?%<{zT;
znju+-e;5O?Gffa8;xLWRwb=wZ7-)f*p$(X)rQzWryR54cdxQ>Y;u8F&t;zYmr|tq^
z);N!x2%ewp&>PBb8;z!=+51L=2!Fv1qxV3#foQsnWbhZ<z`ObrZcs-31vez${sA}O
zcIlcPn^OOT8}Ld@_ey`k4N8B98|1(c{uA6V9`OrqFsnk-{u6HS#`_63eCCO|q)Jj&
z1;P!WKjDU|UvLBdKfn!cBS5%;@E6>G6j_(>2i(w}Z@>Q&Zjb=N4OM@K8*U>118%^R
zB%1sQH+(JlAHoe`@>IXz2C{#E8%ln{4Uxxx1vgxJ{5!b8;}5ujdv0O$#2}t_f@1$a
z;0CJeKj8+a;zq&0h8t4wD3&pAVt{Z1=`XmU<`>*h`WJA+;`sjnZkTfT3%EhDLDlT<
zaKj_f2O0do!wqr&0XN_R;RcTryrjOr!wn7cf4~i|CqLl^<nO3yg}>m2V}yT!8#Mla
z8`6Kl4Ttq2jMdO6VLf=Va}_7~eM?CTo)v$C8%X~JZYci+H|zr8hOZm^?hpS6H@y1=
zH(Xx-9d6JW|B;4a9=V|L3vTH2iK>`VY5o&#K>GzZkp6-jnt#F#n7`l#=f8p*F#doW
z4u8T8A&o$|Vc>6Y!|E7LHNl^7!zK`J==upa^a5ngae9YMx_`nA*W^FphM;Z}s6XI_
zw-;_wKj8-Q|9~5$xBdlgFc^abnEoT&0QE0$!}Hr?h}6G?8y-=Ca0Am{zzshC32soY
z@NxYc+#ogkH@HFW54fRbrbyd5M)YrRLjuFz$3Nf(jX&T9#kHICu3vCN)nCF5)Ihia
zBU-$7=)Z;=rp|xC4UYu>1UJ;p{{!5>a`#to!}j0c1{&sHa0B;GxWVLq1UHmp|AZS@
zjDc_iHtWB@4U^3O4sO8uzl9sd|9iM$=lTBtZlL}rxIu;GPq;zt-@*;mbAP}MSlNHV
z4XT!Z4L5-O6WmZS`U`G2nP}+&!VP`@pM@K&;Qrr&8{}H*bN_z;H~9V~+%TW~zYaHi
z{2Sa*^b>BV{J()4#!UWuxS<;FAK(W41}eS(IozO<`hN&FSQ-2y+`#bP!3{U>fpEjw
zZ@A$%-0&N2_zgGwh8upv4Zq=r-*CfkxZyY4@EdOU4LAIT8-BwLzu|`8aKmr7;Wymy
z8*cawH~fYhe!~sF;fCLE!*96ZH{9?WZukv1{DvET!wtXThW|adVb$m<@y@Pdb$rO3
z%42%!1c`$_^^&51w+W`QtM;Fl3A4{~{O*ha89`<n{9czkPbE{g$X&~Rm)B1(CBSJy
zElsCQ(2(@E*>{K)c1RMnwK|JWUXO_=sIYMc?#`~6TOSR_gh*nrOZNu*(NOVlbpUS%
zNjQZ_7lk2UE?~anFit|u@`^JAP@M#Q%wbN{K#krxEP*8It5!-B0!6i)AV=#7(Rk+M
z^6*!E-4#2R!$`=ssD?xWZrSEDy{UumAH4(n5G}7oN<bR5QnP$Q{z&<jOz_uE;YTIJ
zz&~~h4N=U{!JdEa6jC)oglTu-=swKA%(Z{`W2aDg@Xwt>m@ZGC-SAPJS>2SUOqL30
zH&{a5B}()EvKwf6kU?qEs|<DQaTdn?bua40^Sp<ji?G1`4~P9M%+IBZDfB|hAqGO)
z-a2ma#3r1`3A84U<Z_!}))m?^nG3PB6~hUo9Tf|G3`JXorqiBGD;%OGNrxO8VL(79
z%+Buc^3?U589%eUYm&Qn59{AEh>obmo)c{i68PL870&o3ycHC}3Q9Ck7%zOf7DKpY
zOAIPbStQ588}n0TKy2|>Oi@!71}-BA)(7jenMSc_<t?SC$zRX`Cv)t^1bn3)WZHoA
zoO`W0=xZzf93%_{Enj#C#uFD}RR~?$q;OQKq4hJ4KYQVbxU-u?<Z^R_2kmeZhhwud
zi<UvOgwnvClG|o}l@Lt=byg=|_p~$x>5^DOyk+`ckGK#h!Iy4+l-f=0XsQ#7LQ|4g
zq}ExnxFSzSs8RaBbc(NJ3<}d}3cYt^T&bI=`9=Sr99T#<ie!;6)Fiw%M2y1Oxx$Si
z7fF9yEJU%)BJcI<=JP8rcPGkgd&FzRSHp4UM+5MKrLl>zU8Fi^7rhszX=u~v0oM{+
zBmWGym>%DRVK-%hV(QMdPMG6`9&!~ah6-JK(B78%Lv^H*o2mrIS#E`%?cfq=cJKUP
zKLvYxu6ZBZXqIOY*Fj6LI$y4x9lNBA+Lr)a{Jh)SkT0o+j4fK!fh|}n+@siq^^t4*
zI1l0Qs5cA0>P=Y@Gx>z4Cd$+G!vcPqmA{xUFH^sJpa<UJGmK)s<@?^ECMfmDAEmZv
zvzEbk8pcKHBG5~wTGcD_?9CrNylGWwmy6nDi*^wp<t%Mjt3U2)NN6-{MR`2!L6mv$
z@R=WdZnEzwcEW-@G-T9+m=_t$pmF75%vPhJRAutGHi%}G>MV<=2Z=(6kZLg1q3`Kq
z*e<*GG@Dg1>W7SRoy8?lpf>Vy%*;_vy05U(NzA6*we-lX_*w!BVYt=_d9}r3V^e7+
zCS%2&MOOri_Styu4G0JyA+@mw8iB1p=B;EL)~DSs2{YeKKt3@P%dkUhXyLs37~MPx
zBKZJYLz{y_fbCliW;W|Wv6gJXn_z3C6vV~49X69a9hn=KgB^jIE+1-2kZzILB*Gdk
z$2${c5fVN5b<#AT!t~YMJ}J5gGOD~B9h1rJ6P8oTkqLHivba<CH*gHJRg&U<tC)MM
zQ8;Rku^eXUW}B0i;mSb5u_^`~m+ch>pRNh&fzL0Ghy8?QK$5l$NYaWlK5N7lXcfGM
z3EA_!XD#Ec!%FTSHu%^Ed^NT5R_L$N=~r5;!0GcFMDq9^6l;4)t8=Iy5OxWsB-1b=
zR=u%!>e={!q<1_L^40E};m1P6r=2ARf6(F^MQ1U7+_$?!7%GRBpkuwb1zgKXbR+Iw
z01vC-vaAGaZ;8Xc$fADOS!G;pF5&Ai3r<EmJy-;b($*i+opbE=MeC8Vv^T!77HfF=
zkJm-((HZG!`zt3lLXN@9pH9v+RiYw%esKJlY1-3sDYUPa%|gE~KNT{f?N2eGbB-H@
zxM0gl4V8K`gf8m2rKiZm4__@s6wW<0yO_9$(FL)&;6bAE$ikDzk%)W{l~W8H<D?uO
zs?AK&AbaE+hgMv1IsW4GZFzg!Qp#1JDtTv77?~a>MO6N1#n$y{Dl+KTdI!g^;S(n#
zgt&apd&tq8V?99V^Xt9{`<nM;qSRF<of{0(f(CTM$D~iNSO~obMO?j!d^}c(kG`iJ
zQ7&oXJx?*e)=JdBn0q_kdyaR`46Bdb?yE3e4gVw1u}dHTTr8O`ByZ_g)`{&`ZaTJ4
zwfs>`-b1)vOljTQPenK1h771Cg`E{a0mAe=A>N6k*cR%AN#9Tgxw)z`R$=Fol~t_X
zU&0^Q7nLAoK&BWLP`wLGaZwMk?^I8&J#0h>OnbnE2N}+T5)yI5@e7bNV>3JCOC1`C
zM<JxoN-6G#jRHl!Ee6Z2ZTBvt?b$);wZ(9E>}SV_irnhh9iS|QQdFQ8A#o3vQQvt(
zQWt-EabBMYH%Yh6l$sxS!=UTY9K}`&L{c@r@g<KcXOqOH1Rp~a6cf?GnP=b`@i+qp
z4N03DC#layhj4a_U-ixygI~FuNBiuyn<<ASv{>7Ada=d$X&sPN%}y#SK54MZOQBbL
zY^1oHd?~Z<7Uq(iWf_FfJ}7cN0|=4jTu=}*5fpz=6Q+e1MRlMS+QIV`ew_hTqIoK+
zE@~1VRBh~`gci;E_)fzb2HCe1CqN*o!zg-z39gzP;Az18Af&bn&Vs8f`2Nwwu-jxy
ziL@HK<5k(?WF}9us+8ZluTcYsVd0IXDHJ?lo8|k6%A|*49-=EhapWkyd0K=(3V56y
zd2OcSyYTKXyUXv9W0>OTSjgkO0@KsxkXM%Uk~GBh*fUpVLs|>TDUyC1oDSJ3pOAHw
zCekS8?$wJoN6})ODCEt+Dm^k`uaD6R1Ug~AdPDWoJg!!HsE7)JNpyz4#quzH%9Xe`
z?*@%s*o;}V!Z%~A%tK`OCJmy#VdFJssu+EyHd*#%f7(Q5f>6!rV)%<*qYjIsg2<#r
zqsI#Ht@f}gKP0LvnRRtY6I;%aMWO4fy&3`Z?g-cp(Kt=0iglb+9fY^61Cj!L{Ypb%
z*q;4LaPmUXWL)8%(tU8^O--Up2i@qdrF=f~jyGGN?)4Z%{dS^~2*!JHg|{@0o-mN+
zb{>!%<b5m|QXUUB$L~h9tSEzhJ+IGT;d+BRYoEj69tJ5cXts@gr=Enc4}z}m(LxhF
zhd(iX%023ms63y5peTS4q~DIIVsda^o4MJu;B8x9`bs4_p_sD}9N?)~#(tRVyi*V4
zMM;F;kD#_=I#;c!SNV>|p~=%gG-)!3*gz@XQhQ5N^$8;P52zKRKl9PS^Bc?&-S{Du
z--6=d%Vh*)SDS6hgrgAt;6aPUouJ9AEvj|Dg~P*#H9g?*x5wW`ZgyY^;uHpId%A?g
z*|rljwncrSAl7f(<|_w;w)&=SDXo6c3F!PNDP(W(zQj0`6l^%$+uq&@Y8xJbws8XV
zQK!{<lPJ_-hTN+-Z$ZUASIyZqVs|-@HQU}DFeAnXPZyK3v)+O+>ejt$c4f&Z>BpK>
z@iAvWWZL5&P9C}&eayd(A+0R748}cUS7n0;op~AX@`dw`x|n!YabEJjSz}j=tX~Q)
zPm(EyTyko@e_#w~Z#1?(Mv5@9C3Lc4vKe0G;8;U+vKn73lX<<lXv&f+K9MLZSYz8Z
z#EeL(28EY1QbyXxY<YXF@?x_lq({~9qcggXH}CTld*$>2a0HIe8n5}J8XLQ0KTNyc
z9WRuOi08AViTn=~2S$`bMiDxu03T&+auifLoITk+NEYJzjtD7F=tbkrw+`Bp(&>u1
zCMIu}!0R(C!8v-Q+H^mh))mtq^NFkt&T!I2t+y~E=CG3569!i%=k995%c^}SiYQVE
zSk;a<X_GwE_vuL9wra8#(G=%wguiNt$5&{fiW>R6Vf3v3IjaZunx*$Wm=do{%&voY
z$zzoJ2w_>&&Y(MdBa<=BG0BOUzgjF8wFUJTtIo{ZqcV2dJZd9?OiggX2_P@JrU>Lk
zIdgMc0(fwOn$jL;%Geu;4RtCnHJ!+AS|@r86)8HBz#5dJ*?XS-nQb*#ctO31ia<}?
zzv5V_EoJAFy>yHti%97jlnhMQyyL*Hli87R|MaF(GG&hh<I-NypkvVHL(m}0fT2at
zg|ruQ)&x^bO5hukDwurgWaL|B-FPOZbS+4WaEmU_Dyo=!MXnEIm`a{MyJ8$VE(_%g
z`Y;dj&lNH6WczRmlp*`i>EZkDZ#iqlQ`hV`L7$>S2bxX?$zu$PZlr{G&b$<Ey$bTk
zvTYO*nMO6nm6c7mUzJh>#!Bfvfl!3L$W$mb%YqeR9EizACTJZ>a0;VIz*kI)&-bW~
znPeKf%hZfMTA8CGY=VF+or%ATi<%7z2-`A2cUFqHJj9sho$;TvIiG(XdJvLxwA?SU
zO88<`Xtk**#=^>I@m7Db_iBvyt;X1>vts5R*tx%&eTzq++{Xln*x{skn5%fRAm&lK
zKV#y2-$S!G?sZVyX_@)+dx)BdY&hS6M?MpH-<~w$JfFg8u3hmEV#_ERRx0-iQ$O(D
zUH<iB@!MQw29Yx`f5}5GC<_8K(n|fvuX_3)Tc|%!eMkfWWri2}0(viuO?u<La<ikd
zOYM{zt1tt$YyK7xr_dkr?Ea|UY&RHYv2$SUS<*m;pRI25rI8t2Len%<)qZYkX-}4R
z=+sC-VDRlxR4!kgqd`OICty|#cgx)MI;fX@a)!JhNW*y}#(VV^261TuJwa@AHrw#i
z5ygToW3+M)!z1Vsdq?j?um4g=2Bp1lqhg-4VKFCSg2n!uhR5wj#*E}8&;g*lBl*Ur
zpSEj+oly%Hf(!T`Xe3mVoXs+GZpF&oN2?q(Eq{Wnis4bRNz_dbWq(W<be8<G>5{Sr
z-b>$(gd7o{#HAb1;iS)8>yQ;uE_eoyGA&+02pdx>-h!=S7YL}v0k~vmB*7iC{$JSW
zl5y=vXeZZ@YqVaw<mV-1lSL)iPTWhBpHj=!$xHe_v%P_lMIOP0{tU?Dgn?fIV9sMy
z@_GZS%cTb7`=gpy^9F*Jz5a#V791Lm&g-(xuzBF@owI5wZ#XLG$tdG%Q+lbW*uyo-
zcJ(Ya5JnWBQhBwdiIYnzyxMq>2SK1)@xJTxs>aO0`dGTVc=_J!Rqp#n7cGY1-n2ZG
z5C%T!d!Va$$1vABCPPuJMa)YaR3C?k*#g*oxuco%))3DS96<FjQdqnXP_@*0+Apcv
zw|z<s;2e_llm5t_4O)V-K`Oxu1QYFF>`wZxo|jpl&wB4RejEb^{fNBpo<}&Lr@Fju
zcSi0$<oqD^t_SRVAL(@iUUk3F*FS((g#oX+C%~rZGK2mmCia4b?Qbw}OZ9?RCZS1~
zaufC^?V2pb&Of;4VjDMg<sw@%8h@eirJ9DB=)Mr?c<Z~TrwfrFKKY7E48a?pCBwik
zcp5q?!L@7SRATU>9C+Q`f+;5g?@R*!0ltcN_ZVFdLy+jxxF|omP$JAxH&oc{nJ#1`
z39ZX#j_*1}=v+A@=Rf8iXc6D*#Ko`a%?q7y0|EySw&08KRx#ZfwlyH*?v?$Q!KS-+
z*4T0{iTnDF7Pw*kW-h$ep1GMKlykj`lUk4FhiP+Qv4mPbY`)8c&r^w3@~ua0h(N`#
zYdbS<3~H-vh%Be0Fz9CBOz<^~+>TQ2-qIe6qimFlTLTq|>-~D|f}v{-k>HVOYWIA?
z@xBUPX~B02A6}qIKEOMbtbJxC^DVAH#gPYf1%r*I=JBOwvio`A<6s}pyaCvZiWbF7
zuq4%ca8ZisO|e~<p{nmniWMm3eA)~}bocu?L6>UhU$PBPHg!PDygQ0KHL}>INprbl
zjiIZKy~EuP9bRdhS7=6aJ3%M$lmeu)_$;^aH%80oo-HjV^fL^gr&r5gV0b^(^zYF4
zXlJqo<>)G7E7bcNcIR;tIKFy*`Gx@d1jgq_rIJv+Ha2S}4V<8mR#+sy_5#{!Kk7^Q
zt?&x(pO#}oC8FWgRNYrg3<51mi-iv;1-0v#ZoWMw#;Iu8X~I4$XNGDbls#)sPVLp(
z`4{y<L`XC^QD8AyEN>LcRj2J8(qy@f+rY}n-j#00?F%<ckUml>3#4&^#0kN_R5ZJC
zJn(>FHx5+4(7_hFSO+v&F1xqnE{IHe9$Xy~O`?#4sm#9<>7eb+Ym(SrM8nc~SO*k-
zKLmIL1-Uc&p3|7uZdykYC5`k(*-N?yB$QjtJKIHea&pZk5jz-n=^dh|^avgl%6H&=
zEX*VNWKdFy=dUN7{$eo6oZ0scjQWHib_jz3kFg`NU~ZOo(lyLrB^7ZcKV?SF!CkQJ
zFt)zbTj_IF#1G2`1t0G=cNz3s1|&6j0DE0(5$vkD-KetGWUd2wdD{HMvE)VU?r9_O
zV!GA1b$yh=!vURiD+j$@p6`*m&-#2+tnE6KO(nr2q(uYn!RNsgcr(Tbv)5LHP}PZR
zJ<fO>nhm3r6yacnzE*v5-@`jz4T480jraxMlP9Y&uBhtM$rN+*;ClbZ^<4WrybNnT
z^dIE(2_zI2FrQr&8p=9oNS2agvNj+#(RXfA+;JkKrH31*Yx3!+eU9qqQJN3@3<By&
z<W!9_(<@BXUehDKyS|(WP<ur_Zj?ZO$b5C9{BUzkT+R>pbk=GLJDb#-sC&Sm2A!kY
zZd;5^#9)>Hog>6aH}3+Ks{t{yi3tA=0tL|ZDuenK*M(7^G6A+Gwp+Y{?PH(aT0$vq
zK2x-fRq|D=&(YX9rU3oDU|P*#NV4Fo^Ae!T%d<vr006z=2e|eM1-M-#+9UjEwZFwl
zMiJ-~*+<f^^rdWa`dNZ!wfaL<R1)kA1kvapum}P)O8YLG2`FvERUK{QV~iFRER$iB
zfIo09G~efmBvtC*S|!=9^-Fw<w<x`P3?`U_$6apTN_kWHFiEAQA??Jzt5<(|A49L3
z{KVEN{!xFk8DB7MXAZ=%Fg@Q^^u-}k)U4)#Cu2|L(Pw<k7*8)Kc)0JooBu>EX5eG&
zE;Ia@C6slL??n6Mxr<zSw_$S@;s%Sqq6r|fI|+J0FG+$nJ98eb!1Xf5W?#%>+(E2j
zbH-pU7`ylF6#EbBo->~Jbe&zsiz`Dq><Dj+oUZh~z}mV(b5W$;`WmIrfGk^z-8Oi$
zwDLaO?)L=2Vp+E)+}MJs3uwJbI+~hg&IIk(_oP9*3w|<MnBdBZm^j~=(}53|oz<l5
zriQb9aRiqS?cc;6$<8g`=`@oyKf~t?*3ro`v)e<iPhEKG!_VFH(x02k$+JuJ5##``
z)pD`k%dJ3iy_&K8j<jOoO<AuzpkOkf+@q<-2Fn)GpAtcTj^!=4)VJoD#iQDS@FSEu
zqGd<9FjlvXfZOKfa%Mmkq}i(DlI$6NTV8WUChwC{8ioo52=ONyDWdyiop08yc-&N8
z4a!pQEI#AgD7NK?kp^rbgjn9(HX^2MTG8@Aebd1}w9g>aKGmh}q%Ehke_AM1#mxGQ
zLZ>y&hF`?+1Hw7Hf#Wg$hWy6W!5MEDXR+kWYtGC(h{xpGHBF(yZi1C+=CD&RqN%jn
zzneqX0hN0G4Q#lL>&MEY3Sz@^*bQe~w2zgGTmn3S8z=XP#VS0ggUwtY39vDic0X8~
zGflrbTdbc3sZG3iXr6R$$=cY0on8XC-8EwXtA4ku4}g;$Y6GFeG`hR4-aCm+&VX*t
z0h?B`t9=w0%@ELIL4w548~82z!1c9s=!dx1QWu;QB^uADMURO7JSfpo{;5dcEt8Fl
ze6Oj;F1{%O@vhJhoUho)C5T^ypkFrtuNt@j!R63JB*58s>R~jj0vCL~fYAfJy0c{E
z+>g-!2<Kc5<z^5>IC&~@t45<&Jip1N3omlEA@`Q2SH>-v{-9=805Vdx_g#fI0Qokj
z?WsFbV$N3JQe5H}EUi!UZD#W@Ty~lDk(L4tlM)ni+#>Uy84818DD};W!-HfuR;c)8
ztPal3D@$Cv(P7hQOOgxzM25~PSMAKlmt)Yf8)K<#8jcJ|z7(UF=yC^VovhbgcKfQ%
z?4HLF(G?Hn5ll_waz3+fQ&;(WuDUPE!k{+xy~cGP@_02>cRqnA39Z-EAgb3zcMu)2
z8OQ+MsNY}ESRJdIQ+Z8oOEPp<RxeaU3dZT&w}HG_f=_a;Gujo?!7$cA(4bbYv;vd5
znHv!&7ORkNi+GcfUW~Q&Mi-m-n}9E)-)BE>#?2<B4#t$5v@JjOPR39q=j^4aNFtmp
zF9~b{o%8g8F+8*Y6PlRB2Mf+bu<p<M{>uV`=J$qx!~%%Pg&k6#x!Bn^f@(a9*?TD>
zAEKsi%*55KZ9@wfW4hR8vCR}#j^^?Kotup{`tWZvx{Bdi`d_cs63%jxZ@M@5oo;io
z_*7^4d1gxPrv|#=sGz;GrsjBEY(*XK$vOq(5pzmB`j7|nu4Hz)hX&0Nya!lfYOoSY
zO5CeSXw9KzC2@;Z(rl!Wdf;S*c6IB+bRJsE+A9&y;V5SW!&_V^(<so|Q1}fxL2n4&
zFQY^XvN_cIy>ja^a(6YEUXYE8@E{}abVW5xSi-@Tx?lxCzH}}qoe(!HJ*NuKbpx4Z
z3VT_kfid^bm)e_D5@w9ZjJim-9lg~h!&`d8jC!5HelH>@#D{L;di0{2&mwV`IBE8;
z2pHF<TrZZ?fr_|bPnV!p$Ef65Q!>b3<ftg0WJ87dFi7w%%LkR-R$G6D0`J8EEfK*x
z_UY{CAg7c&LtLd#ROP~UiaF#pJHK*6wnP$RFWl|QjBeA<Y$JO!(8&1RTUo6m%SbU9
zqFIzLf~Y9Q*ZcIkphfQvQZDf&x!avaQTyDLDHzDFkZ8a4m1}bMc!a0V<XU=~djpV~
z^VfZG$A2Ks`FaoV2CN1Aw1^r|DH*_RrR&c(=!Mx#Xp%xFcZREoX)m#CK(kzBX^9H^
z0@wmw;HwTZzj@Sy#+fN-sxDTE)hrxwTW(o4G3`)wruEebVX67P0Xw!-g5*5SIkH4a
zp62=@%QW1P^BkFTo~&+pg-q_dv+;VMR~Cq~f}EAJS)&8s;|}beANGH>(}u3;2e<*A
zULpX39B$Ws(6L#sZnQT50p!QkFeEoUY<XXg=tqB##UEc`*&L~~s&#V-9_q{RmpmO;
zj-f4&m&FK$A6g0L(XGp}C`<A>)qJe2P%J|$b2Ni*wsGglzq(!l$NgZxjUuYT<8i*{
ze9?|T#ELO<n&~yHe~m!K8n&T%r(U(sSpmw974gn3p4d{n8q2Y7fdp9rwu`ul#Oq*#
zRLT>J+=aE@ZCF?_i-3uJ?l|w-+2Y7ExbnU9DboW<^vC+q_fyf3)%J<4Q+?L2yu?Mx
z#kIJrVQl<zTj8;7=L02%wk~>f>{Y(C0T-~FemLXC3muyCg_zca;PdPF&$XR9=>#v?
z$-4Cw38voO<|ph&MQJ|1YiBB-BrcS(K$)lNcBgz{;k_mTAhIYkJ)M#Sn>wF5&ygaP
zA?f&TMO;gqFF)ME+a&v<p>&S1-(Ff2a^>W2X(Pq!sAOA}y-h*45Y4c#;0zn#Dxzl|
zobi6OzU6=m$e&jZt?V@*bUD|=P{yC{q*ZaZf`X*<5Ua5%qhNsygMw$}s?dpeAJcdo
z?|j+bP9sOz-TV#B<v~p_R?#IwwL+_IQs3XkeGu;ez)=Ohm;^XnPN)Oy12Hr~hsSOm
zzT4aGsWQ<_o`P?5n2Y5e)p>2&_|EiY<I9Lj`^Cm=@jCO|-}0ny3)T*3uVQ_VXj|uo
zK>+X{D(Uz9c-(dS0Ou>afNvvn(EwsG2h%Nx%a*8@Mwkzmq)%W`qCQ*>=P~>%@f=%_
z(WihA525z^?z3#QEkC4e9zb;#UyiVAtd~oXmHvD@Ya=A0HS<`h&8Pw{@zcq&(qmjU
zZ-WS-rb=M4O3pEe&BQhJ{0N(gF#U0m7T09<Wx02it?b^t-wR)^&b=Sd`gwhFdjkHv
z?9`?J+|u5B9RUBHFdKu#VAuXxBtsil0KI9J|8D2=cL1t>tC&6Jpp;!pmCUPO7r^K9
z>(f;U1K`*;+pbe7c@tF<l-AvQqw`xUu}6XmiXk&9a@+ws%;VufZ}a*fpJb<VBl-G_
z4CtFYH_RdQs??wbufzv3cw6r}eyeWq@Bq*^6<<QTcw>{p{cyb@l4H+T0PcL3(?f@#
zi_!cJ(&m1*eI%C>$l}BM-C0T%N6qV~VpQ&DF_WDdafQg@YQh}FfZaJiru66Rs6)S9
z<g0S#*Vt#)&T!zp6?F9t%R?Qgyc~ghy@G33SOBlV;(7Nn7=W;!3;A^sfb7{}B!yC~
zc(!x@)*Jg?E~?a<3C>gi|7!1iE@(!MC)(`w9@KaHWQo_y!~OYj*PPiaj#X{WI63AD
zJI5M8d#5+?x!bN`17P+vg?uY>NBsJ-x(3kU+wf!@ghjDzyY3AF)L*N^xb21tALy9|
z`2hrbw?<_W4uNY;3Q~Ge!?5jxPaJx3sy+U>(1_yD`i9k`9%aup`oe6c7SfD!?l?ng
z=YmwF(aAIOAk)2c82~1(r40br`4HgMZ)nWV@BI7O_JyFX`-W%i*NbaW2WcUa1l}{6
zkap~tj_v04jArchvF(J&nQds~*WnFD$rBTq%R=#it5^v~)S5B{9^_|x@i&0riK=Jj
zCSuEpP+@0WO86mG?-z;mwU4jJDfXeEhkn)STY|U1KgXPF7ku0(2nvc}3|kOcZ*h8t
zM*a%r0OQH0jzl=ie{l3tm)>JV90&Iuzh}DowR_kMS-|_A$>8uA6wS$*C6=EfLxqhn
zJM#d8pVlhU`w}$}#uhgBaTFx$TQqB)N7gxMT&}Ux2ASR@G<Gc>o?oGby{Eq)MP?Eu
z(#DfK(L;aa77b?(nZ8vI)I}d}0+I+a@E*=-iPuNmJ~zB>Xez<M1tIDZgfEe2pZUxK
zmwZrsYImVyGtb2#3iS$dL1oJ&p_MUlbcu@P17+6hUDvQ%Xh?#oKq+3|bX_QY@TCyc
z%vKER{l*qu0=mZ6s6xQN1y!AweuV#JaR@R6_yO*|Y;6SW1aKn0I?;7_UFaRM!G7U7
zcscIv4!J)EBmt<OBVPk&5_877J5u4sdj$oaFZQADk&(8OW+^o}u(y76cSsS0E@9}@
z)LcBw=0K%@R$#QeRkz+^{t%fsdB-=?6oLdE&4oYjQz@`e$fNXPGjzuBOo{yEGd`~y
zF1uE%<IYn`sBg;B{TaaAM%$5~{>WrOm?myx{ay-88=Fmrb(}tY4JxSER+A~PDIq0w
z4WvD@@{Mm8e5XHpkzOrpO=Z5D%Xx&1hrxTw6uYexwhN`Dq@f3u%q@5k?THc$+_msw
zo}vBqYl`!-fw<HYxvT_+;=V##zh%Ifui7w=ocqL#+98JtU%1-AG=G;e`(kEr$~7FO
zq1(kM_&U^3%%S7Hh3sbWU>Ff-V-Cdy*x74@E$P&wq?x$)tTD%py(c|XoJ^tW1E=MX
z&bB57ANoYxJ8G^m4A!in`jDAXB+@}rXv1nKM)Sy9s5a!W?}MN|XwXxHU-?e+_7KCl
zHFLRmuUHQPd#*8uohl{qbt^Ua<Z2D~zUuXL_GJ(aAwaOD>hnwvzaK^{mrv6}G*Cw(
zWjRrIK&&`r1ruqyDqf0PD$%qQxsjoVAy|lgix&$(DH3<uw`9y3F1KG0+rrD|Dx>Ab
zu(QWkp=`L2wVd+H;_dLQM1q;a#=Fq^xV>!w^P*X&0n?`pPQ>;@VGD3Ks`o&1P*78K
zh869`3|+9SQHppzUec_$Dm)++71}bGvYz<}p#%b5`GY{=`9|+6lJ3*%te3H$mSZwB
zL-dx|(8l`!_^6Qb-MA-kfhw&J)L1qUbmrb(=@6X2Z;S`VIcoUU^-?ISj3~}|TKtK4
z_lLU|KMc-&z{YwzLvu7aV*b^)4*_xAjMh0QQX?s++&nY2W65i_a^Gw}?letdqdT1d
zFMDu;K(ImHmYY!;>KW<T<?I-n>d3dCs*p%ZxvC7vYKiL9mtE?nZFAb;xs|MDTz?Ua
z+&;nnioXUjq4ib!O~It<43`hK#L_Z_&NJx1J3%n$XpH7nf>-fZA_hpB-VogVarPyU
z(BRDsi0UpV+2|n{CFuZ4l^K_r*b(_7STjt2qX+uRV?wBxEeR0zc+X3-6nBN1$GU9i
zd9B{@f#6Goag=?$NJY$+>hp3+0Xu}X((HxY1IZkS(y}-)EX#u|ZTAC_<VWpy7&TxQ
zH~~QBFz@~MGwq^!=^_X^4d0v04%fcNZE$qc#)oAgA1i){@0!_(TJWgr0>T8ynBkk+
z?^MloE5PCoXr!LuEU5EO%^Op5g&gxZ<19%h3&0tM?ZP5Q9R;2d?+8sCq40$qmcAZ<
z5e+DOJz+Z0mL|ktlc!em2dVlJ$BKpLn<scJDVMWX2HFIXjz}jZMb)+CDl72GIJrqb
zvV-W_VNk`KJ<}W2Leb^_0lPp%zdCKg@1+E@YCBjkKa}E-qK1Yz1kpiRTRLnQh<_ze
zbQwhlWo3xdRXVp{0JbVk8Y}!xaS@6CH$Yuc`6!6Eit$<{N3U9qS(NgiiZvbNGyV+K
ze&;;<XY6EF>;zX4!42hNmb%v!&O$)5;R2w1nD~ers539;k_sXzBd%2nid_B^cw#7L
zvtBbp6^?V#REwk5>uU@ZH0>H0Qx%M<&ZS-7(nZ12yGCW53I*vPefRLYq<Z+P3|$bU
zx|UQ0FrZ3+As7m&!NrA7h@E$J5wa^F6>xl{yt@zE@dYcU2r(3fkeaS0!O%P9igIMx
zUkBN*t4XdqkMTGn0#GyLf5LoHF-ijGFjsWbOtnFHJ6Hj%N?d3&{g9^Qu18crTK1J1
zoz}9vOxR2yt!$petIN4YJ^A3Ut{GtRkYAIgE4yFS%hR0&bcOa7(Thjg57HXIf%AzE
zgy}>mhrvGjQMyVHhFp(8Iv=!8%SuR*E5mS%Sf#e+`mx>>Vz;aT>rLflf_F@mS{rJy
z?y1_URZnHEn8KPsYq^wB2fiClNl1D^4`hklOLTZ+jTR7AxT~otdlyLLfOAo-3r7sR
zCr^Y&FO&SC_X>B?3#9drd&)pRi@KRKaefvP;9>L)hh57P8VtHb?$B_hyHOj`C;}IV
zMyaJWjsud0hueFJK1rnxNwJ9XD#D;?A}tEQR?XeLSJhFN^O^2YYbqxqV-urSS0bg;
z8ERTcuad-90dmb+iZV6U+0WzSI_mTmb`&=VSrIN_mgY9B2td4oM?Dfp<E<j3{G_np
z-|`vYDGe3~=^%qy0}3T-Sh$j$?P@?1oZxM&%-m3WxtY4Mi+<8pA=#S-a+@m0o$DBP
zpj6zd7V++@4cl`!w(It4`dPzJSN96mC)UDB*)J6>AtrE&_<4${P;@q1XROzx4y>8U
z8vvxHh``Mxg$^>>{_K;-9dc=UadZJVkcMtvbWm&KdUn92W@Q1(S@<<muck08i<DeE
zka-1Zioqp6mCGgIY8-~aRs*0XJXAGw<ENBl#{0Wyoez*Z>E$3%1T+6>MBcjDXsTzS
zDgE`3PyUmb+9xr!Cw1$L))3MB+cjwgPyoAT{6a`6xp-b`L7A)p;#oK7Z3k>cc-4Zd
zm`Jk#vZpWjIg=lO$(848%A!ZaCM5WSf5n*&<o_a)$G!aI!jP?|14~;$CH_(aTi6_5
zvCd{J(8yG9h_np6so0PheBr-@_>dC3RK~#2VuhYZ*<v}O*j#(HlWIvi)IbE`E3h|k
zq=;CESv992(sUJ)w8-p1g!NGsH1x))7sfDcmeQ@5vn#*Sw|6}D<UBorkcAs2$uX=j
zJD@77C3cp`@gAkvgO~$qd5FoJ+!Pl8H!$b5%S$VA+pxkw&Zh~sl`Iam1V{+etjNBQ
zf2ihhD2c~#{b-F`#jzwx)0$3++a}f>-CDUet`!uk6#g7(-Hp~yO=U8uB1aH>giGoF
zSOI2%ol%t^2SZqM7+m;xE1pQULIaJ#RDt%P_I2uy*fJQ<PY<i9Nrqadcq7*@N6+q{
zYlki|oz>paUa9}R{XKj#2_H_VA^c5`<&X9jHv`_+9-W9^xcauR`GU#A^O|qbzBuMs
znRn11B={WLfuJXksBY`8@io8Mg6hzv<_1o<q%`N5ejfkN|N7r(-&_Vs@m@-Hmqt^l
zVe8xf4&Rk#bC&5TF*Mful6EEGy3#eFVS#O(`a1ICD2rov+RqD?ko+*aV!SHL%F9%!
zzZn6vDSmNpieTkWz4&ybIE>@s>#z)GB<z5Qt5d)c(>dqgD?L3HEDVgE`b&oVdU*4M
zIFJHjrakBCBDI$iD1|+Jua3Dli-9bntRUH>!pO)=1ESw=KLtg&*+^e<hHI>#>+=b8
zw1!sW0k?1)>#c<A;((e}Z>d>G=T^iAzrd%xdids<sB`9^BHwa-P${DvcIv_YpKv8+
zVJe1(%$kVy>*YM)#^iAz^*5g=no{&GU{bKZ#iP;1(%BeTeN&5PT`2Y*EuWPkTJ4F=
z=(C1hD6-4dCL~~MxRZ_;aqHSh<|aFns4ksMcWv=fc4Wd^8-AsWDNjYmwYY&MroDzN
zBDN;JH6aVVdtmCT<{oJWm!ave5Cuq6?mm5SATa{p?lLpOFA)N{(9Nb6Ko$FYCswJJ
zTm<%B?CYYrcXD6PJ6vzJs>V!j+3<UB#%d10XNn!9g|*n(W~QE|jx0?+P2Jd;ej0l*
zFafP?yT%mM)ULBh$RIS%#-^dBF}7|ZS|5d}S5uKeD5K3yMh%19LDNxPocpzWs+HdO
zw&FiD$Nw1em<m0N(VGAH>5FpwpC6z8=;D9uqF|J-{~+n?45LIG{p9Vn2Zh+9aBtK!
zPA;iYMUJE@-*$A7fBj3L2yc(;#F0w<jA1@_c)FSz;_ZS~skWn89t=U&Y6<Rv$(e9B
z{{3(IXTGP<c71@1yyd87CV9Zt{$hEo9i}O;$J$2Li?~O@KGs9aB=Sc)M0OJfr0zb@
zJD_v!hAk#^+eq;{Dis7e4Mu&BK{5Vcyl9O72ZiYW3*ZF~o&ui$e>{8k7w<*i6R9iT
zIsLEOf25%U@jkD6)`z^b#eX~~=l?nU@rUOw{_jo-Pt}U?!P(`Jhdb}E@Ap({;(w>`
z|Gkc3kN;mhJ9z5w|1L_y{(t(EMr@hR<LuL?jSqwU{{Q&nvlnjvcTr6CAMK={a#i~$
ztU`>z5G%Eh(L(=W-%IhIpZ;+0?75@=yC_2UOF<kwx#y@}l?Hsy2O@`Xc;x+03L&q@
z`De>ziV6PkcOLLR_fX*(+q8iHSo8q=ytC!7XzY=%YmdCMS8ra8&tDDRjo-dn(}272
z%m$O2BkxxbeAiUvDF-UC{>d9CKjCXSxKarYc>GpX6(#OrI_Fxmnjs3+`84$94Gia`
zWjnxT=cnUi4jP%~1&gr#rAOYO`lV{TgRe5(b1~%!ZCf?bUZ>sKcoU?)K$}|WMAe<D
zj&rp-UA>$z%Ts23(uxOzMw51^VrGu_Xn(3?n9dDR<t*1Mxh(z0f5(M3tdmz545rC!
zAmXGAq$~bUFBY|Rg@tE;VEt+Rg{h`nukVJg&rikMQ>~AEZa%8&#bi+7Tr)s#f}f7i
znWnbd+-G4n|1+<4SgOWlI?veW>!|LOd3lrv=}f0Ppq1+8iN2c-xt4FLyd-tVc%r7-
zg;#Snl}k1IQ(lVR71cSQ<>7TXCAsL9(zTDUhnqj^zRNk6!3O}0f-GR+OFv{c=lB42
z1{nEib!|&O3CRD3*LYE?P%?~HC)wn4aO9DzL8ZR#T2QxS^fsvb9rtSd=1t{Gy^lc!
zmx#)mE5W)d=rMp4>Yxg*qGv$eOnI`iqJw}|P4mO7!l;^R$N-(+HXGNu81etzS$`@m
z{QtA(hleHp|HZ-Kf#d&oQ5^q|M(O4TJLC7idH(*J;^)6z{(UgWV@&>3<!Oxg)LUaf
z*KX6Ta-fchE0x_daqH3VZ4=^KDn|TYGE2L0e!Q&Z|9*J(;^5g2mHe+iy8K@|DVy_u
z0R>aVztZ8CzjE@Y^Ml;YN_ttrJtna@j%vBXO1e@kx%@G>^dlm*l$=mJ%hhP@;j^K{
zG#purQ%!N3YSUX0vd}1O9$h#eAN_VS{}Kq$$C9!~D1UV9H4OuxPCP_y5vvKDR7Q0s
zy5M>xQzNgK7ool2tJ1M&zRojX9sO&up%pgaN)lyyv|gpK5{6<n+NL4M;-o~K2C9QH
zg_hZZRorCt1%0J|D}Q|hKdKtbaFwvIxZC;e&4H%BD^3n4l4@0g=yDaZq|k$8oiRoj
z09e9$CVs!F0Bqpp;e>#Yqhj+I-^5md`p-0uPHAU`@&a%VerSvFOaLV<mbJ%Z{JOlu
zoJv9$e)AyEU$&yi*?fNK-~Zd=|4zQDKmD|akBV;gp8Nx!ilpLNmWMs34r)i{F8bQ1
znZHbY-2GXFGvJ+F9kOsaXF9i+0&ZQfBA5W|(fIV_!?W|6k2s8SkS!bx6plEDn9@^+
zDMoNrQQE?or}d*}Q>l0hDK>rIyPgA*mwucoB*2U!IHO}DpvBL0HqQKu&)x-3>{q^V
z2}W3~=gKt1S;w*ID|&=W=XDVkqw<n`DaEnFSM&rH{t_Zc^JVk(#hBAuyv`U>*dTmN
zBCx$c2Nad>G7A1wy{Wh&Jbn)kl!I_1DnL10fmC2PKYI1CinJbNK=-#ideB9Dq#ko!
z2AL!c=wrIVusB?+6iika$7nS3ul#V72A2btOy@xcy~DmyFb0}zM8|fxm_1bQ)gCpn
zjFltF3t^a6xFe>)mmy3(KB0Bx;FZq0XRprR=h0DU3&dNP`~c>FN1y>rC=>)nbHK<q
z*oz;{mNCAHBJWuu9bUScfb^cqP$#%2L+_X<BgH;k&iEUhlL&rY_~9}7)@~c@2-$Ri
zAhZX3oq%6#$RSsi5lW(O?T%@8pJH<8w*@K&37+l@J&xf{XqC$s7t6ZKizVko>c5u{
z(;q3%0>Sk!BH%fQ*6{CF=fCU0&mUuS9S~#ye)wK=DE_OS#Xh08Po+k1lDG;a)BLa*
zfeqia>s86`9<MLY+K@t5-h|=wViD9wto^2Ld-I)Y*kS=ZjOb|w8VMO06U^6xf+l({
zXz>$Wp$R_us-6>G7VPV3zJFd-cOj|;kx8|-qkx5d@oz9jdUK7^s>h;1zU-6(pQs9*
zl$&U(Vu|uMX{yl&V#p;x){JQ~cYXe^KaQ8dA7^jY*KS(N>yI7~EANja<amu!QT{xS
zuLITvJ9puOi~+ljmFg~^URn>ETEZ$5fscVE+sz+Z>iaN{uZsbav1`PDQ;OzJcT29h
zZThAgfF;));*8qsmzJSD&R8>He8sc`R3fQYQFkaFpVA>z0eTT*%;b}26<f?;dNzy4
z!ox40yfmv_T0YKHEwTg)R8-Dm8Q*yj%nS!GK76tOkwt-z)J$C#k<WX;^i#=MIsR5P
zQp+5?hW))}H``iGYI>b&*TS=|<OyPkOO^^&Jbp~yrqVh5+sF4j?A}H3{!!$g!Ue=9
zzWFm=LGc6$#Bh+zgPQx^XFA!RWf&Tv)S%Xs$bpBAQqA{O@V^PnN4;Fu=qSAg6A`FQ
zE&~?Z3xNe@Z(g~y1;{Btd-+HjV3^#<TV1-(k1$mZux3J<5ty21`Z$jld8&(42^zej
zpvD5A2ss#lqRgZiIbM8578V&WQ%GU4KCf6Ji>p@)Fa1?{2}ZCG9vcMM_k_5Xoh*lI
zcDk-9kJc_0wPrOUI@SzB1_`M*lUGB;IUn#)>BG|Ba{raw7*&Vm{cRa!YsHAVQZx|s
zfb5Ea2r5`F)6N*vGes3KAdg>P6WKsVa{IM41is~@91*FGs>~2-eYYaulEjs(<ucSJ
zA!tQ$G{hP{+bV)&t66~B8H*+r29Wol0Ly8_XXyDeh8YSLGEq`Pu#N_Z0R&PC2^fZh
zFHw9Q=`n7xM}K$;;66JaV-UF4$EV&$5zxjvnc@Cq7{k*SVwqZ}f-qYydA>2JtI<`V
z?FFR#g%!{`;xO5aC5bVw(mNtAa2F1t-yei7IR|ri4QQ_0p%-?u87Ps)u(~Ec7__jO
zyA?BEIB;iD|4m_hBvV9zX9Zo8JT;G9$0NBa0n|=l#<Ekn@x9{n#-baU;;up}D>jk7
z7J$X^`Hs(bWMO-JK1UMou~`>1G0x3^91SYn`Xjh`k7QJQRz6GnXq`z57i-`93{5_B
z+mgI6{FXUIf<rLdTaH68yFoCgEMW_WWvo~4u#7#t9G3Z>u#81@<Em5k^D3IvdtU3M
zuuZ40-j2{~;D_gMO{Xy`p^nGiggWBF6986ZYtZa+!eCX*-$53Bt}VPMnDL}F+Qa_^
z(hC0T`}e2k%Ei7A;+2$eJg#wq0gAO@cnZ?W%&^7#H|HqGMm+Ld+lFJ(aF!i;lbftf
zMmIhWQ+C?oGEut;?=?pWrJ>BXfycl#--td<*=AIr7W<QP8@XBm4##8wGVrlnDFuM$
zi`(Z(W%DesdmIPuQ6=LGWq4&xk@Z?6Eques{}4S2v+CkZaE|rFjnQ)L>^W}4nVuH5
zfgF!|pKoR;rB$X%a{@r;;N*88T}|icyeW^zJ}TVzxNr7bw%jvWfgi05nYw|X#D<mC
zH2MXjxvJ7oVLC9mREA{7Y;uE&V^Ujn-3e$-U87k7(wwkKt+S#mMdqE?w{z(dZH~iu
zHS5)*%fN-GZuZg{imP>*X4j)cIk07@4P{}ko=-`Vt_5@bgmoP=yTtis3Z5LgXJ_Z*
zZ77`MU^bO_aGccoaMu-U{t(BZ=bZQsk6ie-H4^4N+2%@8xWlk(HjYu2W7t||N_%M0
zs<0!5?F4)cYirQDJ7ypaK`0dK&Es&EN{<7jyWm-F6h1UZ8d$nne}40CPF@=Of7UJ#
z8HjP-nKJ`9{fX0`d|Ubx4O@r@ApKzsae5rqa9G1(jc*ETbaVPCawN7*OX%sAbi;{%
z3Fo8Tv!+%KKBLAOl2AHI135RJX6w!x>k?Ki?D{~hcVpGTwZ&7gkLPwO1E?=>j>zVH
zt9pY+q%qLnTH@PN)REJZ6(7$t1Bz1i3R4n0EGN*iv|YpMXJ2Hp9egOO$q)Qp*$tp3
zpi@^t5=WE(JN5niu`8yC96~okwqSq85v7ZQ9tSX~!6k;I;E!Dq9D~ahfNdn956~Sz
z&EY&-gb%sp^#*^_CeZXI(iY5E{&`&+XL2pH>y;h=LVh-C-IKQ>b@k&mU$J*LIO;n8
zapyno{Kw_89Itn8{l|ButNVCvp{GLzM5D2j82z<1MHog4&|ReAS8oBEEkwE?;%|lH
zL|EK777lL;1mCIt+KLn6oe=L3`!-*C7Esvc7^9369oBGI!(okY3Ttdnsb;5A0~T#p
z>NM^QU^TrnXuuuK>0jfscUtTpeo4xzDlUYwG+ni_+Q##4h^x7F>O!(p3M@WvDT#|P
zd6V38lwud@F^yUVGxHjg9%HEhlR*P|WZ=UME5^vIFFk8g`3Y{RBw)C)D)rA*;(xg^
zSEpkA-#*x>RI!bRB)tE~TDuKPg$o%1s*uk;pqe=07>INlELlkHjQmV(*byGG@We>W
zu8Lj+f7ykk2=Wpx`OL$H02b{o+qP@LV!>8@BP^9QF|}c(cEd(>T7nh(^i8l%mSD1C
znfN8<JGucbIM%vx_`u-<hY#*0J}|C|7ue)&zF7NFg{!eQS<_n)$@UX-RkBbE@WSoA
zBCb&2pCK@bVIad?<Fm3O;CA=Q6Wa40i^)F0Ah$f=VF`r+Gxj+1BZgehzT$uO3rO?{
zcFx6unY8Nd$sWb;xw#J`dtOGlNpBg?yvM2UdyLHn@W&t!HJ`Luvdsk-tBt@WrPUa;
zkakVOCdLO^LZh8;EgYbe3vU4%OEjpm1t<qscVQpB7AT^;76KaMOXgU<XEE5^G+!qW
z=dHDvnza^ej004XldsX}To+`nypMfKAXaw#@7aEDVYlx@8O-eTy*#Gu)h@rICzbb+
zOSrvfhsGR)q@#8(sClE8MQxE3Likr6wm+H`(=ha;Vlf6Ru^@jWq1E!ZHtROxv72fV
z<+3)_5?-(`Yj0u!EWbcyeaD$l4ibsN3=zQ;xxNv9g}!7#vQEouN~4+*U+BdUHQNcV
z#-ghwwkPmxujjX{A#Gu~=*gCB?WfifqNV+)l0vMv$=LWc4e$)K*0YxD+6cWV62P0W
zDFV2hF4ML0N&y1^uXX;`%0%!wjxR%Bywg4nS%yB&cgYWXLpSW#l|-doXO6|nbIsoM
z*!gjMD@sNz&X2?Saoiz44$r$TX(_gW!~|I1h%|&-<5$EuTMWFQ#sKaM!D}9exkD5Q
z_vqw1Ra(j79-TPqboZ&#-FkFl`+m7Zo9tQ{2CdON#By|gOUB2gDd8%Hz?7|Ido+6_
zQn!W&R>b)0N26vY1qWHkCgx&rkiB6OJ2{v)`M{EZO+r7teVMo9BFCpYSO}54#z~IJ
zMMzPnPb-v_G}`UG6UCqE#`)y!*9f^TJhYQ?x3?U}N8AZ1*Tzg|8iizM1UDCXSS|78
z!JY;A?ac(Yvb4To)asI5u|#;V%FuhM9X2gvI}mb;U9n?}TuYP`qdg8L=BoIUpY0U!
zSpN=0OYOvY;1R(2%N2>Leexf>(7Z1Lr*?M?NjG>ohQu)>wZ(=ZN&99<geJn)zeZ^2
zM0yI`hF8&S83(Yf_#3%K=J|T3a`VJnKV>$SDp-jF?jOO=(-<4meJ%I94f!u5jTe{X
z9&!SOWti$A7VN9$;o=>(RSzPY>Q=A)prW<o<D7}uGTgoW82X^lGW<{E0GJF>L;M9#
zH@y|xn;gF%`;kl1<(Qte@N!Jg_r&ygIYx8%#d`G)zu3de;g|0TzgWf))NQQRJR1o!
zsX#*pFTXnJZZ?ZO>wJKm4^V4yK0uXKIjp{2kligGAgk(`sfR&fe<{%-e?7&qOZlw<
zGOk-72NRzqezJjAgyXjzzikCC$8X<j%zP(eKrZ6Ue`mULD(s2)hmC^zjE2&)_|`-*
zq_@9)IZ7ZqX_?Bp<R_si$9ZSocs7HNy=EOXO?+ON?D3d4<Y=C!K_6&o(6yx623=bu
z6vtw9-pvz>R~GrGkW|J03imi-;Xs_1VGxh54u;Q%ha;qxqldK>4q3RIv%}%>SWcrY
z>I{}$hvvcqx3h%fSZ*(}R!_;tJ1?SpY_0bNdV#a<n25a7+%tpFRE^W7`E4mFITrK8
z<XEhdlk)~P3Cgipg4gzWg0YZfl&~C&6+>X)28czG?A$g!G^5_U^%jU@zEq>VF@(x4
z{S4xSP1h6b0^ok9>Q?>*qRCd`0Po1dP+!6jReb(pnceK?UZ;8VIpK0Q^nPFR2pS>O
z!#+yEyYd!<%vdxV0j`3k2?cME5?s1kF2g{JOpa&{FrR!-tKzMZ-JhDPo^Q<wvgFYt
zGv;6(8<ygUN#fNdh6D%ZAPcSvffcq9Y4idB?k5PBZmR8H^7hgzN$XN_0^`#Yg#8uj
zWq=8C+6kwf*xquSc4C{}2I3lb6@yNBbK!w4uyz8s2~os(a2X+t>1*VjzIrR<)qVGR
z%wZCTNxmgaVk?JfT!mqa98>jfvBFS|QzPt94FEY+m``-${eFD%QoJZ5E;WD5-FqNW
z?B9CYe~3x3NW2N=GcG%t3w!=8M))-K)F)w`1K*$~!mKY%{4`!HS(0HMX)F2cIBzFU
z4-XTrbx6BXiWPdgO6Nuz7~>uBqiJ$Ovoi2FEUe*`-cqiDPLiUMvI5agVF^`h-TKm$
zbZ8bEzESa}q*tzatKnKuP7eKx%$tNP`oe`^62W1XD|}vxt}8Rlx3mZ%U#LxWp?C;G
z0t90rNK1}Dq)E+VXahOnnudx{+;&Y(BeL)98B{_HViU9dM6f(IZKP9BU#Fo%;xv&o
zO&o3Bfk5p1wwhyh7k_<yaq-t({B;+9{kx67PUzGM(|wQ#Sn(5&(gOFP*jbLM8^SB?
zI6i_=?!&7VGmjBeTOnElO&e3kuPmJh_teJmL1pCWH+%x1^fQC(r`474c6HO`Q{^Bh
zu5!8bR9$c3Pv<NO(#3whxP-n&GkMl&6K5XzAZo_Hl1645wumKb-_aZ%!r%!o#1(YW
zMLs%(0mVhHz$)j~y$PFs!ITVe!WT$+ICKco`$*M~ygf0CJrj=;EY|uJ?A<KiWo4PT
zBt7ZGOe!MV)=P|C>Sx5!t(Fy2oemlSkFEJcSQ*)>ASk-re&PCM<zq`+Ex;$k=;TGv
zh)W?8@>V>IrQs8K74D7OB#Pk`13oX#RNh~%71qSuver|^C}Dh3aLD*=<&$!{Z>Rg-
z-g2Do`|jwzkuVxo<#fWZvbnz0HZN<Jhz&eMLzSg@|K^;&2`AUoo7|AI1fC=Q_F4CV
z-Paurc*F;$f3FOKWNhJQ^VkGxI}ZMEoX4&p?_Yf#Wonf3d{mz^f?e0yWvy5o-Eefn
z(T(kSUu?z(7yQktY_Nj0V1+dVtK-yWHn@y~9QJY8$6=pu1^ZZ4|L3(m1NgV=TK<ot
z7LDms8mqs3d@pP=IpTreM!%oDJl+|LmwVh7?GxRf2ut^9ucpJ2)vDy3uiK;0<Ro%%
z#-7L~3b>xbi#|#X;AiUjj92-Lo_KdV5QTzIZX^?k81*>PUM5vG+S2{SGEOir-5Rjv
z@ToKMskhrRJdmF&#@Elq0L#q7b4eODVRZaVdiKwV?h#Wc^^na~zuOTh{IAO(p*sg8
zA&zD}>~r3wmjy&$krBea@7|Ul9$+ZM6+XbRShswZ8ARC+&#gBITKSi)PD**{oY@LX
zo&P|Nbm$&x{9~rE2~5M4CER8Mt1d_fODDurS@Cz~KA@Klcn3>I+><x8!#`MTIa@5d
zkBoz*GjKX_yI8&%ju%Tu@YzSp!D1CLC!d{#c;79KPnXPAou=2xKns#UAI4ea_3iDl
zF!*+DvYjomT%n7rB5|f!o2vwx%{96^wz_I^jM6(HyGEBiHP=DqVxE!eX}tvKtfo%?
zw7umx{nNd(np(}mEcJjaO(_UWlw37jC&z)gf0o?4S>^DHjkWPx!(xl`i0YnpVG43M
z_Q4y}gVvBm$ft4#IfZd4u3uTS<~w{QIfyh}E&L(0qF*KfYDh|6e1#JwvO}akz0?<B
zDB>`f2IlIE+hQt&XI2F)>(+~$MD0sr`D7svW5GCe$rGxG7)<dh<7~^m_n9u_XX#Wd
z4mY)qBVQt8)to=`!7me-j1t6g>To_nKPl+39G~L&l<h6Y@hRK2(s$IaHetG+l&np<
zM;*!S*VYiomUAG8MGGqTc5GVTC(pT~5T%IcBWECG#==mDGJLjG?C2t;yGZGti<JJY
zV)MHdDcx46RU(&ReZ#jgR<jOgY-uh2zJW$Yf-i<!KzNVvhwC_*!IvP>^m}h!j!$>y
z-O)+qjR5LHuB}_CfkcbLZ%>xpxeKB?2a;wISSV6T%d?!m4h<G3XE`~`QRc0J%v#Qp
zq@oih`a?A4hPWK3&~LSfrG!m(ZjamIvmpt|zF7qlXRMO97cX_8`Fi#N?goA%4ImA>
z4UPAv(ckYMHov{_@x5X29S4uUuUNZN_?LbYm6#^UD25b$_14q!VN7_o42i+7SQyL@
zd+Ww9{UP1Z`&}hj2y*EjDv3<%B7VjD_owHGFS2+Vha&#gk|hB3jEBby#8x7kx(tDN
zr8cSwva}HZK*s+fm6y+RBBVF4vkMT`;=)@-AWTWkO0We!iqtx6ftN+r593o{p6#P@
z%T;ay$<gQACSs-;ZCuN+Hn`mouit(~59_c+8%JI0DT~LB;w`<O_msKAYQCl!J9e6_
z!#q=mRhACB3>~)@OUf`KhcRseTy@Qo*$Ge@xaNSbEkk(zQf=>Lei)_#!C|5-UIie*
zW&?JC#Qr)7GG9JuP_&-62%#F19&QrBW0VGqC7>7B%H&2`VMx6a#_>|ntSO7232Zlm
za|Q^KXagE61o7iBCGn#85u1emOrTywZ9|o!>H7M5NKaYd<Ra)W1Jf*?rXv|<hQy&!
z;x9uX8a-rT7+-%9YlPW-x(e8*IjzBHk0x;pD_$QA%NTJK^=|Jpe8<Cosg8y@KbLY*
zQFu#S_$;G1QUb_)PhLeCMJYxahQ5xpXt~9HbQL6Vguz;AE79T=CmG&8=*fEvb%KEi
zOgj|HyeK`~8+vasuoj!3^FfqP2e)#90Y=fCfV76K+vBVGjq;A#bcN;-R1LJHH5yOh
zKtcLU>O<}Y2itESl-3jeM@gcks*@`t_jvrBtEX61m@56~5<{ob!HuIly4&6eg{wV2
zOuD+b2)+^<LP_fI&gePn@~Ckt(ki|?tk}x}&dv!Ll-?&Prx6@z*c*fqHT)My6CV*T
zv@$lOAV_*s08mQDH%Q}<D0>C#q&^@9khXcm4Wdv8pjiMC2*4GZ2$96ot~n)T#cm_d
zXF$XR>Jmp-%Vr{uvwsB;TQOpfIa-|FD2?`pCtT~YHw@Du-QXi3Pl#ilv+W+^sgx8S
zth2iEh|2}@7|8xt1}NSiPUFSVU!NWv?DcoF#8qiuny_+QJ+%SC2XPSv5Y)}Cy{;Om
zg5CE6RAP90SBHDV23<Xc3orZA#bEl<GAYxz##e_XmD)hib2!MBtXA?d$XbGG#PD4E
zlX)C}F^&iMk=M712+6!lKk^d{An(JOCLAQjT{EnyR5yudcHzl?h6eq~#@o|l2oO0<
z#{JV|tl2uJ%V;T1m*I37?e&~4!$_CGrS4W-0_<tP#hz0O{9^&8!WsINPpYpqa!afg
zMweX7TN5L$g~*oL1}i_KCW6>y?Qpaq5C2T#$n?!lF+2}6RMI)zuvHRqTG8*-G2URo
zO<Lx=;2bC_+fax{6Rco9Q$%8Eo}*q0`RIO>yTppx$VXkQA|b`4L_0a%L}xYNv?4-)
z(BLuv0oUY?8+y;$S**>Cu@w`hvM$RQ_!_8;dbG4BTKbjMY%5wk^__*^$m^MfW)rq|
z@v?I8`bHcAI=S}PxpwW!v8&@kES<W(3Fm;WY3xlMg=~DAjQz1~A{<-0Gqk@xz*trB
z%8v5C=WY7pJq*&v*K$D64v)^1g>9*~dQW(gw&koJ;OsV4aNRJV&|g6i{4$BZ8mqbf
zi(0+mt*n$?yrn0b_L&D|8N3o!5v#4{Ga4R;@oGldccpE`drZ%W9zn;$DSjPtU=1Tb
zJ9_^7*`p_Yoz8A4TmZKPk$6(2+Y=%mb5mlhx3c3VyTrr}S!ok`<f(DAI0^prXTSM3
z8@M~peXT3v4;u0w8}#g48{3L=ZM0p-edS*6glprDl*|RZzFkc-cH14>jq}i&B37!j
z(LVxw@+fy+DczQR?<Dfl0=n22xp&AvqZl#6d4W4r*?kEPRT@?A6IJ$P3pW_8wF>#s
zo$~}}ji{mgsEF>W5)H^-g*w700I<IoEC~H3-LeTHTClHYyt{P}(gF%UTj!);7C@K)
zae|IDKxWnrYjAp6puT?l2kRuKwLPO-(yA6@HJZe8l;qB-MM2z%Cqz(Z+{vkkqNq*X
zEo<9U3}j7amc|WjQ4O1suaKqL`-DX)jfHxK^*2nOAY>{AsLEKc>o7wb3zX0<TShik
zDX_H7UCFSk=EGs#RlE7rs3Q|BI1uw*TV<`;&=^TJDZAEm(C~?0pd&9!3Wg)po#4R$
z{1~Q%537l!oTUvCo96xN-|FW<!DNY8Ejf<E)uMd02Duf?8!r5eA*(e+pJ;hEpz}r9
zCQLkyH-7!9cBObvng`*N9p-oa@Bi)be;;DYpMKgy&&->>C;u4oBV9Y}dEHhw9;Mo`
z*^*6yFhE36JH&Bw1-pUPFS7Q~@)=Mav!Qu|tHTNGp6;rbPUrrD6}KDEV>CWJ`S9$#
z=3_GfK(|)z(aYVw$w}M)n&DH~kUNpcz&m(+HRs`dk$FQnFls3T7`a-J1Nmpt7h(nh
z&bn73?ybY?Y#DrL_SY=BpW@PUZ%IYWgs&x1GXjeeB-FC``Y@<eBrft$c$B4HI*(U8
z3e^>+dP@9hd>N72iua~CQZg83#9|QK$V|FVe$*(8BtE(1tRk%ks*-9h!$->P_cF+a
zU;dh+x9>DwELKsF-Ha%NUNBh!Jk!z4zw*OT8e9%oGMxkIoT8il2mm&q$wqWChl|-m
zg;(laXxC!tFF{m`nTv4$E#PrFnCM1Wh!uF{Yx1*K=kK-Howx<UQ7J!wIp7g!024AV
z2f|IAOOrx<OFqUtZ5JTVMUbWX`;j4Ba|{|q;^cBhIn7a^K8E`g9<$WnI@l4i=>S1!
z4|s{I>wv$W{agA|E9MXC7j6qwB&CAl{I<^ZH3=2~8ixDKykjm4>L?4X4^oYiKkyg=
zW)1x-2Cc|v4{BB0c4IzE`6|nu9?NBliW7=prWTJc3sjP#={$~8Uw_~NKLQ+4t?#`O
zcvpIG1RU|!0zv9Vnq^)ymRZf@T!gAy&)5|~QCf_0dJfsd4`qjI`!iQd0i!;hzxs;E
zB3*Z+8s=JV&XE>If5U@L6V9Xc3C?uEvC{jwU-*Ume8=xzny8kH<HeQKhRqX_546OW
zVqR}fRrY1{RwO`3*8s#!RZe{F3Y5+B{IP->-61_9MNLWtbwyZk*InVxs+P|vo?^O9
z9hrn)r)4P67x*mH{ib{)@GQ=QrO*!ZXLph}_<;Iu)dfFyC(*w5F3#{juf7II?{NQK
z#(oOF(l1*B1fNzXFz}{ybR#Zk(Nj*1Wk^*FO$9Qj4MZFMA=axLw^PxDOh6yS(ZF9U
zvzyvJ1eo9t9ZGAu6J61p0se(Ej3GnrcD715l0zDm`IkV17JhPxUU7h7Oo4A1N3wII
zA=CJgwsCjh1RK_rThXtg)n<K!`rjZDF)?#@@&~rup(<tK)8n{(!IpSC{)H%<4(PwR
z$0Y_m7rFNIZ^F2ucY{6P<7U`Xs6?-@W4w8QHHm~k?`3+3;v5olM6=w=0v+tZUwiwN
z8?|>5?Q!B#xkHK)5f8RU-}W{mp~k1exZ>AA9zS>huo{T7l*Nl+YQihEoQSnd61_BS
zb?!3455{NC<gRS2C-by0??(LoBgyb{YAzm*CJFxg)%ovw)cD6}CjEj+{7XErL-F6^
zkfkYFp`OqQD>b6GBgiFZ0e^TWG66{0L90sEI6Tl7L71Tg`s&=9Fq~d2A_)t==cef?
zYU^GsTTJ6EHWvL6k9Y)!VfK~XTo^sm##bQ=_Ep1ZUenXhMG%=(GhqW6V2==X$=LO5
zEE-sOovB75wL_0yXQJoVAIHn!kFz&+Zd`I&uRoIK*&j*B^%z1FoabKn-0n?}^U<OY
zmD-S^mG_yk_d?YTP1}cgd|jjiHG%5nntOfer!e){z>}`BjP)65)F$<mlx7<O6q}-M
z;N)c|z8hz%7FmMDfWICR0}O(#Wmx<2*A$<iz3b{Ok<WX;^iwHZA{oz?E0;NV4f}g-
z95nr#O6{U9pv&&kyao5yLkWwEI_#njyX-Ez%I;D?sP)~t1TQYZi%alQT9rfS+XdPE
zPVgc{8dF_!E<g0GM7Cn)OW_L&e*J<eDq7<>PYwSL)A|e^rUEmToyv{x6`wa2-SF5-
zT_0+7SpXKt=Q}>%k%jH?`5Z~SHw=e_<&HjY!r~B&Log1(Y!zf1Aed8(zUZ)w_39m#
zv4@w#GT#%H+0Ik;ZqaQ==r!=ebCV#qxrLY;tXjg{j!V|)^#N~P$XfGg0&6#-PgC{=
zL2L7bsjw7ne#PkVMX~^ESD`<*67sdvYQFVYwfOdgd%tmt8sO`rYgAYZ-G8k=zYB3&
zEH1=te?bIFgrlvx?lQEduF)(3#ZK6y_9>GrMOL5Jw{rj!ZFn@8KK;L}LwE6+NY^Q@
z1ZJ8Q5Xq4iv9nL&k|gO`FxOAGE`peZCx`CY+4*=I>ghO`O(psqC#@MdWU+s}0pn1L
z)n9_pH;oD0X(UWTzs;4T+*8}ejmmNiTRTo^4=q|1cEqrqfUjX~4O(}{Xrv*CJmc>?
z4reL?vC?$#ggFWynj;M?-E2j_`8OvotzunO7KjYQIPc6Ejhwc{X<NQ6ZHtC2g#6MU
z#t^5+VGV~h9M<@zutql*p(00O+q8t9Zb_4z_?K`#+Wl~9<=``FtRV@d(KL{A^J(rf
zIiFnb#;SvBi-%($&+SwOP+#Djw=80pe$uPnKs_No1ChlpdCR!imK!Rkb4FT38La|8
zdE>KpsrHymsq4rOHpO5#Brk+F9!t~J0@2U~W!S~PR9GJ9sbzYG4zbqRZ`vJSt@SUD
zHjJH)$0EoLCvXD2boPZql!qhI<S_o4?*>r3p7R(Q`guqpOx8MtZiZ~Z{){8cXgY!(
z2QaC@Wjwk%<ROLdSPd>$uzf1EG(d3xHHY(T5kBPhZp?N)&?eB96xAwW(sgTK{R*_}
zl}7+Ve#dH^!nY#5_VZYw;$_g_9__sLo!7qe+Lz06JoCNv+TWGV^W(XNz7rWajmA!5
z^pe*UiWs9ocT9(0RootFY(=>^5td7ig^>x;sFhQpwiTxgamo;f*thw<wt&Jm#~5Xt
z=&**v8V+lGb6A6H+GIT63}rmxI3w?_30v?eh!qa&qLnE_$5PCt8z-o7(RsR74av#)
z?TAOz9{mAw=xb7p1hY?CC!etEPcY|!3UE!Tk~W=)EDpOl?B=lBRzY?LocLuP16$(@
z2%$0*w+HBrqVh&UjXv`LJ&`X`Tf%K)m~o4V^%Qqy8{(dAR?{N`1(`0SsiM(R!J*pM
zOof?87<H`Xd|qg(tOzphotpK;pR+5}T%tCUGCr`W7BEIxmSj&oYUyErr~XSn^fUh>
z59D>`Pva{;v42<a=v?WCVIfE)@F2~oZ!L699xyDrq5Ky(82lK`;_IRJU-1gxA3S<Q
z`eClD;lVQTtsnH15NjYO`H`BPL@(J*Dv4i;NFGx#)034O=x`RR4*dWpw$ByElN*WJ
zB!HFePAI3J9e6WVGtG9B4DWBjyOX>JTLwxyH5#9ueBzMjgLA`7ai<4*g@MRNG5Do%
z(@dBZe)1<VTqD*lx+OJ`wm%v~d{>JJKo&^G40nrcT|eRx0U%S5i}D^^GfcuEY>aTC
z0hmBz!W(|3q`i?t+W6!&!|wYzKXtdq<m71C@qT!2eA3#o<mq({D6lXiSt4R?dXgBJ
zQx0j65;=J$`Li_&oT>*@Z5hn$5z4?0jbnpTd3M*O8j;0<q;V;YHK%8krNSbdzdx7O
zf285EFE4}6`Z4?42~x%)lqJ7OVaB)6vyH*VG$#Il&(_eP!h#`gw@GFqHR6>IrwN4g
z%@0)GW8rLJE*|l=p4g-XVBKH|^^;YoKRP9r$%13OEngH<_bATEw^S0CY-9hZKUazW
z<;vVg3hV#&!Ol+#+jywX=|8ykZX;9ULbOwfl9He^m_u<IEJ4(x;KC+vPOb8XQ<kz5
zBNS4#0}}jY7gB(iq;Sb+9yY|VY=5<FyA~`iFL-NldBN|grpppcRvIpTiTRFhfD4Yb
zZX7;v_`u<Vdx;N>tKtPV3C}0iepKOVY&a|KKTQE33hK|2yR-l=+}<nV3I+a=`RY_Y
zC|KbD!$lM)wC6n*lYN4DZbUA%A_@a$>~ZEt47r|t#sBOVkmwWaoD1hO>0-JkdlbLt
zzNeVn<1)(qOPBG?dz|{d$JlHDe+&Xq^GTa-#aw-0wGr5)v>JmJ(#h7aiSdEfJld^J
z-|1=+22+Z}V0G|b6~`-iFH1HU<2&fS_A(uCDr1yTd<7A-2+tL!zpRVu&ZU8$bB!QS
zgS;m?AG8oL=6L*4jm2}BUBqD+Ut@>)98judS1btGB*f&;VTzfpd=De{6tWD@R})ej
z(lkbwF=jOZl$U0sNf=K?3l>Bp^%IGCBW=~`@G^e*=J3T+9oYNcALp-8O-NP5Psj5h
zV&dPgNh3>t^mV|^_Zn+g=4a3*Uw}bnZH0Z^0*MparMJRqKDo#h9u-7{R<SBB+9%aD
z#&Xhfp<$wxoY(13pJ@47qE0!Rx7L!&)IKUeTR}-@ODdtdds)V2eahihPb<FXClwY?
zDLU~-W=|)22`|>`Q;8h~8M}|X^6f>`GS3YvxJkQEg1phoqRv$EBm67RUkQwcu-8#4
z>b?|>#(*V8{EsBGS{~Qw-bP|VQ+>Kz)~330*uQ_S*1CffQ?^odD@{2cVb{^etO(#T
zFx1s_c>03)b!&mIVCKL1H@&^<bkU>lg_;eEb3Ap9r`va{ha;Xi>|$6Pc5&FnVV7;j
zJwjf}w6^4o4C@O_*SBrcFnY*c<12g0<ea~3CuJ9%L!R%AaAO_z*HfQjE>f;1s!b6m
zWRaE1O^)?TZ?t$KZ$~5?k=WjH9Fe$3`Ieit^jv|ZrI@dzW{wl735umo3lJE`Q1nsy
zY<{MPqi4LzXK#FZ;zA?cAw9k<E;N$En0Fsz-mTC`3L$ThK38ajkyVS3Lk0vfk*FhR
zH)!kg-dX^EJ846~<d%G)OmlK=JHyl;;^C1{_Ip#fQSqXXl?it}P7t#{J{~_QrraXG
zO!>Z&Yzo|`<an&o3FW>hN_5bZIpw&Zm~Wb42C{)nJ?64lxhz&|X793Cxhz)IDeOFp
zmFKP6&DOh*V!hhj=sfd7xHaavuU_){@ZYQ7m#KQB%&qi==f|RFaw3E~3jZF={ct&g
z!#-P0vlOEW$IEmeOw<E1qmQPm1R1#=Ow*=snu<ns-iQJk5~mqQVuJYSTRmpTgZ%VK
zw7Q3{%(Z)3s7g(<Cze2jSW0Y!A_2*eC$xKX;T~OdUxIsdVN~5vvNL`sUh<QIR+2@{
z-CbvJey14Wf;_-bNk-kPkSQzmwt)gZ^h?vtg(i!4XEpdb&&Z<%g>m@W;p>*-@U`ta
z9KNoW?+{;eN97J~$`VIU=Wz;RI{be|*J9+QLB{vFH+SPKv~;9?Lu~(qA)<{VWkvzH
zoU|qsH-s=UU}3R<86`pC0z3v5fj=n5(<*|^+b^8sJrIOiC3oY+f#~<%Uo0_-lbu@d
z?2T;KG*2nT{bxE9vKfhH^vZ1bpD8AU`Oow})4tYXDi2F}&ZwG!Mq?mO@x~H#yj+Is
zm9s?&n%B2-+{U9Q+udsJ=!U2!zpsgEqR)MNdU9L*mn}CWww27sok{*nt&=s;&Vl*C
zCzu8832#Z-lRQ8hTLuqHZZ)zu>7D~eHsz{%3UHjk^_#3Rzi`E8g=vXgQj!EY4;|;B
zv%Tdwd-L6K<J8eWzf7@>GGAfw-joSMpRDLwktTbOm1Da=j*{z^Q6C9pPx|8JL=a4y
z3I9S(014tVe$G<Q;_C?gb#SI|OeF)sP_b|kgueHfPo-_zrZ4ONnHr?&z(bZrel{?y
z?MGJzwQktLBvJ(s(l7nRmqsM;9wQ0jc3B$Zwa5`5&m{rw8XUI85@<O7lkjvVJ5Pnh
ze9odvrOqN8#EtE<;6k7?esX%+(A5$%JWgR86X2TG3*&1<tP%TSWU{*$0DR1kmDzdW
zbNJ#<*rc!10Nf8EqE1*wwB0S5>B;P9goQ6)vyJ7UU!bxsQ!pV3k?@eBhvF3Zz7f}h
zELo7OiwbMXl_GoCws|hPY~J%*wlsVXp>hMCS_=r)EK)H(&r5%q_~hOq)NAO41RUQ?
z{Z7Gl$af@D-m1jVFXAg-`Se_@GB}C*<cdMgw*&zxOrY%Gv)Rxri;E=-cLkD$L7D}<
z?^}x!+<WX_Qxt`FcT*H~IbEh}sbb-1y*@rYe`}?&c^$`>Ax1*P&`hTx%aBxWGo5!Q
zRZjOT)ButDqRDY-?CKWbR4I1wa;lW?NtI$%{kjwpY#T^Sfc1?qL~V_u663tHxGr7C
zIOSrH`Rj!aZ)f{>uvUql(C~uCJuGt%%iO~<xhzMW?(M@eTRTFDHrcg$XS$3*6`l7>
z$c?KmO$k@wNGo!u^nd)JQL3C5#oL^I^nGShaFB&;VlD;;*&8;olY@Da4?^jk-oDIR
za$n%n9f-7Obq)+nE<%brefp4ENuwQNlYofY-GyPCw_oSI;G|q9<!)^`j*qw#Qm&0f
z|GaODz7|-%v)NVa;}h)~ZVjh@-to!k_@y$;rrzVz&}aA#v+R|{>yuNK?~kTIA>{q&
zAuJon#()jD*=nGt0f-}+rh?bfCzST)N^qIPtL4c{yPSEiMI#{^-t3FmDgrvxCmrqO
z3S=@#-zm~AZ<{+CBzV*r55wz){sl!IPJ+vMCbAL0WtrT_r^mzvDX_QQjoZqr2O~#-
z(1Yw3SQM?-4!kGj)|v<|(;6=sVH*MJJQV#bNGY+ZFkMaO{`89=!UE=IUbrT?c{gQi
z^Hs507MC9n!Q}So2yN>CU5=DpV(+lZ(0i$&bS*80y#70Oe(u96A56>*UMD}>nY*w)
zw{_h={vMA2&R?!bRBhYg1^cR5xV^)+>Oo{v-70${53S)RV*`L;sciMJ>|wxPKafK)
z0q11=)_b2Ivopi1j*ev8czYJG#Ve7cW^3BuC7*sLNl2cN5-7GcRnoZH>iP>4ev`jg
z@r42xuJ8gCC;97^Wqe0M{49;ZX~p60!mLceO`T2IN!uOZ<)m#VZEsdpsKjlPst8jN
z^1|Xlrlh{aACvoWkmh0H1)ycL7wNyGBE^aOdjELhFTM|05>WXnX))Xv;P)FfI~UEY
zpYoNO_slX|rz*b_*#UMH-R*wSr`^Yi>xB-vG-Q2%#+V9R#37)McE!yW5OAB8cc3P>
zF{)PKpv}>A9zog$MYBRfeirVbUZb!KQ`_Yo(rQ3OYm6{wsW*ucS`-H082aFfQ~Hx$
zM5h9DB(`B1)42V;Q5SzbIetGrXD(yUou}2ZI9bxklG{(lpfH-lFV?Gf_{APx4!?X)
z_{CDquKQ(L^K5z?d6UfSomAr1u5-2y_usp-y``gl=Ob+HVBce~#-1JPUC_pDfXUYA
zXy`z1g$grMU)#b4QOtiH>7Y5u-WHJD#AnGSA<i5Z>9|NccsVZeZlKnVAiDz=PmI-(
z`R`13PC)KR{=-J?dPYO(d1zwq!q292EzCIggY8G}?ul@-R=VMmFJmcbBF5aD&ER9J
zpQx2;)-cCaWwOU(-jJht^fmk8xk?39%(i6EwTPSMO>T^;Tb+0FtXq{uK1zKUNBWHV
zU*R4{ER=aphCw{KIv7459*&S&jvm%lIAq~+&JKrpx-FA%GrNxXzKcv*SZ*&)drw)j
zIxnI-)Bk>cyBV}PE!i}aR_$uHnN16ec}6WPR#~-p1DniRSnh^=WSD6SixvA|;Mk8v
z5%}CbJT#;Ay!94HX};7x&HTG`i;5$E$<p*XPSy@r%<CNar=pFuL)4*ac}E@*bPtTB
zg8?pdgyiF#j!%yaSoh2`+VpUtc_Ny59L}U^T+d2_TE%>O@<cjDx4_zJ&H+XmiOqeg
zkG0;`I8<}h#bLv)IqiefK5TC}PWy0o!lBn9pMJTT+m4Hl>-#lMEpx2p?Fw|UnbOfK
zXYorG_oW=6EHtgywOjmIJ_!s9d)Z2;OKF_wW=Od3htoP_uGG~@eU`vSK%u-Ad^L<t
zzAN5Py9K!0Ej9VdHfA*wHeIhtD)KK>-HO2!O?ZmhTjwl0Jx|q_K>4No#WK6eBNVHr
z%S*UL(_qQMeNLyZ15pENCOY?~r5u9;i8H%vnGrGG09+!NeG;!O=g?=A!p*)aFyz}{
zLg6OERv;w1`ELG_x0kPLv@Rvh9G{-xZe5}50DPQdGaZ|`z2!JIbDOT1;u?3=rl0cW
z;?=K2)^M8;MVtqhm{gFGdBLqXef3tDJ@#EVE{91RCi#{yiLJn@aTSIwa!l2?ww`in
zPCGoy<n1Kp6Ww^fAD_Gw=0)OM^XQnpKR?9&t*8Bmm=uddkVQV@@`GvNx7qWYx1mK)
z`B10rM`J)R>rXAQz*Ozl!QGDYcJlO)M5=d4yE637ls_3z%hOdlH!{r`?}#5wlN*|q
z!E=mKfI6+ETm_vZMI~hgZgA%gb!x3!Uz(C9-y2wF*H~mlFVZAimjV@}S_&9930d@I
zpUX%qN&%IuFp?O$D9?Pr@{1tyg&AITi*|Sz5+E2ax%NkL1V9*y8Mc9(aJ_&G+wTR!
zHM;GZnkG`)+cT(y801tgz@Yw#V0moXNaydqPDA2f8pI<i`A}gKd9-;40<rVkYL3~h
zyr`_g{@2CE$Xjb?r`BP==7|D%Q0NC7j~gm;K9*8N^r>{Qdb036KUc7Ls$j|V**sC`
zDOy91PZM0!hCV=J!<`wp*ckIsgift6-3N()6+iJPEpQ)-o#m*yAzuBCLt%0nVq%-v
z)HIP!h27(K9p1h!@YqheVm7vurm-5^W@D^0X@eCT&5CW?w#~-2)7U)u?Y+mi_l|SN
zIdA44FyBm!&+~n>4-Gl4tAr17L`Vl<@ewB`da?$=xniW>dMa_m#_0Drbm6FF4)jZ3
zxEiq~Uzi_B!yd8I<C8Lr7-ik;N9^z*xm|v@d+SuJ{HXaWU%R(HX9q2(;ZC;0Sw|%k
z(Citw;5uPHx%r|{dl95N$<YPNkH}i{=aPOhag43cPQnn%%$m^q<4KUyzphJ_9huY|
zp-1XV(1A{+-NQTkI{e5V_KRUb1#}bz{|=Bv{N5Bp*aTZ6i!Vpwm5bVea76<-!z;6+
z<iSYpMau}J<Rj=t6c(Yk^FXYY2i{F5Gk5>tv++wkKu&qo^a_ciVX7DgOZuc28bWl_
zEFF?(4*N*dc4q>2?;Auv9Sx~K0m_MRtGiXIc$stRd6|2FnDJL@K+FL&kV=<Lap9pG
zX-{1a1tIdR7pFzBce6}Vvs`*(_0`kNK#OOg&=CpJEOv!{5N*SY7fe(o_a2EfJvz?(
z#FBBf2ZbzgxP@=}(cM}o`BsRBF0gOyCvjv`V)$=&y_}B<4JxzQ!~oK%fwaOc;M>3&
z??oRh@(eeXHygR)xMi4M*AlOgx2mfxi~K4m;roC=EXXL_wZR&Esg(4jYpvprnyqTG
zZn30?RCtGF-$=IUiP)*n?%(agR@l=zZsDWO`=CSL-NIu&t79k4^^=lt|5P(!!hgkL
zl&`&ivsC^!Nw7}xdE#holbBpQn}a5gzTn(TGMC!ze}iYm%-QldK(e~~3o55J)HCbh
zF{fmpD}o;KKkh7h7Oa53&##Ipk5u)C1X*$MCLByZ#-9oh4kl{{zoC3v&q(UekRAds
z&hsPQ*$+%<CWOlJxg}?U^26<PS(@t*K9x1<IKdi0Tf*=+48(3dwF;sLF~|_g2)R}q
z!App?*CF6Rq~>YFZ-TC@09WOD2v$x)y`x;$zJ;nc(Z~=fHipSd@rn!D^s^PRUW(AT
z1e1?X4!|!H3*M=fL1l8pTJEBzel;6RYTqk7`nRW&#VpX$?LL|5dbI?swi~No<1!}H
zp2Zo3Sm2a|>6~w*d8Bku_cPu<fQZ3x3-U*Nsh+P#Jc>$vNPOv6tV0GYFShn^Rlf$C
z!y>QMWb@n>7L=)3n;B(pn|+pD()H)V`lF$~Ara9vm8RK|LrKNgs#gJ4%Y%$u(w4`T
z5`a;?f@sgYr`P31q@~A@97u<{braPR#P5TKLzZ%xj%G&LJa4WF3;pnqUr?Fpdf2(U
zHxvgPkd>2n9a>FZ%`PtQR;%l~x{f-q^s~Hh)=G_9ApGW_5<(e7E<48aXu@wV9}Zl2
z5^mF+@p!lp3oR`UC2~lsr5CLg;`5QIs=Nx9n=-<%<$GI&Q(KqKCA7*oEaoZ?pWS0h
za7X2IYMd#)xvO4}>C`O#`OernUPmQsvFV(%@ZrKze&>IFIIR<{(Gt&Cu&^M{at^&T
zH;**1(1eSj8#|Yp0b0Q37cWOw&M+-U{U+(0We(-wERXC>m7AEt%wgw3f}}7gpW>Wu
z>XINGj+1*qc9JvR!i|C6nIG&SWHJ{s)?%gS0~g8mY6N#6OK74Ue0-rp*Jx_^A9|(z
zYNDooMti`K{nGZ6?OqcwSc9p2ntXOon`jEWdE-9xgcoJR%o9a^HA=oVDMXv$mD^$c
z-OFi(Bz%&f4<{R4ec(!cUc=Uj!j}KXQ<7TSUtmg`ybdxk8qh&I`Ef!jux=@lyS8Q+
zI|3AE$cK>r9TaJ25yI~z4lGI^lf<(;yQNQh%r&}`KH0_o`HHyDAN7rzc%oLqk{)OT
z#G5wmlL6vgW*CW|P*c)^D`&79HbV{gQcy`=JE2vaQG~@wAxa1?*5ULh`;uDdL&JIQ
z@%No5SNWPTsr9TVqGfOv{b4zqX0fZs{gA7(n-p5sLOW5mmTMSIXIPG=Ji^0#k~6Cz
z9O<nst)YIQ96V^46VS+tmcc-YHh)g*Lby1aSL5VNI7*E|iu#gQ^@x!<VgMY++M&lZ
z__2*$Xa1sU|6;Tn_G62QZI(W|(Rrg)ZhMYBe>QoP7p0&mYA}j<A%gRas9-Uvhimi!
zxIGOf)rT5iK})g~n8Z<f=B6fC&O!3H`4E#9HR$H1IqnJ9jo|Y@&(HTJKK~Ju$<wTp
zb=tEF*toMtWpB*>ck|9#H4yPNPR9+zX6;R+>_k#lKyxUA8)d;CPjUj8m-LxzL^Is_
z;IG<!VF;>_w2i!oKMSxX3z~lR3s(5*qGj=gC)Y4yy}jzO>3A_qmO$M=!pE*-A|kI_
zv^Zr(TZy)mybM;av0qB`QI5>&o_X+Uj7p@T<#h#p{c9w(67sN&KlLw2nTkZDMKu1z
zOYD|u0ALhXLOgz{Ac_O^hR!8m%e+W{;)NtzwaiQNaG?HPKv;t6dR{uXgN3O>(Q{6N
z59W2P6EK-sUXyPoM~8k_wC>*|Sb_Lw9Gwt@`C>ac9(lN3sNYkz`;-_r(uOy@zWdYj
zbrPPzZr6X6BJy;l%#t&HA0md^ID@{Qm|S^ez|o7Zd*k63QTChJpH%vJ3dkCk9nmIv
z{MvF_+`I!~Rv>sBtxV)xJCQ%&?EJV|6+U|0yU$nynjuWfC1xl!u+4Q)7lwgGB&U*R
zYh_Lk{R7J|kUjqcmlQSAuA7)U5GNdVb3`aVOqBMak5`e(>j|YV`6F=#%;w$D(M!un
zLc%1^fl6>Wkx<B)e`De>+-n}iFJ$)3@YfsIrfM+Xc$UMxs=e982~O4dr*ov*dZM;}
zD-lsn5^<Z?g_krt69>mIQV|Fmxl7pjppt@2XGMl~J<bAj+NsW9zL=HDa`I~|40u1S
zx~yD>!Gc@QAc!em<q)TOy`W{3yfH0289c4C2J+LdbC?@;vKo_GAmk^b;PGF+<E@rj
zOgA060PFZ6bFB^5siL{EUVL4h@J@%U=;+PxiZ2M~m~W26G#n3Dlqp{4<D-{H6Kzs_
z#ci0vo<sF63|vu`z=yxXHDAH0ITOBl$uNMcO>0E-#f9wd?OnzXGC9(w9;H319i!&l
zBkmnCu!@nmgY#4lsE(@|p7;yYMKPo$U*ai^((W{&GdLE#zCDFrMSYPZ5GI&6p8+m8
zx3F}Z&#;x)hrnZWra_Tf{DyqPK;^+8J_}RxsXY;+k0Q&4U6zIC{q3O5SA~OejFyCr
zmgZRHzsI|^nSlU5;N&Yxt-x)$LiwMtq;`SpSI=8O)i$T3>A>Y;suH^OeZ>c~bUbi|
z#}}Y@n0gjKatP?BTX+zolIsK%!5E)!WM+K6n%uS`LVLt^j~DoK5^DQPJS~AdiqSeZ
zg^WBL0)o|oJvJIY0?YKlz#V$Q@t?90gpmo=CQS`LCf1hLd1K_Z-PqV+`T2(W0Sn-W
zf<yyn>6+*b<4hSHUxou=8TN+$ztLsDa+L4_)_$6<zxiSIzQp<g@)ZP~imlc?8&#Y8
zXoA4OFK(Jln_=qCas#}X9a`|Ef5}fYn!5N<LhO;{r61OT90GF|G7H!hYiy@d5smuD
z9wJtK0qyt~?`$-o6b>{`8@C;DC9CFvbvPjS^7#P=*_NK*iQ>jVi}r8eocmeGm478F
zBSg_Z$8YxHX=uzG;zn?5>;9%)_K`dfkAeK&`hEBm=1?UL&M_xvzHu?|?_2)z`sfR5
z+$r2?8y?iZfhTCy1<R}hBv!o0yH2rdj2xf}yY~qdAlrmo6+is@W+&?_#)t1z;_WjQ
zfms>fOoQa3lJPr3^HUq(G!*zw`E8aiZ8AGd-_g@kAdjb!0{MkC#H|l1`4*g1fGH`4
zfif!w2)ewb`KNuPu++zMI~zCRZiq6ojID!i<nWx6b2!(w^uu(PW;l7NJm?yHn9jP4
zf0<6-*$l>52s)CEge-|srn}ryvd~;uTLC+&r?Eciphk4}t98+IBM5lthMn)UFmE5O
z6I+>b5oQfH7sLnaB+gmt;sN67R9;t373_Y%O10FmuKU~r8|zFm8@!5)*03Q+JC5+;
zfDa$766_e*PcljQ^A@KR$%2Liy(ib7@SEGfeLLpJj0Y&m*#(FRqAJ+?=h@%J!JgG8
zfyL4XW8_usP6T$NA0^>|w0H{uq-KaSG^!F6-Evj4{fl)Xg#E)hYee#$?f(z!#PdU%
zm-ZA!A$z|N7ZcCM5Uzy?ko95U#QalGsQ*I?=CT<Anl#r1VU{Y=5d%2ziQ#JJ)DW^y
zBO=Kv5>Ut^b5g&BxX^Nn+Usa$`D-ZfhCI@3V%HRfV9`$vIL>Fv2yW72W%_yOZSJ$}
z8G-%dW}y%s-s6>+38=oDNX?m}sc7eOA)+S^3FA_0Q&}omVs!rsajUVuKDR|uEuyKo
z)ie6$j0*2*l^ln!$$3$MCQo1QYjl6q`naX7Ivldqd`EN5`&MHw7`XO2bfQaj_<cQ}
z^bv8>3<aed7=`z1ysChGlQN?o$tRHN1qJmfHm|Yp7K6;m9sFE)uT|^vOZ>VUf74MS
z2v#e}tPe>Cs=CgT*>$EM1}KSCN^OD*D1>55eRcm7GGmStHe-%=$lf%&7AAXz5n2d%
z7=)4w<hWtTR5P^My(3_VU~W!oq%I&qj%JeZT2fH!{eS7_oC8}F+5d-rLf+{)W)<0r
zk(0PQ_&v&DhUU8oOVjP<hKs%xNzO_N9-DkZq+_O99zLReDuXEegb5Y!F~Aa`iTc;-
z#q00%TEAw*dXsbwG+0s584>f@+<es8Klgdxb*Gcc&&vQI%SEytLKqAzQ4Ry}dH$~(
z6Yr*)>!ifECP$B#zaKocphrgzdIz9;9wZXwO@7%N1mE3<<B@O}EGfU;x5*o}4bmfi
z1^$P9ZrO9`rD<Ci!_=;*b-VQXh<eXaUciPg?zy81L#n(>5EC5`x9t&Y6?eJPWXy-t
zv_`9_p_i~Wpco*whRzvp))M~XKZ7pA<8MFwr(!(mfBdH-+W+N04b@zA#@!+?SDHUV
zXmXwaf`<m{aPfQ^PGP8_TX-C#z(l-}L^R!*Z)4oJ%7Lu=`j|Y^0`E~CGSeEXsz@s?
ztC|KD9*T5~tJJ^pVwg7{{vPL7ubeGb#CYjw-;hEIy2Z7&#MzGuQWr=eADa9-H17~;
z62N?aJeECjChJ)Ar^r3CsD@^=IdBYPV1_03p)^11BB=40f_SJvfg-DTBT}4<yIUGE
za9c{(2ADS<-B6*Pj-zCd5(`CCQWhL77Qew(vYL)Fr2}gO-^wi{!s6UjDbGRQsadd6
z5&%sO2<e~|!~0pVr$gvo2^c+v(=SGAD)n2OOX-?zTPYZ~RTPz+44v?F61VF6$%HJ*
z^79y>x40*|-ALq+r+G1Ha~}5DeV|ph@kr-;gT)D`ew@7;lWh4X_qqMwK+7*uCyF;l
z>8wo+7NGR%5?JluVz2@U{DlBmMEVR2Fzb$kK$uqJrLXx)fx^FlrdH!$`5*lA%Yg4K
z5i^`g0S_hP2a11G`iYce-A!3-C=tpDLldJxy95WT+Y6=x-vSuN*J&7KtQa}5D!;j0
zt$zN+BmDKoU92Ae%^<4?w8UOhEs&IN=OB;LYAyI@UcdgigTTd1G!o8a-KMnc_K~wd
zLp}q^hR^chqgy08kqWj_C{M$cmA<o*I>w*wFL;sT-0<D&0#~!+a@%{H6;7HL<9J*-
z$RYV#reHp%ZoxJ0^Nkf{h9sy*v6rv`A^2e$6ah^u#P1#XF7R^M@B3!R$l?Wh+A&1S
z>~wv*IRZ~+kP^M^Z5~}03cWqxo*Q|LP9QsOFkZHGGWs2@qQ4Hf+ijd%`7#+q$0f@j
zWUT(!C7>LY$*2t=M+3LLONaO|L0|TqBV;ZWe7+<(m&Jg5b30<`eSq6go&h5ZnbJPU
z5MkGZl3L@z^Wp8geY(gmiVOJf6Qbb9;bIA$)zEQmN@DO%;?ZBTUh2x1l?1zPKJt+7
z_ZO_*J_x}kY;p&=M`={r@(Y2-AXiUq|AgjU(bC|#NyWiIBAg<<XeAs)5TpfZiD3m)
z+Ic19_IoN%H-*nIF$sTEogYoeP@^weSL&a2=f(61;l#Jm<v1Cd!m}IawA?wm<wHvC
z4C)hXb$$fSW%}@=dM~zEC|FRrBP7MD;a)pp$c}V6{})RTEZ+qjG)mIN%vSddE_{8a
zg)*OT)vK8^WYBRN`b?>nU2st)(U{+Ep>l&(<V7X@sO0Vb+s&x3%&}0r*6h4a))1dO
z{KLg_VQweMOTE{pADMwmFOzLLk8Dm=WL_sug7S`)3^)xhy~=Ck7;9-2Jr_7LLEYK>
z&91l>h5QjB#mqtxx4QnRDy^~B=ZdEM7WK#p`pAp3;gL5NH$xuYpk+as*CVY?zXoGg
zUMQLPBP%RLYcrTxhqgPL@?spEUP5DZ9`AY2#H`{DUi2J@OqRAAu^?(uwHG2c#Znt+
zMD`Gil7VoQK%AX$n5A*HE<^=Mml&M<T~5Rbzp2g}!+cc$JF}T#6>E7InO)5jO29Jp
zc>lwA>IiNCYKOkyKQmgBpuHvZx+!z6=m`qXw-FdBOZ~Q9E?9}wwqPNW2g0dN_av0w
zWm1uaEqrE$UA=}M<5cQPdG(lH8bcneC%rNZr*-|m?pE7A(Tk{RAMq>H{_^@sOk-HG
zqBdrHI}sOoL8X4-e2wC!IX8E`v7uc}p?Koj3AIw#e)=-6-Qi@Yg%7qRGF~l4!fHiD
zn@)Onh<d-^_Z*p<Z9ZI(7_f|f&uDl3sTA{`A^6dmG3?z+dqh8^^abWwR!Y24e#}W)
zp`E!;mp?1TzipqaQaX4Sl9<Ba(;k`_dF<yT&Reb^^Df==aLK%QdYAAmCYdp;WuAd8
zuGTHjf-eMp$)u&B=*4S}#XxPH+7Y#v_iFlO0PnL8(SwqxrIhy`=yn7Bjg4_!;oEVO
zquo?bk2N4(*RMZz9!a&SRXQ<<S&rCLi3%?_r*FN^b}$An-`z`UhcILR<Id+VX)j~*
zD%Y?Mq2@CB$5)lC<(A{TgG0lAr3!qaHR#?@J;F{<8_rZ_vKBO4lObVignlwvI8a=l
zHV&m&SkT&yPmf;ikWG~3^+&=tI3O-z7*`i1UhBHfFwIxSzw`Y8eC%{*y}MuN@f#Uu
zyI^=ke9l;^dv|vv%huRjXtuH}kJqQ>mjfe>{EMMt8EHKC+j&;byAbH@rt9)!6Jg&b
z18!S|$})ET+9x*FTI>_u?>9AeG&O$ht0>?3{&Tp4$jjq2oPjWb`i&(yU%=6;t?t4*
zI2c}0_GP1c3qA6EMVjuyyXxqZJn0KJmW6-Yw_lSt<9;|lh{-(YKM$M`IO=l-45M9J
zi$zn4&?Llf`QH#<h@jGPou7!fY4|V+03?6|0-7fUIokYJVNX)HK+vvy(ittkvG=xO
zkMA_jyKMNV5}_qRyXK{*V2Zv4Yh}xXQAVSupZ-!F=cc!D?n_-rE=0wv#$Taep*O98
zcg4(3UgrmIT#3PVlNo{PBLcb$lA(*+3w@BmH$<#V6Wav7-QmoELYf{wxi7kA254hz
z<j0+#=B_z;%ujX7l6Kts4;F?+n~!wFdY~N?$CyKyAvb8eA}Gz+TKHB=zjgme=!hs}
zkip6QtXQ*8>LwIt><jK-+{`|pPcEw=F*a$9@kiCH@v?wb=P{5}=y7mx;0X-rX!I28
zcV~Ke<Jo)<8@;FI{Vwn(1aiN4sTzBKzwp0)UzeV~?3DAJDtr0FMSth@N+={Xw{gpJ
za-8eBhjy>(?pdNp={B@e{Hw)o>+`+DJUw@1+e3SkJ0m(FIhiulAlVy=>X-3jE(47)
z2gH%q0*HmQwuOv5k5cOMDq&UgmQ_`c{1)4zxD$ou^}{bKud5Zx-J`L;7)l<{Y<k*K
z@$^fgG#(yK&1YJwQbL4vd+iq%dcDytC}0nw8-Ka7uGo~K-E?=pEp<Y`0d(4uxL7Og
zj?+|(?5!YJuejDYmh)F@U0Zj$5aGE!o_EG_;(ELwzAv2#i=<S%?2dKf8BkwZYjfba
z>4otw_L4RH1$frkxC>+>HKcP9<@Jw~RUIlC_@!jj$yRru|NTDed@XvCFG0X(yYp<_
zybwc4djUVdJyaV?SLtd4^GAZOyw}}4sLgGjB2|jAN5#tKj2QMxnFq^grJ-yjjL^YC
zk+6X<!q%k@9HGbw{6<flH%2|`;Ceoo9a0==X7CUT;>;b`u3jGZfigp_8`c35mb=!n
zw!cjk3ZAsfv#AUVQ<<W3B~9Qs_P5(EaehD;=``{8yv703akz%=^y!3~dv<jqSk8H)
z5x69B_sU4?QXclt;WiqzsJ~N?-<p*@l>L3rZxmcu)9u?d(a(?V@tbdkFy~wEw2qUW
zZeiTF_<i-VRi@v6*jbU<3zd{DybF0eZ9j7SdGF-qb#=eMIVOI)_^4tieBY43%odBJ
zs(jeY=D~A4;CCuTm>oE*=Pa2$z)_$~a<^z(`T{5Zezl;sJ;>70c|%et2&PLS`7PN`
zQ(x;U<A7Z7hV@$xctsVlB<F1(73p-!<Iaof2|(2t?T*2zQY7IV;BxEAW#-Q^q6LO&
z)DVW_p-kB?5n1~h`T5FOVX&AcQYf8AdBq<e`uK;hKW=-N7(WrJpewOm(#_m4Hbs$(
z6t{*)>GzjX-Y$MZ7R{S~HoyaQhtY}lE2`E2DySjPk8!d@hgm((U7}uFQo2$e6@~4M
zCt1s?Qmp86Q3_4+DEHc5K(WF3X}EAZc62mfz_iF~5T1+J!8^N9#cP6KEy5s>{pe`G
zxRh>?u+;Y4UK)wu4@(r%kdcRvaeC-^;c=%p-fM~5v@QW0xMdCZGN(zdmXR~t>JqSz
z>E0Trk=h3owB=!7twZf_Da*ybA3brJ`=LS!)P=2qz!lXq#{p@NXb+Dp6f6qO<LLW)
zZ+>C7?O)wVQ{4K(fg@nh`2f95m1{hBj0OxJrki}8gyeu+7+AU@?nst);J<w}nix9B
zum6N7$#)|vLwu^-M}D)G`mj`g{!ORL6mJ!*5+P2|zYgW{1$_&pdMG@XpP4-;b3~Zm
ziSm0@F!HxAuR-V!u9c3w!|lfh8ZIhw)E<}tt{6ikAzRR-fC=%D*dlCpJrlJd$}ZFe
zk}-suN3!=LUYLw>S33+n)E(2=^S*CVxojA$#XYH0I=E<fd>Va8!b^tve(0Y(zJPo@
zO|KhoYFF8?$;eD{;x2hZEyEy<Bq(hxX`oUjuC$=hU7NOlxt&7RPc%AOnc3Q)HK?o^
z?`?-H4q6C-!2&%ZI*|sKOr($G<Y`8}FtkHP10zCedi!zbc=Itr@reutU}!)$_E54i
ztva9n;i$;LmryoR3Dr!o^H0vTV7BIBcVY6Z>dgKNU&~fBb#3tE8gTsE9A?s`k!+vY
zK62S+6Z==7z@UF>*M8hqq9U0E#0B2vXDG9f_nlwLrP<y{$?ZB_Ya$?D8n<|iVx}IV
z2VCID47-YN=j&0}4i3K!ROzlhW};feR!))DxM;j7#*PbBX&#GwObCS={;04)vC;(K
zd6+c|cU@V0wK;<3^BXgrbPE!k#&JuLoiJ>G5?`Do{=5p^F*I2UD|jdAP61R_9*yz4
z_)l)HCa$zCKpno!cNt6E(7Ex;nQ%ck8ru$W_eP?ZxS26^UE*SOUZ~93fM9bA2Ad|k
z@eEgMh*T(Czqg#9<-q3-WF)JqeDpZvL`x>h#{t#P_Fqs@guCSS_DF^@BBFZ2b-o5(
zQIc2_9(?;}f|T=k1>RJx^x?^Kkphl#d_a3xMaT+9dYiedNOU$!f}YbY2X|lEsS9xg
zTNcp)Nu5<lk)*pAZ*$HtJm!@YVdEcb^2tz?vI_8{2s*U-kwhzJ|8?r*CNCH~n98$3
z!gOXH**%coT3g|-+EmTzl#lpQaBaXvLUtvppI12zq6N{B%({Z=TKUz8iJkA^j%KH}
zN0d&wE~=<+7R1iMAshnuitfHO+4mq<S0CIj2GO(9eJS*s?Sv%mzYS3HM}%>EFzj29
z+!?cjFthVz@qhB@S2%hhUmo-rMln8~9<2zIdu@d@!<lcQM!mrtNC+v$e}OU&q+<_P
zot1MhH19y`{}WSMNW?mc43ziVlW)7K!0$v<VP!x|6{PJ86D^}D7SX2d^3U;_nar@<
z9OiwFBeF}W%C8*P8qgL$k5jA19IlN%iW-@r3nww>_dujZZrWy~$!Q5GsyIgEiIv1m
z?}GG>zJD2*bWTXJnStcU?wQN<6a}w@Z<flrLFj#k)Gc==fhJWoiI<p6`z?7yAQT>f
z_%gzrNbZ)Kk1~X4`y3E4#kwQQD?@wZ;f-59>1y+E1s+skh*8wElDNv0%mYkFvWr0L
zPyI1O|AHbETI`9X+AC-OA}dHgs8>fp26(B-oria`^6J4BhBXAY4fejDggym!u!O8V
zg2gTwgzDX*7K8OLnIO|^54Uxov@bYHyz(y3v6?K_vRa580b36Nta`){$Yd99Z%5e6
ze1dyD%QRgRnK`ce*qm?VkOwTun>z2A6l3o~Fi+mIP$+zu2|fG7bms@q!1_pxk=3&<
zwtIH;%j8-L0_3Z(Dii|+aZ1{Vnvk++gEJ9yLhN8Y)&*AeNXRIsW1whhQmJFPO8@EB
z?v<DIzHYy2m?C3)7sGW4I!43+`!d^W45V!Q5WUn)tt)=;<=*%sRxts_C=P;m7BAdS
zpl`OI1LqTJ96^-~#%Ca`0_r1Rl^)0c0ZjSask)kP4U=PCqvOOiWDS>!`VA=*f?h!Q
z3{vB>oPftI9Z`#O+<kgvl(cK{+goxFUkMhrFhGPeLFd~U{RKvC;|nI+t7ZoTS=HVt
z7u!4R>t&l1@9tb*2Z)SO*JdxT<i6QAf|4%<X&PJvN8yh0AbVBrXewgwXX}G54nba)
zRnzb4!2<9=)emB&;SToCwj@!u8yAau3X~sY(5#Squ7q+v(78h*I!ns%l!pOAb|;Fc
zgrzT6)ixig+XH{s^?Z`}IA-D>RFL11UqYqhT)CO>viCh)^cG#*;x++8*%<j&G}x`M
za%`X}j8b)N?3NYm23zH!`YW9xOMRxX=5{}{#cONz-eqTA`gx*7skvS{#IXzCzA^TQ
zYryXQh(zVF4)<JxTF{~Lj!NN=qa2swnO5gNZL>!PW%Vp8)18(Cc$1|n){&M0{xZqh
z-H|SdSS<QXM>kgiHlj2UVu~7&2KiF-1j&v^P(ZAz3FnDK?W6N*j9k`uz`@4L#eV3J
z1d(Z^2}XvmKGiR#X>wwh8)>Fh@-<atBQ%U{TzA0p3uF|Yw6jVQEEb{B@SRA~Xtd{2
ze9)99@uWKclJ$tQ5sbO*&*5pbEM9{gp}+xPv*ite`wosJDIZcnpYX&|ydgg1OqvYt
z=jqs_Gr`1HtAntvz}^NOlf+P>Tjj9Vkex_4iaL&vGisiGs(NVoX(_EAS(D{+K-AV)
z9ZaZ8;Mxf!)p7W4Ve+zPN}6@&&lrZWQ?5TP#GyaAn2k8&4b2R+?Wkj>pdzlMPmv*1
zkL{ek)+Hs3-0_)=8VL&tFlx5(5joLF_s!+#?ja_7u;@G0s~6Wljd_a7t{)@0sl7~m
z0bX!Kv&7bYP0~@7@^GvTcEs%6?D^((8QSMH_{8;>5J~5NfVM7}EO7Xp!0`H+62_=S
zX7z=PZ9-1S;{Cw;)q&HD(SKLcMO8fVSihr7erAp3E*qW^qax5eW51~~`cRfH7cr47
z_z$?EN3HY?!b<U#zO|>>J3}myO1#QKGeXl`+wBoTVUGN=gnh&4a!KCUTNo?8<h*2K
zA2|M+=&7-*YP2(QMf+B#K@n(=#9o}Dk*jy?h8j~m?`Tm&CjnO$t6(#%sV-_4rL4|a
z{}~Na|5aI?7DtUtSIuv>RAlTE`CM`;gP3*XivN=>UCkhjyfkiJ4j^8smhX~Ey6^m$
z8G*@w3Wv?bC-^fCi(wrl{dU#QS}{Zg4egw(in220oYYkk^$e9*c^OVdt^D~qyBfJq
zEz@?Yj|#I$Nc6pM2c`@^a}xFg+iYzZ)tJ`OV&YUS3Uds@=lvvgKau8{RazrJSYOFC
zp1IjyYTLgNHQwUe_g=5?J*)f2hiW#m+RYI*&L=e<Qs6Ran?$B?$=+pY*X=4wlxnaQ
z-05(oD}1qmhO1myp1#rWlDNJ5Z8g+TE_AH^yc5T(5Lzoir9g^eKMkSWrBN>#qElaC
z8b_RKJ3_m`ohgTU4oC$VK9~(2@=5Z%7Y`jKXhlxe(!QqWu1q!^=<ISlILS?r!FIM2
v0^Npc5Z0u&bGiC*Aq)?bR99BKw)esqDw?+c*9Ek*_YPmH6jBM1gbMLr(gxz2

diff --git a/golang-external-secrets/charts/external-secrets-0.9.12.tgz b/golang-external-secrets/charts/external-secrets-0.9.12.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..368cabd9034a0f823297e5036e4191438ebf7800
GIT binary patch
literal 93006
zcmV)IK)k;niwFP!000001ML0lavMjsC<yzvo}vam9g^oG08x_V9>sX}hDlk?){Q|@
z(&^Z-!%6@}vdlsic2$8C?e=5M3(S*!YpuLg);$v_fRvpX=j@h=th}tuT=$FrCG(Sr
zg~QaJC4QEUzv;g{hW5kv-{b%8|M2}|{eNZqX8+mu&-b4_d%pi1`t3j4fByIz@B1yR
zrP5Yu#uCr_W)aLT{m^gh*Y*2X+WhkQA6&8|8{M)+*xMX<z|WsOYdrrS9`Ez>fBOCR
zPk;CU&j0!T;~&299{09_mi8Avf3^%h`biqZ(F^bT$pf}r=KuM4^nZ=^pFEiR=`0DB
z8U694xGx^RFW!Ph?80C8QRbb;iT8Rng`fS*Paj;y3;%_8nPtoL#dv%XWS6VyXcjNV
zl`B{N!-HUkQ^`*gb~ECiuTnpOpE8)uY^3pm1<{zLDgBtn!!W*p|HG0Cf3%D)9$fji
zH*qpgUpyFkS8D0Q%7TWT{1^685PJCk{OIkE_W!TZ<Kg3n4{)vw{y+SR<N5I4;S2A|
z55pi@%-D5&`=1y1H(dGy&x;tshyQT(fd5xz;_P+_e}+>DgBimUcyKKz7pJq~`Bxy8
z`HN-901Ew40(<=beE<9B4*&0>wVeOE_h&CpN7<Kb(>c2E|MyRxmGJ)$a2Fi@-$g5*
zzjw(}Z|eJzH}{ueeCyA>bTym#X?ng2!`uJk!Goj71C;3}UKT^giy-n=X%Jl~%5cgD
z+VgJXm3I?_p%?iu3iJjn?5&m_^LUrjEKd9fKr{|QI0Qe@{^})wtXIj*_Z}ft@xL&*
zl>VMKz4f3EAVQdrc@MAID$E}0!+ke;@Zc>D5Jd3df>5Rh|1Z1ry?Jnc?k7m85UZwM
ze6D|)dMuiIm+=j*6o|}uaIu1M;KRj(8H-@6K;Tx;1vU&z^Ij1}dg1;4yEo!I(?5XV
zd4K%zU{jR5)7J9-e}VhH1Zp$NmYeZ{?eBko|MAo3#rOZ@@%N9vckh1}?f2iu|L233
zUzT|J@sS`Of-eLAJ)>*=;Qt)MrT+c*Az*}a;BLG@`Ob{+qk%WfyWzW(&*B}9IQq!K
zmCt*=2Nos?=DzoDFH2U@%zOTn{uwMzSLf%!7jG~ecw#IcmW5A>mU)0r--m}UXCRd1
z{m+Vp!Fd2U2KXe}!05pzpN~!bGn@f8gP3i`fQ$4}e5*OL%C`+;gmb_H@a)525o8=|
zWtTzfJp#;wAUS+@ihU9Pq)UGW=;r7gkX7ijRKO1TQ(yv94n6+2AmfM-a0pBe>x4;Y
z@nW^z5XR0$C<o^XsPabzSka~NcN4&esT${h(I#H}XnwN!8WlMBAfpowEB>uqXW@^Q
zi(4kZb)S2Kzoo;!rGwH~d{Xm!R{zh!?bD7G-;7|#@kr@t#XaG@LN@h7ljEiC`Pr8D
zq=TFPTZkaAp9IJ>1423Y{|&ssF9Z8W6)zSr5G^$|SSs(x*9r)6F-kATw0t6kK{N|j
z^Oh}+_##?5rf`5WpvZ5;L?i7siQP|>l#0K>s~_dU+bD>~N=C|wv-Ziq0b|6OUxG$;
z6fWA%htpd=ki1!^esUem)b}^Q2&h*uBWUuai=Afizt|$ow^4h)ngKq%@u!z@e6@AJ
ztBKqJ)WT)B@ZmYliZ5V&fYxl6kN?6Ohz|!l+1|`gvLT}BBo0GA+5SB%Pw4JjD}3zl
zoe_ZB?q6wu9`7L#oKvwHbCOeD|FCxXT!YqnML7r6uzg@sG8WDJ;@RtbingOpY`ujw
z%dxk%_O5%=#~w;^Y_^x2D=UjGsd%z%HUptOLp~nZGo!mkA5Qpp@0wWdVz<$Zuc9OX
zJ!*zX&d-m&YZ^4tx2$oza`=Jx$G~WScCNNB_-Xgw2#)pL8{pYE+n{Sadr+DTv?GvK
zpQRCK@w0=buZ$sFCIyDW+XLKUyau=*0tQJI2tx#SumD;vfV?Mg6N>EsA+E0k2|Q%i
z@hUM9&}g(GnCVX=F@_|{x#adj3U9n0h-q;e05ZMx9*I9?>;hO5B~ugslyfcLm1n3x
zvpCr%Gc^MCuC-IHZM(JTf6II*Hwd7q*U~+pOaHt7xMcr%^6cqTXaC<x6W9z@Sq+$2
zP>M%UoK>hJc701yQ!?@+HVysxcbvP<y$XQCOUKvy53Yh}{=z#{m*@e=8*I)p_CguM
zTbW3WWvXK&`55Vv)p3sWXI&2Tg!F-PdmaJ7Sey!#81-*2f=!`C=@}oiDkl|TnLnXP
z1n?yDRLVbP`5*E{DVeHvCV`|;5sjaqCNP+>lyAR&0iw?VaUe8M;$H`NQ2z*0q#18e
z@!dW`wLc$8iVJ-C3zp3;-)KO#1#?wu&4KWo&nR(~m{Ge=a=Ny|SjO|pDPXIdM9XRX
zJ^xHQ5&nm;u=zf2nKqlz_Hy~$^UOC=*^0biCbJU5aSTsYn1S<Q%fD;{+bR#-jy;T+
z=#h2@R$08jUrr1C&f+USYI_|ewp9&N+)Br>0f1IXklo^6VI%sk3qNcG!OJ+!-uc;0
zoLseSNb8n=D~vki=p>gg6ga$!mrXBh+O+M~t+#A{|4H@g7hs^SWe4dI-2bC_Fay!0
z#6AydG>!xDMcX6!PS|H^mV>Y4I0i(0+jcaZw_mEh#erCIk?K$y(#g~w%+MPSXUTk+
z`2Vx=SN;&B3b@8B{IQJ+P}d{Tvp6-5CmzBOFU5~GbX_XBnujA|{$o9fuUQAq(%&-F
zXjZEbs?{Nz&yyctG=o*CdV#q55#WL(s}6SQvoO2-jStp#L<|I8KTVI5c<PU^H~a?-
z*D`<Uo9g@s!gEh&1>xePf=8_J;~7>~j~9*L_oF-lc>>jE7dL(@x{%{e$A|LO4=cDJ
zVbO)}{jV$kcF+4?*SH-tayNhmCP~-?9#s(_f~=p*0V?|ih~W(I1D;h~FR?@+*EfA#
z{h*A=YX68wm=>|+Fvs7=anj1{b>2ssB8jtj7KbmqvxDQ(Z^Fry52O87ylBPsq2KQ-
zzl7rXPTCpMj=M{Pu<Y`MH^#oVzZHH9q96-cc<6`h7H)7H&4H1A^0?4v=_dh^Xa4K=
z7Q~IN&&%k#xFkQi?vIjnEkXL!m2R;5bH6KT)<hC0KE~l{;lD-RsI;DI?Uxr1>K9}>
zu*JHK*Q_m<FSQ`w7_Trj<kPxNHHzoHGO4Mr^uKPzCU#BF&d>4XXc$WVWvkO>G5p`M
z;HLd?%abqTFuu4wT_PTVA5u8gpm32JyKKC$<~zCs<U}lT$kJ5W%lL<tpV|;<%Q#L;
z{AX(x`d^St=RumRC=zJ8nqT;air^0a|NZZud|%T4K7aE3snh@Nq8aOdo7EME>Qel~
zFNM$qudgy*l02I$jgPC7^s7A{F6Yzxph1?JwhlyJ1M@`?O|DrGB0%}_^uM&Cd!x|`
zv}ldxu`eGYR$5@;Z`Mn!8L_a)U8|$NPJ(EG|C1@3trZyDf&ZUA`Jo*D@pS+3zQg~!
zXq)1Hx)jzX!eI&F(<p3}T>|6z8*%WXtG{#4PDulVa_Izk{N62xTfpSWD&&IU(1VS>
zO5)X0Ofd8Y@E068!p)~*rvv)2B#cAf8EiXV$iI_=N<bnG|KQqBrg>*Tj05>^)Y+*2
zxIy%%{%f@a==thDm-5HjwaynoiVIErivXn<?R1*fe9gjOPEmT|7RY!yw#$__tqzd%
zGDcafZXJcW^+nyRHPyA>Fb{t+n{7l~${m4o7RSjvh)m9(*rv{Pl|WFxmf>)?0jBr~
z{s6b|t3VjA+!OyC$CR*d*)8;{qQyS;maeA10-qyLSNC{!hE+QTTkf%FgZ)Ywt$W%m
z_&;&7_AFqR{Qu<p3jg=~$#cj5?V@eU|49pxyc`?L{tAtYSKqUspPQnLak!PkR~a6x
ze?Kpt6GkBZBeb|FBj2#oN>*N<ZYHZ5@-obnlW{AdZp15_^@_4~e}eV1uUD}CN}4_X
z7x4=gWS|TG@Bi?$g#W*P;^hC`v`z7UeOSr*nt(F;mrS1>6|mt-?_B9ChidnYD}b5o
z$VKnYb}~|<z_pmJM<V8s`Tc5b_&=HVlLXE_|Jx7y`};2c+b&wy`LkKVDE(K4uFvb`
z1#PGQPo6%l>i-`<cKP3S(n_X03ce1*gOkIw8pl&rT5C!-Qd6G@Rp6mgQx^z#E!im2
zA@nA#keg=uQb*jBeX_vRkeg~8iA)hnPBmasTKlm1{3!aB1els&65;_CqASI=W7pw~
z4bPK!(Zq24@yB>wSLG5QH17QZUM~jPPgg-W=c~EaGQI9U8$DL6Rq@fMBls2_tKy{I
z*H#Lq7hGxC(OYm_`~qNtu8TMcawocBX?9HyI5{|(&<|(o2h?r9uKDo|{GH3R;VNNa
zWlQv1dI^H<JGSVU9HWI-Axp}Gpxir)Q5IK6H-F&Cj8IDF%|Uv-&%)&;+ZPk1fJ_!D
zQpxjRm}qi*^zrFw=?Bj%q~HDbQ2WIzZQ276uaXFpi%ovR<b?;)&(}NQ#+zF&-<E9I
zCCfaK;gC{TVaCPfD!qhlk1@J{qNXv{ARQGxd<RVN3ru(=1B+#vGrkOXez-oE`aJQ|
zOOG#+UOS~e<B%+j_-O6}94Jg%<ZKM^nFrbJcg3mCFejT>Go8WQo5wd1PuGUoBUK1=
z=wJJxi1;4iMIBN9;&4Y143>(aJQ$kCfzKOu#6iwCG<xu$Fx08<!%{GdN=@ctIu#_T
z<7pUAd2(XxJf2Jrhwmq=>~gf2Yr`!QSWl7#W#3#4Ef@aYep%?kz#S7YDtwPA0ZiOk
zO!i6lkLN4^Kma7+@ZbzYCQU@DUQ8x}QDtxx*<c`iSF3RDacrBx7_;~y3Vu_gr}CVL
z&wzUqiJa2p9KVNnyE68I-NHaPueXY{5wAIFuJl()Knn*U$rh%sS)r5am@s58T_L&}
z&+)R1)8JyrlG$aD!EAJ3%V0>Gi3qvF8GWm4UZsh-ZVp}=TAlPC2!mN379uvhjZ6&4
zH=Cac{t3Z&^78a7&zMT*#*ZlPS_2_@S_oMH6ee`VFOe|OsM1Wz^Vx*~(%W=3T?83k
zi~j+rXLyj+fe(m&6FMQ2-n`lc9^3(-#qa<L->%P&vcC@TK#WhX99mlZfCIbmlO8f@
zdfY{1ehMR~H!9N73d+h8TyXqZgV3@0ql=OJ3hjrueVz;xuGGyX@UmW#lLW;3)niEg
z`uy!iSnS*Q8g&T%O=;LBl!gr#TK#MLH`qkpt|LJ!>N}O-|F-xILLe1XQ~czq-^wr~
z8b*DqKr>r0Hc8r!DtMuB(MRXr0tjue3~N@2h$4miAIY?(zPF6$JPk9FO0H+8zsHf!
zvo{mLZ<)REL6p1HJOSB+F6kJ?m<3DV#Y~RpwDggFJ~AC!{v+^~1O*nRTRJSxzY6<&
zQ|o%*dOOfPVmRN`ymG<6q)3Hlt;6b&py)WtSIvl&{Ky0In!sQR3Yvz<LHo_cR)EME
z+&sP=`FS}t(vqKOs4=1%L{Mz&n9p?m*slCWOwqW7jzg6VcZyMaVtcUu1Zgb&2R{Tw
zt{<k}XQV8jdG=xLS&qC@Oj0b<p{0r^;~kM~Pkp212>#rk?@{t{SOt*%AQM9nF%ObD
zGF@#32qAAI`PhQ^tdusZ1TR=HK83^wh9#j#vz29YgTR)qM=t4$J+^GlJGzMYGd|~k
zM>Y&D0diO~ZUP>1320RMZ+YxxCa1m$iV;<p#^>xA%AHh0HjXOzC0G;N9B4y0jN>ql
z=P-`LI2&}6x3~GQhB?2uF4v3+SHhUt2{oTeAL(4P{B7G}P0@7RBgcGN9+-q|UihIV
zzh>)Lr1KPNDyjCo0Z0^(KfDV9Ng1krFwkr@2clF7y013d*FF&gE8uVi-)ETcGdx!o
zEQrX}CnT-YB$V4xeKu3NY0SIv!*F;Np)NMJ;?RtwkvKXzop|scuMUo@7qW9|JQ_}r
z6!=tK4YowhaW49X(g4uhg3MnSP;F}*!;*xxZ^nd7b&x3iEo?xlj5lXYqHHhheIreq
zk|jfkb`ue7+<LSbx$5ZB`m-Nh2T2@Z!ooA`SM$99><jOBH4TH=K^U*<G)gAd;$?BR
z5(<;50~lXlm(o+GLXnBsrgr#Q97V86%KaP7Yf(L?e%?<7n^rzL>C|YOVjYvop_;$`
zV&Ka?kHav&!AbJ9Vv!*gy}IYIFva?4z6YFgo7VLr9%4>8cq5sneN}&A)JcO*I=YCz
zeY5}lliI~;N4DpEIDLgWTl!4=>EJSmnE3ZAKUuJ->3IEUwWz<!!;XuAJt|W-^vl=N
z(4l>itxr>`!|U&O_vNJub1@!A0aK&BP!3)D9nr<}IG)0d;AQScbc(a2n8wOz6WkuX
z<_->d@@t~*WC)dvf^KQp;|oT+@EDE6@<)=KHN$KDYY@4^fJ?d#<~8<J#Ij^8rnxwq
zh6M@9U|eIkm5rOCQPVAJ4KCpvVDvVt@E-m(@i_s(b<Afhndh&vY}!>P#*e9ib;xIV
zvA7*-|AipiLy*~j*07LN*qRCWb3cQ1Yj$V+Wd#4{3VnD1fyi4pMzo43<8n+89ot^A
z%#T=;^0&yf@Q#OhIYk|l^Iv&gNI=KBNzpqI)RA^pu?67TX^C~0p=IgKG<Qg2*8I8Q
z={69}nm;3-3^QU;E=k8xFHboq^}nsAHF>yD;lILszSZRZ4em_j_mlsf4@FVC{>3c_
zh?=XAa2t}d<sY5+Xt(=VaAV=nxR&lKTr0<I7}|3ALFwSN57?<DUbGDw<V|FH6HW*&
zzkNgN^8XZUbTL<Bule79c=r91$L0L*&z`ybKRaoftK_2^C(!Tmzg81{7AyYNBz|`e
zqkj>H(ON8F<Se?DhiGXY`g<W9zIZd~_uNyowok=jw0=vRp4Rw{N>{MlS+sV52g+wu
ztl~k{VH9o%y#y8_%L9E5Fkxho691aU(J@gt?$qcPHgigTj(Hm16aRcvQY7$m<0ZJu
z3`~i6s?H|3^s}I5Na^k=Q$yR0P7Dt|I}U>Mzy9OVe~$3GAAcO2VA9sXcmFMV)yxdP
zw@)X1ai@S|Hg(0Vy+$ZZkb;i8QA!D_{xYFArq04TcTd%vyQg#a{4=?G)*_37izn%i
z{FJ0#L~x`*s{O1C!8V&ykuJP#*jHt_sI`<pP(B4>C{JQ9?l{0X!a8+Zmo2Qe&Pu6^
zMhd$PYkhbtmW#IB?Rwgk^M$j0*I-j>wIj8ksWO`AMiKdGGpA(%geu!&v;}-_inbP4
zu=%xYdLWgR9OC29pRY79#2A;7-S|HDzj>|7n@ZP`EB`hnVFQ0Y=E~57CT^Iw!&F&V
zRuLW>Ez)~L>>e&`^nb&D|3BZ=ue#YLW@Zmh{6(Dk9lip#ro|IEXvu)XClfcG_9MX4
zF&_7t7oR;6EYw(R@OC^JeTOrg``PTW-9~8cGM0;<r&5L2@r7oOJLLZ`_&|f|2jPe;
z3SlyB37%X-=ZMY5pkf;uuaS&IQ80_=-Tr45_WC(6mKbfe26W#6`@A7&<?P!4>;$+Z
zqmDlTOZNPkMb{4}Z;W~y0m$O4jGQM60DtY@N^uNv89Dg~mq>}d_Aqv2j<Ko+-Y4d3
zm8_Gf;k3<LB}zXbF(lMOLIS%;$DEPj{QXiQYeDAs041hrfO(VSCD%WpJ^E)HV2>6t
zl24P+rqQy@FQ?IP*pU|0=fOy9ZF!UA(-k2!OnN5F)PRyJQe=_KZjVr@2zPAx-5%-}
z)7295ZMBBnSnuh&UNx}xmL$5b-O;wTVdf5lcLJVrYac^DPyP~KcOex!mg7_oTHv@4
z`2gPG{DWY@gp!rV=yY)&q_RQik9gp7P#BlEw>-SZ063lJ!Bq=A^JAxSP>-QIOiJc@
zxPj>Tk-!b(jtA7KV<f_9IXL-KBR>K(mZQ}eI<)g(3-(2m;Jp3T&gKl8N`24?J8brz
z+^@9pHMW-J6MH;gw9*eXIWZL5Au5hg(>~_{mc9?^U>Bg%1A6FiGD=dxfBm<Smo{En
z>8Oe9_cglPq7~<Qzx#We2#YpdX?;_qw>@jcxRk%4YfwFukr3-G_oPv)ljt=+IC)}5
zGgyTe)T<*cmrmNrl8dHr20CVGdJ`w}y>dPZAm1kU!+JZWVID2p(N!6{I0I7xhiypb
zWz@05Jyc()L9i9~P3cDb*h=BLx~)l3KaQjIdXQ2=uF>3dXcA<zLkDYKe8aFBukb4L
zeJb_*BmJ*%!>TnhzcZXlXUIQm-+#VGFYH|<jH(EZyM9;wJ{O~oCJP+q8nD)0ifQdo
zIUD$cHwP);GyEBy4NP>PEf3{TjD!4xjBn>}pCPBFo-t?VGy%j!A?g)!Az-*8j)X$2
z3JTiOgZa3|H9@OJa*^u+@(3azUw*yYc&GN&3?os>&RItcs~r-OGMpGXhX?F-%(>zv
z3lafgO!|;^iwM%0_N5qf9{ZgC6H;F;9E=n<iioY|&-fos6Y4afp3{UnO{mj^R+`g<
zI!$P$?OYRj-YFuj$Cco?%CBI`@UNKE5niN6k~X<X0`Gz@OXUA(#FqSwqdK0%@g((M
zIG*HgcoH*xK>_0UlG7RlA(V4{Yk~mb0Ipd>r%_#J|5^+S4IRZb*+F{ZB{4=_G7OuG
z(Yr9=Zk~jq5s2IiuN&kxxex%+cdygVp>C~()Es9$Su)*zUz#DjlQ&6_bv&H)sIM4W
z`YXLA{l|F*+{=ZZNmt@U?*1$KNgk(TmbX&Va3ZG3FOf{kEMt7pW(hI}#k((;VIVUS
zhV0f)q~gVUbRHxr1%rkx&DvF>MtM7Ikb^mDSVu`*J`pl})v!NimXb4WenI%d8KN{N
z4QrIxbCoSul;n(wU5!rsWyog!1UjihGMUN_yGom}S>JZr%PmZ0_{dF-4&uc!z#=t<
zQ(0=hWzn;~cEU$P<cr1*zKeCwWR30E=*LOLY_6vtioF@5Ya{vwof8(NAjTUpQ=7a<
z#7DO>*h0-JLSG^cE%y92=~{>|TZI&-+%CD*H!3Gx>uwv{#Jt*PAor`_UVyM6%O~6C
z5!Whw<`7Ob!>%@-)N#qV@5vLB%jx&sSn?)aNvgK&0;Kz{q|!F3?C>4KaI^A^7q^hC
zxd;t|(_r)FoaV&__mn%Qz(twGi>at?%}KO0fWX3tXGGs3IY~?pxnp!qlcd=~yVmpx
zlbofsfXe+8%4-V>>X7clnr9`i2U#|RXP8Dc9pWjz+18=%pC8paE>c|+I2WXv=3J1R
z3zBm|>gwxUkW_OnNO$Cd)Pqxy$oL?WIyCzR2~xJ-WUMs3<0r)lrTLmIDB&rdZ?M1=
zq386Zr58B2-XaU=u?tMar}SI;RakZ@xjwQmnDZGh^qh}6h|<BHH&~?u?-9JB!T<OF
zri1U`4-5J;{htN?pUXkxxNmv-^VBCz*Kd9jYfe${ibeJ005%xSN|xvS#;C&1%Ua9?
zV&vDgb!=*aL%T4i4ZhqumRtun8ljmkJlGfZGgypC=JOW()`^GOHE$BRG)_*>2f!el
zO}zIvQOhHr`=PJ*KEVWvP5G})uUhd1oN?Ws9t>2Cv+jyl=k1JARSMmD9FhJcS1$UA
z*PbInHj`&p0%Pmd6X?Dj(w3Ex3ezj#C94nx??_fP6Sy)f=-doKp!9e8kk<XMrGK|g
zci6dk>XU%v)}CB_=)FbX)Q&zKhFc?yQo8vj2i*ENcu(^aJ}k`Nc*3;IO;4CFeA6SQ
z6?Ywt$?<i<(dYn!#bT9VsySo2a3sG_&<@U}30S57Q0i(me&<4`aUA+B7u$+>bzB>w
zZ8|P(E84=bs;CUuI_z0q;RZE<23s#)F`RuQ{TxU7no8_YKQ!1(i(ksaD|GJ?c+8su
zvy8QmvOGnZ$oW!QY#+rg+A^xhww@!vHY!f}(FFj>P=lus<aK?9b-kyZaQ{+YMky7(
zGN$mgN=L<RaMhGOK~l;ss$>6)KU;B(+dY(ALLNdPgF<;4P1ylMK)S<3&3vb{48*OS
zy3WG*+EBEJneVbjD#^Ip(}vAPGb2A%8*k1Orni>NLlW!Aq+<&EsKjD~bW??a1m;nw
zsn61D2D!!x-Pd$WvQ~0g8OGallim0Ao9nbR%+a-I!x}zz8e5*O{w*`~7PPg(8?SoJ
z?(3|GH^Tyjdb9SfQ6Gv^o>;C?!?Yi}?UU7J>ZMz3!}TV^57G5*63y58eog4wc_idZ
z?TRR<Tbv>8Dt^>mA}ep^c7S|*3y9gmYRI3Xac?7iKQ>EnhOmsJSrcD3wlP#vqjIaf
zIqc`KU(1IM`&B=3*st0w!D-{8o5x(W<rC1G%_|w24@;pxxgcWv%^TwT`$zQF%zO96
z%^Io%uCc}~mo`*Yg-$8%GfwK3UCBHwVu|x`(dn&<bwn9f)#OM^Hi~kV;-J>Sw~KTw
zST?(Sna2zm*>cMt@f`D54+9mIv?H+_az7%3z-tEzkLLU@WC)+UJ8bqaw8>Q5ss)?0
ztW0Fdm%or&OSyw`M}R%(00@1LmwJqZU$yAmGHv2hl>!wjkDoUc9gxk8;pk*93b47#
zL-siw@DH?6?&K`C&b`O$6Z7lM@Xbjm_38AhAfHz!;AitN<<Q1Ec^NE)Gq9iKuBTlZ
zAnvCjC*Zg9D8jh?4FBilmjH_v;1M3iehPo3zw`nrzQ8`=Bpg`qYDXN?A|Uiq5bz*H
z^<@Q9=zSESy8_>G7v|OdWN?DTDy7N|Q5+3{Bh7AWXAp3N|Iop>_GDrrvb*qKc;yk)
zbI!f_iZ;w-)w*ETF%RizF}|iN@3xU3VN5_xD56>Jr*^(`sE(qsQxE=KL?hnpw)TPP
z^U&7D5x;Ox{~hr=-LOA+o}&>E4XnQu`i0*_6o@uV%T!C80*?(o_IY_qc#b~Le2KG`
zsp+0~a~Y?cSSTyv0RC&R*J?=7AK2h18tkdm`h`cM$Qt>44CuGPI)r%>Udi*m46l^q
z$`GJ56c;Ls7c~!5@m94Lq*xf`GDhg-Um!<C!9XR$?E4d$G?YcR8PD#5<nUdYkHbnf
zskd5sGaMTF)j^~M7j)d*wwI*U#WLb1$-}TQH88i+VezAA7KG>)C=2~?ng+jI`m-w?
zc4$iBENYLXQL9BdN}Za^;_&*VrS1lWap=2(tv{afN~%59#>uOU)g4yL4e93h;6PF=
z@wy3mtOuUe5be@f=Kx*gYv@%fu@!&D8Cu?02QsREV{25sd0F{HvewPs8mV%K5P_M!
z)Vn!n@Q~;4%+ce|^nw1wnecbk{zQ0?51ofs0@dnVYs($)exzy_xW-lD7y0}1(!ycD
zWf<QQ6-DF~WW@fnv?<cH`;p~!fz8Ctyk4eu`uq<%1aB|^FH3HT!q`BQHzPM%+_vGW
zPpC64`R4Mr&aJ3?@LH`V+T1qZfBPgGymE5U=QRo~UdwUaS9LGuhP-JTpEcE-*DHP&
z+cubo23Xbn*;N$xT}AQUnqmEK@hb%|+ZF%*rlbD%509Td`~G>U{`b=#o<DQ-zjx6#
zssF9V#<=3&fA!+u8j85X%HP_Zq#r9~zqJlcHNW+paB^2y@H=fN_^o~Yp#N&$%F$d#
z>7cR!p6g;+p^=kUFDsnHT+chQM(J(Nx>lw-Ez5y5e9&C0F{AM*vLtsQx50)rxr>o+
znp6U3gOZ9Wdm6?wp78?}CwOGY^sCgsBF_kqxk~(V;29%SQ3G?h#1wiUIDVGV>Ys%-
ztE=bj>UoRi>UsZp>v?M!rn`!FOZJ}*{iGnroq}(J^`w;Ank$%-1poc=^u4ZZeuNtJ
zs~2!=7iicRiT^zaS(+l@tB-v~9d>CTN~Q!mhw~!s8Q0k7nUJ)uq<llJ>pTdNZo*J{
z8dw-f<`lP8v&jJePPlzg5ilrsu7plNem?Tv%RpO|H-4c)_-n>C$cD5CqOLBTb<?l>
z+Yk=N$oXR;I_FzVIc!rIzMtMkGnEi^h3riJ(MNQg>dKd3;{G7l{OZ$W8GJZ-V;sAt
zmh$QoQa|rQ5|-=#6>FDMHUfhhfJTO1w#qK~>+MKLQ(QBArNf)zS#_H_4vQFVMy@9G
zMC3mEh_}m4b+{6%5FUfTG%bR?Wgn<EUjp)wMDCPpawfAGCh+K-B%|a_bVpUG3d9#y
z@rl^1f`lk<)X|}d>t6wCxH`4*5`2b0d@kd;7<?F*BvrEV;sd&hYO^LwNbAD$wGNqn
zX*s(nb12HK4PU`I-x#^BTJ0b;d11BdH%yZBe#s>)8RyK6%EGkHy-f;v8T6~_{qxfq
zMM@gYbY6VjICk-Qqkjz(kWIDVN$iDL1-aLn(OjSDk$jfc4B_TVGa$*5IRT6Hu<(~D
z><h`B(JUpav<wkPh-@Q8sf82%y4gw3glnI$`(g1gRY<plT^^?1XJj0ObSFp*?cF<#
z>2)BlgC+$ja`BFwO)y@PI6FKfSV#;j0d^?JB)1_AF<VP{Y~y8K@nUET!=L*21W0yH
zh}GKa7CNkfE&H&zKDp+tl!~xsv)<7~#7Wq>R3K#XVG4E8kTgVapNju2uY`HbMA`0_
zFOSc=CCFPj?xzLRx*Lp7Ga~sVY+gbAx*Gt~Sf>&hFoT|Oo-9wQWBR??9;wU)glrE|
z939X0M|tX}7JgG&5?RbhZAOH01|0K*>8mE(=(DX*3AUOCsEad>o?7>@PsBu}1Pq^H
z0iWT;vS6XY*UNCFvoxNl;cx(us6e{$!*F;N#W#^=6``3a`{~ii=>*+#UmYBKpW@^y
zjM>~fLYqfWD?Hb?j2s`xD_4S79VlBa{b<gGWm5e~)p>WbjNe-$=*u>$sz+*9;1nIz
z`^!*0+nn!)ac~yI)O-a)CD<Bt)uhRe-o|S+7Vm8D=7}`P@X!&NPp=RS#3dv6w?P0M
zj-qKa%oQ`(cA{uFQ!MsG456wkm+8MjIv^*VnQp~NXFY7e(W!ebopH2uW)Q-QZJiUE
z<Ysgc?kDX+4>2H+FfLUGE8SExS>y-{XXwv<&-)C+e&$A4`Aj(uaJnmp9UXRb*l``~
zc+3*Ewc=zBMT+K7WK(k}(smyXMdst&b%IBuZZr1NDw<m)xb8UN<Cky8Q>u^+2muR~
z&%J|*H>EjL9^7k8CxL>0?sUQp-sG8$I2elva;Kn9y}Zb;Jt;Z9c=-PV>1gwhv$Nw<
zM50+di$hY;lM3D!X+Cb@$}D*GW^D=Wmj=U~Dm%i_&fc7&UL*pzchr~UWiVfO)7#dh
z=SEj)#*SOOv1F@Y9p!K()$93j@!Edo2i7vJu}4ie*{bY-Cu|Yn{76Y)JMz)0-606Y
zhW2=fKOG%uo(3G-4w}Pg^Je_2O-Mm22@tNS<T;JL&{=guU8u-vu|`P0cEvKZ(^plk
zIk<zS>`QB{(In$lHSizT0RYXx#_x2x!b(7?I{H1d>I@EKKH5QFX|xThDDaMI>VCjw
zrnELtm$$^0>kDe7GA7k*%6^M&U3Fi<hJKx^0)#eY)5f&hMK?p<*Uqz3d~*=St9dVu
zogE&Abt{(skz7O1H2X0kd-yk5E?IpN3!BAZOOn(si}^%10Z<jOG*fWnP&_#~o%CrB
zh=ch|;;2btR5sL#jl=P&9OlnK=u^B;-!mj}=x<}?DbKQF>fC5CwvGL)bUub(6d-Q!
zjewy+PYo(}Yoya2v_gH}WsF(<Qz<G6Wd=`9qi~klBgbZMSbOc?9vvFFZP#uJ3G^f%
z$XVE&f~2@sryy|(l2Ugo9WtO55fau9juMy7;VFlw3Tt(E%HgR}_bs`W6*(@O&q|1J
zhbrd8zkn;%?u1n<Z=cYI8jevq%Fe>lhUvi!^b)HUkz%O!wzeAL#xT0{)2W^M0s0Hn
zBT}O5TnEvCK}a{DM{{E!J8HuzAkN2I%aYrQtDw>od^+v23P=S%z}QRYSKP&#NAPP>
z5f5^`1%w5J?>b202vg^Eh;V)$aX*h|=?JD6u?71rjz+V1F^1WOu$kcnX5!%y_XynK
z#R?8!EYA_nX$U<>m)RoxmK&cj7v4}?Tn}oQUvE0AHyCJT;5zY(RqK4;t7y4-=t{-1
z-{3y(0wzqF3z(3rZ~+sJ{k-?==iLWP+<m+PkShyKDY8~ZB$u~ojKK<;+7dIX=&=Iu
zS5<<6GdPr4Ax?z-k&_h6b*qtDr<~QBQ+hb1$J$$PROenRJtW>QX;s(7QDw~Q@RY+-
zg|#|7<?vLg`_8>=xth>i0SYYXww0gUmBe^SCvoWW*aiC6<m8=}7>>WAvZ9fT=qycF
ztrCXOT5Iytw=P%6ze>T#*D7@wBJt`p_ur*tc6yS#mWjH3|D@kvDnQcFnZjIrOsA`|
zDc852blUtjwsa71T3f08+bZ#|uFVwN*!T5EJLNWhg9VR!Oq;m7{DZjo5j<}h0R-K|
zZN<FQvtY?W`mWQ%*OXb|IcbkNH3C)fkKimnml#?;q9tE#=r{3OeTuY(jMh3-@}4nR
zJu+8Tw9%BQ+CD>Ny=-GfYMtwG9~r1Vm?sM;8#7HDRq#u&Cbl`yhHx0iVI0q49EWi>
z>V_zyE7gX8#fu6jX37bgI6F`*k`zdYRV?{72p|J$xF)_<;JtR(^3vR@lx@eY9Ad;%
zaf<`*k=Xusn5SLTgf607U`Zcke#DRu+*2IkUIF3PXRg;K=EBfiT7L&}Ht~057DkaV
zxQKF-?lPWxk5b?F7@H5_KZb$m**2w_lxBR|*uAuYj^5JTZP4B5WynppGxCL7d35eA
z;9QAhR-lZ+d==1p=n6xnShQLOn9De)JUz+sW)2=Uuk5ruu$K0@#)YAEEJ|)x(i2d@
z%DU8_<)iLHYBP2uu{Mrw+i~O$9Y%U~6ftxVu_kQY4j~&y5BKH(vgH_JgA04#_@PaC
zq1}e?8u3Vywwq@T;2#_o^>$K-<G=EPI8;A9uY%Nv;>!qt#6o>YLgOuQUE(gwo|x!r
z<u=yU#h$aP#s^s{fPLlbr^$p0mIxeHSPEvynT~mug(VA;rk7$u;p&P+>CFK1nhWzr
zqPztXClK^M;#;;f@a@s67~0sXtwdZ4E7^5@eZ379VCuj&#B*)u;cTSHHkxemQ1M2u
z`$#Wl%d}BgDZEl(i%#EK8B1Qp@kQv1JOsxf%h1dIu44l>bp8h@^uS>oyC2$luRGrs
z!>{h0B9w2%`L^`11?SuHXYg(Dyql6{qfb;R!2Cv(2JW4U5#w(mrHL9FcrXN^S%P`X
zd@L>s%AmO@C>I6gqM$rS3rp?pqo8bJ`%9G2{0oD`RGL3uPE7h?4~)7kO-N+n)+?ea
zzeU4KBK2^1QAJM7&9rabQhAVtY-%Q!2iY4owUf*FCm&f7uxaS0cO!$BoEP~LhYO(=
zsBvFpa^X_m>ciG$EG64V!BK8Fd)_JkwngZ6dE1@T?WFF%IH%FS)NN|`Gs)$%brPM+
zU96T|lTVT)*c%)5Ru=X=%>Q1pPL@a)b{Tnx;-cXNl1W`S>8D&SJFxM!<QVEazhG)+
zI5_&r&TN4F?<jZiT6_r}FRoecLUiqeJK3h4U>P_gK}U1!N~Jk=#jz`DoUeslN&8|~
zgf_#*w?`-fMM)S0^UG+yi~~4c{2MuY=C$Kz@^C~Hr!tdE?XN^5_nS4iT21{V^0Q`K
zUVzbS)!m9wV1*C)qxedAhQiWK^cf5GMf1Ax_S?D!k!e@sI8Nwf<y(2lQl71dyXham
z_mr%N|0nVaOeRGlE(HC(<Mv=>TMM6@cU!SCu85y#j=O4Vj=QqmhvTmDakiKSNugnf
z9I-j%XtouH9DCS;Lyq?vIa;I;)h*jr+%buNsX&Zn-=Lc4KWly3`bn>yuUB1jzFyAP
z%lUeFj;@s2-TQhOcg;+^Q3}_Biq-PyJNmd16N5~AkA!IIv&2u<^O|vDiRZ);Czfom
z1xG&q3}T64O4vo5`R_~)U1cW{|1h<RoX`|{iT0XArxeJ(nIVgdFMeWdt|__YXjT|L
zkT;pn;m2OeQqR~=t7zVy>9(@Kg9-nL6OAcL{pZhyK(JzDyALL0ib0A61h`{Z9@hH8
zo8ESIHNLkqCTk>HZR%m6Zk7K9-fG0cp|}U5ARb>o9z7fFkC7gazpd@C&%)&;+aDcF
z<PskC$b77mb59aOyhuDZ0gyCUn8Y3`8!@Hdf)@b9Z_kUP@Kz-CK}+C(qy0fwv3uEe
zpXZKa6X{6jv8=kedz9(!tboUHrN@P12+-cz`+BpEEN_iVr8NPdb8yC-@m>M0WU0Cy
zdnnis4hVa_Wy^ud4!ZM@$tFEI4Lhr4^b1CtxD_KwYH0GPjEQiE2Pig0E^`NnQ8(q}
zU-nF-@~w5k-T(sIb{L5hHftu71>n4=u2zmB;*(xecK4MzZhfCqeOK)_;pp7+7t8E+
zFZVyrvnvXx&5`$h$+NqJ&=1EirJKvY=zLTxnvVfp!LSJ>Cy}yPx>_#7K&vN!m=2Ji
z4E0ut2FX{1K3B8u)Sb5E!6j>XVFfLg;)P4%)deQ?2YR0c*M%e^eP#ka2f+IY!oXfJ
z|8xGW^gPpslf->;e1tH*Mtu(OGEObw)DliD;nWi5t|S6^tRp`i^G`+OfS?BnJWxbR
zr@=*pu%}-m@A&0gA<*u*m`I1a^tC$N<#1Q2d+%uyG|tJOca9T#v)*A^(^)4jswPUE
zDcmZC@ZKLB9f~+f;;{3i2EFCu#c{2c`avv&MIv^dud*BzA>1K$oaNRedW3Wh9KapD
z5H_1C@MrO2$&zg0w~GZfDCHm@QeGHd2|$~R4y7IVg%rETtMsx{uVi#sel$yNX(Jsz
zt2SGHsSheQP4`ZbV%dQRv@i}U(A)_mlsw#BSHc_;MMb0%^SLInhS5TWLg=4o-ZW&<
z71tJ!9s?G?!YJ$@Y%gdq$C7i4Ao7JOS=TI#U^#FYvCu|H4n|b9&eQ4x4I}MN>qHgJ
zLffI4)NL3HIyxXKGp*`yB-l06{?e&y(@SJo6H?TJ6fcB-EGP)a5oRRBRcLS(8eD~j
z&aSRPgR9VRuPQVUjyFcbA0<UleA2_Tz*Q-xp3{zo1Zz9UebQNr_PWJx*9o~+sMSEs
z#-8;LmR<&5Nu)C#`A1b#te><ffUQqDDo9sWZ$kX|uywoOJK)eKZg;u#R9|o5&n{UM
zq>FApQ3aEPzK-Vd>eG48J@P))48A1|R-eYDC2K!?*_2Tmz>cf7Rr4AuvyNdo0vl8y
zoXZ~Gl+CWNvI{(s1yZlpT#R`GxY8N!At&*|8;HHMbMw4eX`pb>?s~`A)`1ZMM6Y}^
zmx|&pXc2ds`dMbGzg#UVHeen2k%`%vH_P19>*gaeg<#SD`-)o^l*2c1_5j`tt34DU
zE8b~G8M?gHdCQwajSJ=6eY{BmM(hF1Z=9(r^W1o#DJm@7dKBX%vp6vh0C*`JS#bb3
zD~q$TI4jFtiy5;0xvVV6kr;I2G}fS_ndaVNJJxw{46Yc@jZ<Yg&)%HUZ^GF-^`^Jv
zeT3JI=Woz`!S{489-eB4S@?=qmx1Jd;b)g|7ohJ~R-S`A-w-*_Yapml<eZ(S{vQq8
zG<jPGOxPS<G~0@!i#=??(ZzdB7k41*6dYHpvW_|`A@68}MW-cMY>N~9dY#GI6b73^
zon~8csI!MHIMjKsQKxa&UvGNn*8h1^%dB%;r*Y^?z5CBkXCi%q!i3$Ed^#JyKRP_v
zIzOI=DHTnETTQ|s<4nAoIZJluQsk3vF-D`XD3l$0qRh7$p%TYI14wQBXPW(l5Azuv
zkiY7DMGC~ZrCSgl)Ne|oH);8D=pkhM#WGH?{%sZV#*-Hu0vg=~R3eT!KAX=KzmLzR
zc*ZM~QD7dvGE#&KPlnHAiTjLX5YeSlpPG(;{}LDZUzR~a7y-y+9L;xko${HzEFiW8
zxma9+@y#-xwB_wv+$`hidb@%9k1+%D3PV2)zn6jfL6kjzW_4%a3;&|kpEPf4mG#6{
zm(Dy#!-Q5e2_n-tIi?Yq61F#mjV+4BW{qYmyR>*4*mjm44%<CQ5r?g3Zz{c6Vq98{
zJ=V=XGsnExY-Aj4yG<RJ@5&Mw)^bl}Z<dedzREw?`jUZYEc?^2ODl)XIJI29B10{e
zeUdxdlAqQ~vUXenIdDs|Ovz~lg}v?gtH2hv;;XVvPZe%~L70#<+-!bP^6vIcF!#$F
zMH7XUsuuZZ!ZWG4+BR1*^ro$C*FiWh5T~+rD%<<QvfO`_ZO>jH#xr*pqLR(_PH5^0
z6Mb-%+3%czBlO%aSRV1b^3=rno4Q$Jvq8?pw;bCtT{-A?!+X^qNIeTyVy}#*8{`}M
zsyMMpDf4hyS;KG5iR94IbhYqD@D=@K8lY~E8BO%MN!KGwo~1se9TI7{;xL#6W=gVq
z%CrfO;0jb(3n-9NGj<^^hu+GNLheP3njpqWa9%)Aq?L?U8D|~MGFN{lT=Q9m?T9x_
zGsKZE$(EXeNBrV1Q`pqpl<CBe5KM5}Lq91fiyc4d_({i4I)2i|duk1H#)jyAm!^*f
zHNTGO_iB3xs>HcRBsV&q?TPHv&&!K=DrzB;J(^J<KB82D6zqtI7=5-C65$F6xdKAv
zPh0^Z>-{*Amyh$c6%ew~%qT^GL0^MNVdGVXbGGbTfAa>$G}7E)!Y%~+82@k+Cv*5E
zNDOih(H7wfy*Zp5Z{3s6+9rlD-Hl?VZvQ=5#c&h7D`W1XU%t9~l1o6K8cjwy{-i%v
zx7nxWu#Bd0j{HuFcT&7#X)L99NnE#uYCnkaxhn!8H$sT?w_2=NLWTFrBVh}%)barO
zV%11mJvF7EMbuIFw4FDDCx*X~vYn>v)84gCE_1{Cc+W^pk7Q=|b*XwGEjy}8Wq3XA
zBPr>Fj94c@?5EJ7NdZ2aW5OZ?S}DFMFVrW=$TbUtIg$|F4zDL57<uny?YGuxf?O*E
z1AI7n!&CB5=C`x6<5NUtSv-qFkt%n|5;&ZUr_c_>tpGuxb&_QWq6LkohC_iP0(i<4
zzof<WdAYar7B0{Nr24p!cB1_Xv7`n%I2z`*&?ajc#IT5=(FHRrURc37sx+IFz4D_M
zDUyv2zhz2O;$%RW?zTXoRX)&-QkeEolyJ+*OV2KQC`4$yMw0@BJ1ahDR(R03=%9JQ
z!QEz0H7GD>M5X|*+^}SR1e67yC*axs()#~g9oozMFiZuW!m_-)3jl@9hwL2LgqtMD
zd>Oo#7Tn9)^|UYqQXy`z!<&@`izQ$aIOXJ4+7U_D6~^&Wkgpkw;1jqB46YvFK|=Xx
zD+}5q2M7)D^!zZ2AF*lZ&jsd1EZ2TZWii^Do0}0uh{7YlQ^H!a^LUnyWs*e_=f;V@
z425X-Eepf=<`)4s*wruB0sG~W_TG6Frg02VYSyV4;ToG8@J>UTJmapKVwCfnDHo81
zht|2zGD`6(j*H)wmr+I~P>|rElRAN+odMt<`q6ce#1WQ|pv#1o;W)|g`NJ&UTj&!E
zMfHr4(CkL(eg~R)i}`Wc6g{1yd>eR~rdYH9{gOxp-FeWy+SfQAXj5LJOCN8=cA`FA
zxMq>IoJN<2%3=KaqtdCv|6j&IWa8U6;JWU?h{(b96C6hP5BSjq)@Pu%6i0d1=D`?+
z(g9yWx;j4(zO+t(OcPc9#^<jW{?0Q+t5Oe`FQIHH?&6e@Nfqh<3P)CMaJayY%Ml<_
z{1-@IpAaLqa%VONdQun_K%LTS3(`0wZl;2YQy(y57R=JFh-Oa75!CYlggrPt7*0rk
zo`%C<-=tOni1`eNy}<PbFHWm;DPEs{4X|G^5+68?ncXT&P4z);hLyF)s!g{s+O@1A
z|4_(g;!)<JjK_FoUL`B&;()YT$xZSqGX56^G}0f<;>C-<KY9FkFlwu7ZggwKqix@g
zumfH{>FH8`6qrK5M4_cxe4>$lxEy|fnkR2?y+80e#MZ&}6Tnt-uDKR>PrtN$Yf|0i
zdcUhf8?<`LOW#sQS%z0OG8&!y=8ZqSjN>b##PpwdU#ryg%)9U-Kf#(^K3r=;XJXEV
zDNTgmX*@SC`}7lZ-dt61Cz>MxDW^O7YwC_#j^AmIwC1!&PJ86EN1}1XL+jfIrZnIp
z*0CY3Fa$;6PW*!}WYhg{!?`h*l}yUpE_=J7yqDS(J3686g3xr-)-XlWzov0y5^Pym
z$UosDr4@izu}UJ2v-`R7Mh7Pt!Tt*NalR5&l&BLxE4g4P+c^ioO{uTgQmIcs54zm%
zT#STl(fKM8qFYMjj*~j{@dU;xBD@A4Tm&HHc0FkW7j<(#1T!0X0iwCC54m(vQp*%<
z*evX{7G9F21Y*K!f3BY_{Efm4SlGQtI}bu*|H1X#zwVhsN6(&vmabpsUW2>v8C+xW
z7XE_kU6=dl;L(?-pcTB09m-67-i%@+OiO}TIia)%3}K$kcxBE~obmpfGBT?qv}U2;
z8@viL)>^%}x9W>&n>lfat65jcb<2Qme*x+4Y8rnrQg!`{zIemGuu^#OFFpBbA4M6L
z!AoJnF+M`RiqSzBujZJ&SQ&x5M-<uj5C$F1@YfLs&M5M;7tfwOefZs`H_g6=Bw(i?
z5)qKPIU(|a_NAD8xa^e6F0dY3Rswbp%r?#vC&6$2{I!3(rrYYJuMI=Y0I5H!b<;aW
zbuOy)TW~I_&PBDoebp|iJJ2f^sKa)Y%Q)P6_|v2?Z=Taz<an3f2oC{MJ<Pp|O7E>Z
z^}tc&r3FN_Cu(kzJ4`Wgk_$0#_}k%chrhM9p*g=}hSs0SrSg<lbgo4>h0F0l=suNX
zL!LG?2<9Sz^F3!lSZiDELTd~5<%AE@1O=_W!P6%HiSBv^wBaLk{{gzzG*!nfXn|<+
zQ4X7gy2jDaxoTAbM~xcv6a~vu>RphE;we$-Id{`4Vk7#d{36;83F~u^`KR`PT6EUk
z1TAD~c9yUxrSVa9(fktREkKTBh+2_ml}YzgUZ9|O(K4HnmV%{iPErO#)E~6f5bdVd
z&H=hG&`_+g@#jVpq!Dte(|t93So3Fo$zOO`q6}52YQcjAd=#eYkE^MqQW~%Y@V(#v
zc)+)!n>i7aBnNT0TIkn)m|NGp(ZbIdaz7(<J(u?v23_cOVqzn_$*Y%@oy_&Bx`l!H
z!bbVK`>+3a^q(XA>c<}k==*s)`0l?){Q6a<IxQbp?G>n<k1g3W2m^eum0=I+e>5Mw
zeKVCy#%HD9+o$6lulJ{L8q)hNon871mLD6Sp=fe^^zrFw>4y?hJ>Wcuh9}YIl{*J>
z_jYnP_rGKq^c-^k519cAZ=U9(yeF!Q2^U4Js1PHsDRPwmOqxNg6~r0iLN?PT^vRaN
z$9f0NE`APSkb6EVY9V|okz5db6tk{2&v%Jw=_2t0t1K0F8B4wNGG6h#cGp<2Gx2Bf
zMMSDCKDvqrA(LW8G@GDFhSNQC;;xL1%zomN&&?{*Mx;+_Qot%t;}^;!_#((gSAS2@
z5qK6a7ON=8ZpV~OG?=d76w>kBzxKm%8e9xnGP?x2Hp3u>F@SqWn~CW9ju!K86*8&C
zTs7GCDu^l=w(GE72Ry$G69WpvvN{u)X5i%I>6w<w8P83)C*^my`LqzS04TCj2g0$Q
zi+w`>Oa95csw<$;MUbU>U{7`614;}>a^MnCT#aM~Lh}K<+VFs-HM)Z>pB<i2I>ZAp
zK0S%(%O}{(zb*ZlG4}?23$GD6lFmS}Zd-J{Q<o@Vm#ka1ZLYHIs#Uga+qP|6t8Cl0
zZQHg^_1C?3pL208GJimhk(uwD@kE6FMn<dWD(`@ysq-iT4TgeaLTGywfOP0LOJL2Y
zJG_T-PtyU;6v)CkHMql!K@f#8jZ$3iB7FJr!6jpiqHgS$KOfNFxscs16mlKTco6Av
z*ZKLCK8bSPbK@DCWwojcrNbdBllutf%0`+aRowbA{P8}l5k^G;Kw{nwuQ$*+$#tgz
ztYy{jqyqNIgD}@@wDb}n)J+OupF0fVFS^46E_c_}qA!N=PqP|DE1e3M5ab@Y#!Ru{
zWT=cLvUy9zNhAejKhDH#E;3m!qMRT)In~fW=DB`@jpl^-g!rO>Zep)i@Y>rrWdi-A
zji#IcrQf53lz@XK6uq+o=rY37C<PyS=Td5)f?0;UP~qC%?K9%i@3+fmA~v7rMmuZo
zr}Gnu;A)7NFX{{BTf+AYH^yshBY+4$8&6`e=r7dE5_`6iF_a2I=yoqxFCRPkq*LJh
z2RG^hHGnd)C(_W|tS)uK#=1L5(jK1^fh~JcS_}}`D_zzY9OgLagK|Fu%lz(S4}^(G
z1I_0l&=)LVRmLV@By+1J$u*<6uVrE=6kZBHox9VQnT_;|K;tEBej6<tpe48k^yvl<
zpY>Fh6wNA9?)HsX^y%_<U$$ypNN8zr<qs(}|2lm(GA%_nUJOpiKM)`WUJn9LAu9cA
zMp?glCPoG^uGT&XFpOSbSaM_ck)U@bJRD(Q8AGaA1w<nQ4e-YeJ#W&1QwvPzcg9J@
z9(X_xL3_*wx4AGR2U-_tRz%{!4W3=jUuZn|%0tc45|*cmS*)aY;Z~v$XK)P#F(dQO
z>rHCO&C@z@?5v(wFjy#bXCv`l4>+NuVq@Hrr|{kuC9IG=J2{0BV5~DrkxgM*ku%8v
zk<QTr!K9pvulu<)CM^fr+dQbFD)`#+fO>N)f>WCRV=Eb=VVJXalCMAgLUEHn>+gng
zAXG>D_L3;9z1^v<5e7jNBGmA3lnpVv%IkGeG@n@>p4ZD@P&JoyVs~H++Yy|jElD+Z
zH1=1ncPNU9^Q3zi1+%Ft*@QaH2gqiXarJAKAf}5cSIh;wnRqQ8ja@2qNcy-Wsg=*$
z5D%p@Fh0XZ_fR}(D$ua?9uKt&X-_B+w8R8dEn(FOn28&)4etx(zY$ii`OY!;yVK$P
z$#wr96+ZZff+Qk(aXF-BH_J9Ef`79H<iJ%oPm0G@wXm|Q?eUnl>+M(FIh(q1_i$7#
zv^o(Uhe|5(u~03ktZU;mu9iu!P(0=+SGCYp&1R%n%}672Ft4ZE2&{86^<<Nc;HM9G
zq1GsAGXnWx6)Tj}L>L!h2(%`P2w@sBkR3$e&R*l(OKy%FJ}zV;%dYAI6)m}La~htT
zPv^g8vbxBceFj3Wd&2Ato6;9;sA9id9YDiz`Lw7#U^otQCP&H?jQ`ynkk|ii4p4qK
z2Sz>Se?4Z{ctv*dPiCa%V@_nqHg~)D_wU5V?uvLo+ayuCbp%qEfi2TrHp==R@^5Or
ztfhx23554SK9nIdJf+*My8>&d1X}@P_&P2L!`XvD9LP4x=!mwC-R9$&J(s}b+BOe;
z-!>0L*5oA~^Q$VZvsPzo9F_g}ORO{?L6fUaS4Kb9+Y%yd-Kwj2xy7sIsqWW`1WDN-
z>8JFf7lkL9Ho>dJ5*iV+o+2wJF3I<X^V}R9IL{UU5WyePg}f6Bo9Gj)To^3rd6VgW
zI3T<e53iR0kNye2M*mdYh_NxOr^<;xKnI1u_A1gl`>zBnxuXfn0$wAJ_l6PfgtDh&
zKIb;W5Xv;2$HD43rE}%`YA(;dxo5mM?yu~<f0p=+xlx3rGZtn^JcV<Mf<}ebG|wKn
z{TWV<gIjs6N@xjA4yE%>0-a|3LH%205QJ;#g3Kp$tHPCzZqxlUq<85aMiI(YT**U`
zbq7Sn=Ek~381{hOvTTXVIru4^+>9n#9W>vWFnHcPewH7EvCf{Q!e<P&wrOe<a~PvB
z!uO%H%yyARScSqyJfBO%+qhT?q%BWMaRq38nq&D-%uf+xS)Uk<B$M4_GiB)VwV!oS
z%UN$bw#t;B<eYJPyb4BZst#w*zTJuY5wm!LDA5j30=UWEe*{x%r?4)c9B?=)w^+Rh
zM9tcreF#aNSp8-~D-$=w*qRr2Joe7Gfk;#>zq-y3J3PTtj`m5ky_QYEU9=w)6}HLN
z$8BlLAyg}{3~IN4Plja?u}8`nTRdGQ`yR8~J6Cxc(kbDlQRUWBw2}H9&y=t00*!0l
zQjpQ)U>D3a`ACKA1q@;dW@WnKo;hI7-5Sb{3}%{w-CT%F8ZwH}XY;~kipHm76k!?p
z#%DB~rM8s_qVN~Vj8kWOCCrEa2&MW}aIzfS%I7vwC8LG`T8zu03TPzPGEI<dy#{zQ
z$C`WmGhAybk6d7RZkS}Ho(+2ub<XEQF{HL5o&CeFg6Cv4Vz_9Nzfm0Tpd~+`&%8>Y
zG-CY6aV>(|aPC}(-r)As^^FP9OE(K;lq-9H)kRSs@wE?=JiUR3tt(*m#H)6R*-Q1!
z)?tS>*~5}Vl9+3=g;SMtM#Fh6XXioI@@h!YEAASvQkd078fs1RWxiw8@;uR$mXyRp
zCK^O^#^XuEPkMX)51DVFKBuPNWI6u#gSkU1J_hJF27akB$z_1ep-I3sb6F<K31LU>
z^aYxfO~I1>d?F98CWl{CI?mHfhI4}T^mfMBGsMw=9rW@7QIVT_WLQt+oJK8We<~@E
z!ZD!-Y?z&#Vp8~Q@h09r0a}_yXy6t!!?BL?D1aMleYm|Zr(l&nj0rI8a<tJzx^qBv
zV~omI8Rf>O?hap1(S4|1_uI1T+&)4)Li0-VSU%hC1Tgit%wg!#o0!VQr{1hd6wI2^
z`t1R|GY()0HE-bEEcXt{$K>AhY%x@j4^m#IF?ZejAp!cJZQq#UR6KpSoz^<&98Z|1
zPUO4pqgC4-(JH8ZnzYY2z2@qSs`_spOhwRps^)99YXWx=QdFSl2Wc7-NbTP#uA1^6
z_n6_yi!RSSmY;rgZNq_(V-Q#_{E5sRC4XsFL4#>f6BS)rjb<ohCl43OY@4{>m(mRr
zW|1+*zi(9wf(40>hTVt~ZT=vvI7BGXfnBh>eOX6^+OtEP2l*(o#=8}>=F4S%-ksxq
z4(bI&5+*_kd+?G5z#L5SG`CWKZ%VK={Eq3c#`SF4c%NbPC^7{OXoC6i)CKd?I{8&~
z#l$A?KMMK^|L3sal!~u1y^E?05PHoPW6}ah^@zr7gC1l*Nzvy`#3rk-L}&52{7GUB
zRs`hqy<-_%+#j<sRqS_Z&Z!Ps1hc&SF46T)JQjDA2n<Eo?dK-f<q6j1^(sf6>w@NL
zc<F4=q-YkW|9=79vHbrE=t07A#i;=iZ786GelVqb8Lt}tFYEdfmapX=iMTBeVQ)qe
znmBH;gU>w!^`80kR)|MHlJDdX#35e0Ir|VVP!K)c2zjgwsw9&|xvzhxNx!RcM&+fT
zY4bPVJTYgwM9XeGqozV{@dy4sT4l~ljp+Yh{hVR@U&q|U?7mu5&BL7q78uj`?finY
zkGhsHg$%z0Oq#riCf%oJcT`|lDv;3Ak-I3Mb~-F99dQax4OMPGXj!hq7U^uI7g{@e
zqjz1-*r8li!IwB;G{=8zj$`*t1-CQ5Aqn;7r#J4@QgwbMH~N%yTF@SVk($!tZ{m_T
zx`S%{u(eJZ(IxuaxO8d=(M!2v8hDno5~ApLEw;}+zVq#3S7tAr@Fg{Jh!VMxe7IU*
zh{!)a!dO?;mU{OFle8$$mDFVgzTMj~F(#P|9tudYjT6JcC-zP`6+x6?&@?&9n@ytS
zo|9B1%AP|Owj4|?ZNrO1?c>L7xhdewPzOtc@J$!3vy6%gT8S}L*UqVRruY#E2jsLD
zqe0f9)?50GDl_sLA#>`>od&MV%fsPlo{`<{A5M`k(u1o?ovYT<{0%^t0otrHRpWf@
z)aCsovO~T{Bm@40NNBT3aHZhd^@srCly7lC!<zf&Z`x=ftPH-R)|Hmqeh+WXOQ(iP
z0KI_DO^i0TbFT5Rb7@wzz`(|7#^l)fv)hUw{Svw#Et*azE+ha#j@1j&Q*AOE*8^=b
zCkIvx*PuEw`*H<la4Z?tLwUn^&AW03T_Vvb9M_yrTKOf1!m#g9i<`0XljIzW-n+}u
z$iaFWrHfuUj6qIuPEQIlMF<DW@g!XcJSyHNPdg2(X8RUZ8iWuIi10OhG3rh_w`e{t
zm|W*arKtrvF&^rmjkXyYGkCeI>cOq!_fHn*Wbv`QHO7gc<>bM5^eGxrOj(q2^sofk
zHGGP4Uy%664Qw2|4r{*?;>0(Z>R$a1hlAbCSl^cEkD^jBkJc}-$%Cc>d+0`-BnvPi
zMe+>UZb;IiGCiV|qxf+nDsfS@eB3O-<I=edPjo4_TGollUFjxYS{N3JOLmI>aH@Bo
z?Vc`me~}`8Vnm5Ohs&8(n&H=$nToXexE}?j-8d~+|4+s9^7UvVkDC9yTnR0+LLvO>
za$dR2NtyDZcuPE4Vn(xxOZT!kf6&5vCA<y4-<qw$eC-|&{*C^&XXPffY~1|sHEA?H
zYCTF=a9k=axA5!B?L2&{Ve8Jr615~lmv5(3Xg`~w7%%a`8l`x~1VkDFaH85|J~-r$
zALA3!1*WKhe433wu-H-C@;ia*MUmZfQ>6y2iSz(vinNicgh$XFfUn$V0Q8Q-o+ho=
zMGbPdaoSe?p#p@i*fZOUaP9zVu6{qBL);|5#_TMm`I5vCi+o7BPZ}^2<}^KNGuXw+
z&}SpF7TiS(bLbQ9vaMG0z&qT<ORX~Wjj!a6Z}{1-sC6!i_qh|LGqoxi7?pc4%=@Ws
zM(gRM_0_=kCs_*9;DP=3f6TXMfhSQWWQH%-wYrc6RcOxwbgUKdW5$<K;Ao55w{~4t
z5gW<_&{n0~q6Y$vU^MeNgycB?RE);sP8_Obs;MCIrOAnuKn9tE(#!d-8R2~Lo$^hy
z<#a(R0YFja;&LW81v8|nrfH1uYp812Znt9(?W|Gm1l`tn+ky+Ajk*`@vK_-Os&RGj
zYLx7r2|-345qW;It~Ux@=cZ8>n1pdG!I;#RL%y36mrf$9G@97mNVrMKl7A2HtGcGn
zO|uP1cr?8=D5;pF(+hIf_soAUD)gOJo@|TYP_6suH8<?|sWxB@vB$l89C*phP(a~W
zS9=f$T1vw}PY1t=hoVF@Q-wliWT5jerU8zg<B#wfEROt4ZwH<pMERqok@lM%(XO|5
zzB?{{9g>H3%njjvgQ(kIJm%md%{9KbTQo+*hmH04Sa1=8*HT%)4I{(WvEEq=$h*oU
z1r{l)zekW~+z(jC1bHj8drzIxi@3`NNn`4;tJI3ERevgQb`POyM;GF5M>~t$gNTi{
zY!RMZW=ijajv)OWbO%c`9H#Az#W52K0Nr3Y?+yOi`8&Q#v+)@31|q1d83NyJ+06EZ
z46n&ly1{{){So_u!FBEnf<%n?6NiE;U^?0#-PUeA7El;2lX06ny4Qp|sY}V<f^kQq
zi6wMAc>?G<#@lT0P^A{tKjh|iN{5{5<rbs@w^ij=kWta2*iU;OG?s)+cQ+gPx~@7c
zaZ&+evy8_P9~aAXrE&i@y8L0q>tP0=O8k6+mG&Of&Y7}%MwjkkYd$Y62hrW)EI&GA
zmCmY=+pp~IZ0Gg9EP?t!8AB%^1sHj@9wV4SNRdPoO|526#)*~QglKDlU=I~-;CpBo
z%~M&fI(;-sJ6l07NWQ6x8cnr&o`k01C;`3U&0ZwTJFUI)`OulEFx<;4Uj*=gt-pMp
zJ%V)5!{jA@5#>DzirMfAJHdV}eE?6@CWs}Ft!0-h?%3z;fJ)msGuQ7a3w^`eIx|cw
zmmhSj+sUN<Tr2Va1(nJlgSZW-lyfqPcFmc(^jehgj0iI`!jJf$L!_?`9lpmz^A2Th
zf^$K1_vKJhDj$;c{+mz|UsjW7o~#8nc<|^(O8ne_{ld>$v~ETvbAG7>9WnpJEVNO~
z{5IER^{$c{)(FwK`p`XnM0m{d@BkM*2oy9Pm+lfB$(x}cZn{Jr{zz0zyNNaB&vP4j
z)m)`S$Rosd5L}a^3qlgDzlXmmq9fm0P2VL7SDh#jeCRK&83Y#~?b<?aa|aPJ<7Skj
zQzhsWulBolda!kL4Fsv7I}q>en&m6eIuf_DPY>6iyp=0%VLZ=tBLO{c{^*|AFQeB4
zdF3AU36Y-tp5%8|`c_DM@TU;s^snP`g9K4~P{4Q~C=yuicVq2%G*u0Vf_`=3`gB<`
z-3e-&a_zUk)b{xdSh^aZ*>H=-m)TBwI7&_9y=1(H`^|-@l8f~k=DID}9<;%inv${+
z<y*tttmSKI_Qu8G`5)5CnyU-+BY$nU>#Mn%-)McQ^^talcAqQ}ZdVCFNR+q-?;Zo%
zfu8g)j`X&NDI_DIqgV0i@scTqb}t&8@KVKg(~xAhmL-R1j<@-SH(jh!6|2X0Khe&i
zJzcjQXee3hUu6+I;)bXj`n|b%2&>_&eOB0oq`xcbMH?B3u~buIBQm@y2b)b^R*TZ5
zoz_rPkd}xJJwzr-^OpNzV@vE}4@fXT{}|<C9*Yz(Uk4X@cC>DjZ-Bo+_iH6ICO<&g
zyNYFHhRBxf{flNi4H7)5XIiuKvAt0@R#jZM2c)cDg6N-x5L{EsZ4LWfU&7z7vGsp*
zEd+@j9PvW^2G*bc@)&%u7Tw6vm{@20V~oz63*=^KgQfW|N(}c^LWwlEC=)~AMok|m
zyE3kiM6$~~DlX3m1pJm~C2!tWLC=}8S7`nZn%;FOkIe-Z`N@__T1Q1CNk(Eq=I>?w
zvR8QMl|{2mDsQ$*C~5`A@q1_>9Qi#o#Qh!`V$fL8wn&yExRx*eC<Q>tiKl%KRGOmK
z-8(dfH>yRVT@v;0#}rUCBdF^mD%UMr(nl7bQq-Bn%A?TsnW=8r2gqY{weTkeF#t_V
z;WR*-N)$1;Wx%MjH)^0XiY{_Ksn;JFdB)74O);!X|6a`>c2O?BuQ1cP$QFI1^l=Xp
zhZEo!`aOQJ$2W3@Kn)YB=ZOz%$6`5v9scDM4112)vXzw|`EQP5M5h7g`Wudq)sr%7
zGcblycLnvWUO(Ty5U@9CE}tUmRs`rGX9%kLTj!azsp^5JrAlB;eOYK3{DEYy@eg$8
zQdn?3{oHSE;!3ROjL3&!;mColCD&zxo%`6Y1p&0HdQf76ww)k+uNit%f5Y255HDh@
zs_C{0ioi6r3#DhEIT^@p^-{|l7HUs_L!E)!$^`VT788BwAX^&xK)-`4ee$22PWNBn
z^BqLV0O`52%~ZWb>H4=+9>ozaOYc?>s||d*m`@VPg-mwytbBmHmv~?5cTLazs|vas
zdL830YP<L4Jwg#NT$wYC$6l%`)fRD0BpX_~11HQ-$1}#f6(<1_6CW7&v$APy>m%tt
zf5D8XDXky)#(0g-?>1V)o;|0m^1d>x|J<4r#7p3oo(5hvh0DD+C;0Xk^N01nrTyz!
z7bKuE(S67ErJL}T)XPv!H%e5GkqwUzB30&fC~ZXI$B@9dfpkOro1nC1yi<B({rKJK
zUY7^}zggRau1F8Wn;+Y4JTJE<P5Moy&i@ga3TjuWN!>wa4^F#JRAa<82^KwRJFBSw
z7qP}VGg8%ml6o6v(w7kInPss9k`MkU<-{siF#-O9tm=&)kzjBQ<tAFY|3^n#tKUr?
zD)zm-x9?@Fub()Cn7?$53*;xum+GLsaqmxCCJz2ynO1=xpjOU-JZ|i{o6<-@2G<eP
zVO`AjcbYGy!5ImrA9#e=8FOoIK#tNh9Nz5RL`#2M{mJ}1$7WH@(jIMShs2g=Y7NVO
zvuGcTJaTIr>DopQm_H)>Dhxp{-@B)BX%gWV(+}g%Xc3VI8Z=LVY7mh^?+V@H4&#7(
z_!|qHA4*oG^Meh~#P~>7tSfQUDb!<?Na!yAk^;TN-1WtVmrwEq&B4FJ9jbxvy*ef6
zxTYdRLXSin4pUg?5x)!@j#A(MIV?EcpirdXwt51(N+|tnLlz^4e6JkXwNm!#(hEgH
z787)WEeIy!H8#!)p>AJ42sn%=ZzG|SIzbP*QU*BTjY|<mc<WE)mkytXsl{QBavN(h
zP6!0F2<i+iMrS{HPgxE(!iA?p@VT=NHBo@Jr$0UQE4@^+DJ{5(*ISYLkfi&Orjy^-
zb^7y%iX&d%^-bV)Bp|>JM_)uBYHKv=!gqD^ZsERnUAa8G&#YvaWsdgHA-@NCw@b|Z
zxlBo-7+yHV{xOn9we6`il`G2ajAMO>etsyxmnGWnjF3W7HlBu-LlTszLwwp`yu-y!
z9Me8C=pcITR#Y4jCHIk@#!fk+?4+?EZ+HkU;nYE3+1N;9WjJYC?R1B}VbP!@|AAD6
zC_Qz46IOi2NIaD_Ca8ptG*yKZs2QeR3b=!@*9=c6>UYz4gJMZqPL0SpXOwdP-r}8M
zv@GwW!9KK2EUg!-(Yxg-{gVIIq077Q61}LuVLw}3*F9Mp=MrwC|74Fy5f=&O*t*|9
z-FXCujH!pMQ;ehj;g+mwbHZ+xTDAf}vtjg>g@bR7$*U?}THs21zGB)Ox+9v9rtkAH
z#e&g^^q1;JAxdK`5<Kh(+)?X`X48iwi<%YCw?L2^{$4It9jC~?6tp{x52cv}4LEu)
zN#0FzBVVJL(3p>V4%Bj8Q<^`>3)%5!9X{TsXvq6@4g=xg66)4BA-d<N0;ArH_md{(
zGupLiK3DxP6;+p=ci;}QNz=|N<bY{C^ML6(Y=-{+G%3JH5?}a<4RI9pN?nuur9d*}
z9latbeeB5HmkM3ZI;SI=7U&&HmQ*lG1C9(xtAeHhJbz;0q3OYSbuuu^{4Zit8=5fN
zoSQ8Ts(7xs7|w}Y59kO7`*dE{mh5z&k}sWoxqJ&!@upHA!Yp8R@g9GUL?5~67zgx1
zGq_fzv<g!sk**z^jO-4I1BaL>KzF;1qMItkfH1diQwbOa^$U$N-O$SEVNR@SGu!}8
zr{4%|Yml_D-9~<h-O-fT*E4j(?hK9)4X&Q=g@aqwa5>g*8kXwIf5VOCK0@|hq2{Ky
zb#*I!4(>>r#d8dMz5fk2juOA*Rg}DYK>NCk<r8Q-Js3cdLVDv)6)}cRYZgMz%~L0Z
zIp$ujB{-|v4i?W+_~EK{kz{yJ*1{EzXDRyCqOI{7H&Ed#mzM+O{W{=PIR|*0cHQ=1
z2X)r7OWhg_tnFrP#(+0C=>`07aF1i<%u_o43Cr*c<XJH<Sd1y>!S=>V?ccaHfbDR$
zAxiD3Ce<bhJSi!bMw}O$BUS@A7v>gc>5$MAb9A=a4S+V1rV0*XJL0n|3BR?06uO6K
z6wb*{)=81~Ddd6cIxwUD3hlIoL&1%k&<sc$U-0I2wO;xgG_>eAE4t{pnP=B^99cHM
zEce1M%RO-Rf>ol4YGj(7zB@&{POW0DZ9cPme0%PxoZY*YsVKXETD<+3Qtz-!v+p6N
zt=n2++Oj+JnI?R_ea<L{r}?^OyeT|*t-93{*qKk5p6irskv@C;j&}YtN8m|fd*KI}
zN$mQoLL65Ast^vYHDg<FLTLg5CFKwWF%n@6So(A3;+FHRoh)JW#(ys4N(8eVs^FYC
z7uC<VZ4rC@oQs27c)Ez2OAVLZqjHDypnoXQJQ8I~9&bOHALe%h=ARG9USA5vG<mS~
zS|H`U8mxJ>(FV=v+~_ptqM#+cD0oF1z&PFekpQVHK&^09V<m_ZKg^s1eY)yWDP+V2
zT{IO>;$_16Yrn#z1&O6|Xu|6y0B2i6BXo5IXB*BMnzle$D~OVtI%<0}S6vhu6`Hwd
zbtp7v^uIhB$W6*r3?)^cW+o#v$4v&5^ft8XCibhT{q?8Jl%7rA%&w^h{Hy4S1BdJR
zU>&y#tU`j-A5k$Qf}7nbqPMJ|;zLMmF$mWCmmoMGxy|`s%5!Mg&i+*(sB}Xr_C!r1
z^signEtj*T8Ek=KzWOSs2)<<rUE<TgM(b-WCSJ}g@{#p$q3Oh{;k1zIs(HR$RG|Hl
zEIcV)P6iuJT}_FV>thiORbi2$<oX-MHwJD=VOTF5Gb->Ux8_Hp(GzL`(OsmYjJUc?
z+Q8!g&r?Rix*l_YCDdV9-Iq`)*;pC3aO`&7$o_A@8E%C`>%>m`M2)M@*&NDLPd5o}
zgOoH~(Rv@YE^kEL<4lgMqPjo)0)~`RGYOHwgmLUY#AttBbcAZN0O)}`x1=b6d-Q6+
z7n*3&&!O493r;>5C$=H&vTB9ib!^}p-MUfFE|L!*2F#JL%&$u;pXbYB8;8Meuon?n
z6b6fTErvJpkuWjyF^t9yu!F@)4*usQ&PioptYm?3cZ?9<e6$HL%}W=x?19!hWT`Y<
zPRcfTA)v8N+#93U6A)kP^vL|AuZ`Vo6Q3|<P&eduTs@_3O_}q4JHOiW+LRhX5kA?P
zMZHQS6~me%GLb~zd7XFfgMn5LMy$ux8hc6~X-^H1Iuy=_v%e93MT=pywK(!6>m5Wt
zJv2*m9)k@y$5T=&ROXRm>wz}Gtx2kE_k|HI5HrJ`zGe-Um<u+P*hlIK+ekwhvHV;V
z{cqF<Xmm7mIgo+wumv!1F%9R(iFB3e*+_kz2598>uZ@>2?#PDge@WhUc}_YO9p-(6
zk`@~L@)t%P->EE;3&S#xHXAA-xFm3$-X^qZ022*)dmLuJsH-ojhTL0yUc=!5>p=}Q
zZ08k{=3k^&ThY!u8N`X>5rHwHr&?fp)2S*m7(04+d{BmY-*L#{XDw^@yo?Nxrk|>y
zRzrX0TgvQ+={|Cls}un*^DZ@<PJ!G&J#t(_6dBZ{(9p*+9kfebBYfqUYO-qJJJmQ2
zp&9U-Ip(;dqx@}B2aQ@NfkGqTu8Jk65wu2aQ{&)_wR7w3ikLwHi0BUe&KXb6r+Zu_
zyiQi)Zt0Q_%!FD4kXx$f1oWwN`1Zk6#kH=3(ti8>?u3IT5l$dDBhscg+(e2vf&}X5
z(>tq2R?+dBSH}M?RYh-;&KJL938o^b*cLa+`5Z4!yXB8>GETDG-z}M8yw!e{`X?(U
zRd{%Np)@hof{<4ck^)=4VS7;@iRb-}h+u*5tXnAyJoIEL5fA84i<QjQOGsMM@gbot
z^pvCT5uv9no<6r@t?x@s_o^};DW_FslO9K~nAwNPu=}u+<Py^99p<?|tk{QAUK4dR
z3(0{#Y@MoK{=ddKlIL-=cK+_Xnh4~~B!{fjWR|wMs8`r~5d1#X$5eAa&VgpFCU?)R
z!V3z_wb!8e!sTD$V2i<;C{YEpyb=^;v<$Oko6-|(Orx3m1I;1;gRC!&LA7Whp@}lg
z`Eq(J;)-c6V}_CQZ>N3+VT_k}^CC*;BJ($6u=JF4y38j;A4m(&V`2c(`dwm7uG44X
z0h#rDVx|7{D#F&y{Nvoe;}wQ49cy@Xyy({d#dWd!+xkipG%8aj5LC^juu+a^*U5r0
zUn^XQR?~w|@zg?_jWFANpTF?LwP#caMDM$i5=<>M85-}c#F+|E0KvRrEl4nG7_%CT
zciuDE=!@fz!MeB*FAYBjq_ZaXQVI4l?rm`4wDQ<O6A!99@ijIE5sEwHCl{}J$SN>w
z@?DK5y`{WLu5%8N5K2W7;~ncCAI@1n7I9MMm}wPr68E!FZq%?ODRhultn=344ZN-+
z{*Fc?5PemlQKiW3b=`}t3cxwI19;b2q$~fmMs!BuwLY2J4d1gZv?`&{K2lL_TT-_9
zx=^w?Dm=hgHK4+I;P-0uKXgqMz^*o96UYQXvG(NZ$F@19qv*62w5jM=m2q*b*F4e4
zzI54vpk*cNNH%6OtdrIkAZs^|yyRB=KhEey^BeZ_UuQI+@r*$u1fEnU1#C6kYesM%
z4!o+X)uJS6bmxn_+lKWjoC6a!j9<|zu(H(W<>f01q$b+TzTF@bC5<|eUGPifmr$_h
zpY5tdYC(b*<{T`zbU%n)$bSS49O*-4oCP;UEq(-OI!GhI0_s=fKo6|S{{jp2S!k{6
zQ}~T)&mNnb&Qs==a_S7_gSTD<2%_VQHj){+_&iq8MS`($eI}BMqapwU71VhgusL#J
zBv&lmrqqI%zq2;?Bdj1UpZq9QdyFS&AFZR*q;74gqEFzrp$#J<o-ul|&V%d-yJ(lg
z$~P1u8-U6NVR0_7|EX@45#DzKvv*=3Mx;nZON2tRq5Km7&#HbP<`G`G-2NwsYaN@=
z92#!9=<^0Fp_-OX`UK`x1UzoQB==%F+hoC~;k-=Bk7cBm>YS$g^=qaUk%7HD63nny
zY=;QD3?X?SCNP%A>V*y0NIY8IyveN)^i0PO3FzqqMsEO?TlE^9j=$*?5133f$DJ4O
z`+H$UD9c8oReftx)Mo%G3natQmYk#ah|<rl1LYB}Mi;hAO5f_?=N3NvuSIbd??W6S
ztoL7u(@80B@WtjYZCqXcU$pTNiNB~{2{V*IPM(E`tIZIyeiXw;^6qW7u|CGmC($lg
z$NLedUeB$PX11z6)(Ak6$=Eu?#M-8xD^~k)u-76=ftH^*M<%t`<&1X-CbfdQ)@OBR
z)UFM6A^-(-2qqH7ItSc$-hV<tX?E}Dj0JYO|6jQAo<)D&PE3#onZyg%EX)zUq2i-*
z?7cOL82Q}Vbl~$+_wd`_Ohz{CaSke8^kmEawj3oB=5}r+xPuk^WCPgmA4WK$#M2}|
zRX11>A-L+?UHX3Dq!NOMQ<@=4?8Qm!D0yhcT}iS3YRgDnrihc|dTCfA;q^`5x#SK<
zH`uGKQ9BZgI7Zd&p<TvlGti&S6Jnu^14LhS35<$CjNkA1Tlf=%QJ0L{$T6GPUkY%Z
zq@x)(On4`cs+9HahsfVA)#0#ZClT{62mFjWWFc@bh_i3O4&yRYX$61*e_<9<%l39Z
zAZ!AF9m3c9o2A!hNK9vs*~Fz{v1tjs4O3+quYz@J*eq2M_Ta&rJc$2}+;I&uk*;69
zSb}}-2)?X6C9@DV=93P_tS}Z5N%!+>>|i8NUQ<S>Kr=JAOM8i_yDJOnSUpsjL;6pX
zo$u?^QNp1?UBsa9#sRk-CQ6kf)H94D@<JCSr5bbHmH_k3s!`<XHc3WHj8_s52qo0u
zH4-AKDkI^9q96Gu;Y^EoDIyySf!aAseN$m}pi7TiP7J*GI}5acQ53hEj}Ot-Fd)<Z
zXf7h5t98E;)-d1-(-!tJ;*2#}^8U*0xkJq@wZ6OrjL4`BEVYgkf0HB?Fq&1M0Z(-y
zA)+p?FJTw@0j&{We;z@T(0xz>I@=w>_KjJJ5q!30fTN_H4WutgOAu9LKgBW!cw-$K
zMaC9~JT_~0$ts$N{pzy5W~lX#!0K{o=B#gHq+);1`MbERz=~*|6XJf+{Ow}72{R34
zCmUZc`YCMn3%E|`n7!SX5xs)rRMVfvN6Cqnt@p1y*RGwVJXj5|lC7#i{Di^9d&dgu
zb$1?{&og5jU6v_b_FLJ`8l+G10Q55@5mY8ax~^yw37%#o<z>3hQP}{@BIV=zrnClq
z31ldi=##3#vf9hse-Fnd+gx?;&|(}NKe`LoI}V>br<}`8pN_;*twht%PbL8fXw=6B
zT%Ma5QsAOE^^L<WYrp<dbieZmw)z_`!OoWxwn0a1n~RN^NGe?HeJDXWl<PshR{_>7
z_!U%aL-n!3&Z~PpX6EdoQPfNsAAv2<ys>qC<A`Ek>4VWf4|@89KS8lc{-`=bl;P~t
z*C*rHxLJB29|q|%pt|APc%@%|t^NN8*EZKlmdG$+AmUfNy^W8f;nWrGhe|<eJ1B%3
z&{3HBwnNnVkY7n;9bGY~j%8RtMIp%OkS0i_eUvEH8!#cP(Gbc`DmRC?8fx>YXMJM7
z5@3u1W?X(K=`oF{$`NFs_CA{$pm#wGsvF*?0is{-pnZ{_TT(p@{-v~|p^N1~M8X3?
zIMx~Ud|{I9uhtrBF_b$QO(~|`exxzem60?W<ZfYgf-#{t&JkY<kM^@vB*E3D+9j$r
z!JIxKNqOni25B>dUx1juh4JwZ@q3Q&HOu;5336B?$U@`y=fTeDn_+aId^rvTkEyV5
zgYGP1K%tUHvR}fG_IQH$MVUUG2m9C}J}-wFOl9$XTF$hEf{X7s$xi9|wddN1)L*tD
zyr@s2LBS^a<m$n!n07t&rtF8=A$=ZBYF1d>iK-?-377S|B2K4kReL~9R~<vTo}W>%
zpI!2UY2_lWO7mOJUD(DZtRfPs=V3nyJ){ozaEe}*vzuPX@8^N?*B^KX;&R(;b?c7(
z94G&m*1p@3yM#PgTVnn;AiU_@)2$@l9hJ?NTWFvD4HN>jA{%vL5rud<hS1+w$0c+M
zkZR)KABJRv^X2-yx^>mws3ur=XX*u$xxR-WE(e@jsrr}om4w%tU>&4HJnTO*2A)sv
zh3_%75dY#(H)%6xd1X&>D<UK_5#Zys+8(&y(YtqH1)rpOxJZ_pr_s4q2N^Y7%wJoH
zq_yCP7Sxo}r@iXl*PV5%p8==nG1sq>!|LACVyj}^dbN13k45J=F=W;qKR~+HXwN*!
zSX=H_FdQD7K$xv?6JUof8@`tI-~}pNsFC@%>?+R0YOI(agBe$Up&hRA2C71H*c?mG
zj%8XLNTXa0;yods@wkb-`^oS2E-q95ic{08pq(Quu4oN&_;BvkjL24m=f0Z=nqBC^
z(@++8v+eKLXTC8ju_e3YMu0s`NNG=kieO{Ms|(z0@O`L3bTl7ZdpnkVASZrg2)yO@
zWbOepon(^W9|b_})&3n7#W7T~TD001pWpten;v+?-=Ql%l0c*bxXw?L&M?D>wS@26
z?QcyULI`MWFtodU#U{;ZO_5#JX94mL=dG<!R$?<2jYv3no5P8Tbz5g`hL6l3vPaKP
z3}i+B(&h_T(e1pGQ#X|0CF`w7?WaDA0h#Hn-M_hTe1qc(`DvA}jgMSqnAI3oI&2b@
z`(ZCl%s%+Uug|;C?-|=~rz)83y8B+7gKW$J-J<g-1bVs?y9u<sH=Ni!9^Yq}AJ?DI
z8~lqO=&P~s?}L+_OTLfqx9^3U9^dx?_#JMa`^&Wj(;c_imX@ndK-tOvsW{s!W`4eS
z|Dv)c;pX2r!obVIDR$dgV??-l2c_(~s~3747yYHf8B7s6Zz~9Zyqp2-qR`2J$Z&}e
z$$(z<_Do?&)Vz+|l_mX2?OY<dD0V5TGQA2`86tl`SKxHMdb%Kvg~U(NpBvor@A>o<
z)2_>*0mpYhvGN*e`k_Zk;WKAq^L5J_&kNhFE;&%}v>~ef+Tl#C!pzMwZWr)<qgICe
zNd6vP{@eoP(4ci?R|nWls}jd|yMDPf{#ZS}`VaOr#q#3HxBdytE-o0)2zUi7_qtW1
z`<+0&_M9Kl+%k567wxqNIW74rbwR$yZ8s+Z6T`nh(%*3>Qo3!fA4F7Gv_mRD*gr$A
z926jYr?!uvt#vUnGF1pAu|k4)|9JL{3VS65RzoK_l27k?<OWYjl2VvKt(x{ZC_oMf
zB_0&S%F0UeHD2IY06IW{k66wUEqsm7lxvR~fEwVY9#nhRBwbY0uC-_IwZn>B1hqpc
z1SDiQ{e-(hz7k)(Ce?(6#=JUKLuB<MdwffQRy#b$oyeoaZ#d@qP|{-ONaXOk;LTM3
zm4iEo^edU|&7BCLowp(V2Gz<xY;K*+)rXE$fNSB|b?~|odZasH^!=lltbg5v*x~=v
zqt^rI5wJFb{7#m&ns#c>I-InRP8A0~V!-W2S1@6P=tH&g03Gv_y-0Eo*qKV60KybS
zGf+reE7*iHIeguvk(}Vp3dw=RVwT8mxv1r)_`vQ)vJ;*edm`MTc1Dk^TZnV0*B`MJ
zznfT5j|Wd6b5~XEHfDRcs~4s2g&02+8(WQ3<zVOF4OJ{$NT0#e36oqW51#Rg;@|e4
z@&)12M^%bXol+%FbbivZBC&~ttr$oK@CDTTkvkkbC3cy>NJ2@IR08j5dahH9UY^1!
zAt6PP$hVe=lbU2Y3nL<d<do3hQpG~5qu+;!S;iD!_9?5AlXKKA&dG*YS>C?<S1boj
z01ZHxL6SeC#8}b9UO_h;#jWCuXjFm6(B{{5V1O;g(=FuRE~4*^!e0}Nk4Mn8^|ZE!
zStQ7faImo8UUClZ{7%3h@U&c9Z*~u3_6*S)WqU5UEybH%owxAuR6G}$Ump@t11LqI
z#cfehzoNz4AgnJ5E!@LJZ8B7pBCQYmH1JV-R)%!lwec|6OF5@VsfazzH&9{JC$Pq1
zslUU~H|KseG8jyMGYmhlr;M^Alrj02DWPWazjC&mw|{f^yJYPhP=~FqapjeCma}=O
z4j`Ej2gGlc>-Q-Y2;GN{O%TMz8`d@W+Nri|vo!y;j6b{T8trytPO-A2U9tA=^u{f(
z6)}x3KZ*fX5x37co@o#7X@Npg9gaH!5W~`kk7f^x6_}iMKd<-jaQ<1&mCgG;r`fH1
zx<@jDlND-*h)Ea#g5C)mh|Yp|7{X{XR??~O#vacyyqIsUvZ4-Q;lB=t7LvV&@0fsS
zsGA5JSVj%I1k=<!ES8J)<k^%Pwu0kh|J=PD$OYjmESuldAO;U~04Z4qvE&$6Z0?4l
zbKV~F(Z}Oq<{O3-!ALt+7x(5<U0pnrk0rG&0z-YuF1*G8f6#4&^yxGA_3wg94v9vo
zfa7ps4#m+-J^!t8ia#*f&OnEC50f-stko2!8SWAOYbVOmL%64ZA(Pn38(J~;^s3rP
z#Dp%nfV$}{64>X=E}Hxtpe>*89%6j<s=ovWgd9)B6R{{jXWACdx*`Hc%p~0W5b59}
zUwu{R{O%jR^EQ(bqnqFK?t67}!{_~7c=+@5c(-tq{j)-w@$lpDt*iV~(_g@L|Ew`H
zRKX7arOoaduG=^`mZ7S;H&V`}I#t@_qqSeMX<l)=2h3zk!=umOo`f^FXCYtsLMdC#
zCQuta&m910^ddjTJ}~3wQ*|pu(p<smL~&Zmco_~sT7ITS4}2$I!0oZ$^S>$cdUI17
zzbW%P`}`m**pwVwE0b)ZBZv}CI=kl{PhnKsc<R7GzJ*ciM;B3eQq#iYZDQfaT7}<A
zv<ft@{$7Sp;1oqhsPw9rw#am<E!X1?aCwUQfEo;&Ww~3g`R^B&|E|Oj4RICy*Q!4^
zlHC4D(T({fE>EuQ56uH*N28ta5Jdz-V}0%1?)=QSK2=n$;5%RFBKrc)TU9u88d{P$
zfHaNt|EiBM|ElUE(^J?_BxQ>t@{~=BDGhM%eVv@DA!m+0`Y3BGEM%v*I5WhDBJ<|j
zYj;A)|CU@X`-GhL$?$jr!u6A8KuWhi0<PR_=Y)RmVD!$yAr3r+XX-VGxvNo#LHuQG
zEW~o4FSAfyNm$4eCI9TbPu;o7!%3=6Q6s1?z)9TWg@J0uv=#iVR?&X!aza)u)3^MR
z28LxeMb~ZF8p7LGMK!U!%v+Y<FuY<{k!kP|S#y?_e#(2*asQ)d49Yja$gN+RCpmp(
z=2{f#7cY4R6em*)(<Tig%Ac68QlZoUV1FKVZqL^?s@rou$<yOel$05tXro{tC=w+u
z=6hHW>68{1ZIhty2dyDK#5x+(m(e~pfEy1M*yNfJgqskES8It3xe8#3RTS_W?bSnz
z9t~;1Lm@*%N2?j<$OgosMqWU0h9)LJ_9yMtYWjfEfkAPmVJ?IDff)35?v(ud4iQ|Q
zbM*nN!fBVMKi}eK=O+_xcN!M$(e#}U`jam;aGhbt0UW4&0>iWCO}tVbDh^4{+{iRI
zTA0cAk32X9{WD!vbd7Lymh?RmZuX8ASS>fMjl~qiY{GGwc=MUSqcc?Gx^nX?QXEi0
z#udqmGWYxs)QM|vHgIDPYYEBH%znf3&`Ag#=Z;n8im0G+*}HXBi=Ru<+^N=11RW!o
zmZ<e*;us>D?L20*a@;@#5ZlY=-b^u`caHWuQ30G&;d&awtXsDnyp2(4F|g*!Qqh^d
z;fOuPB$j!$K=6%i{xEk}G27Qa`XV5OdZ@V*iUdGwpj-%7EF<EA$m;s&cOG9cOYha$
zmh30YW*Zb=-$-tYiJP0<!ewu*K7+dP*;(Vq{um=$P;vQT^lxCZ7>N0}Jtd3F<ss<<
z_DA(D*}S_2+cuye)W?;%V}#)y$d)yh229ho5}Xvat5uV`^4&_}vKE{(OA5rWsoIp1
zh%?N-8!0ChKZ9+Q)j$%grX+Qtf3b|StdN1`3IXHIO#%NzrkguayaL5bYGIWNyQ^qB
zqAPYJz0VT{(z(|Z%HCaS^=Lu#0Wyw3D}FOqFoV8VfA(ioaDbcPiA$zQjP<a@BPU?5
z>wzWSex7z-x+lFGAo*=+61u$DZHMU30mtk)a>SO1kzz%=s&#<;Cvs3}w5#w@n!giW
z4az&q@O@Y=Sk8-ezng`zKw#-s(X9t`KDg9C;@wRjm`9n^W7@HIU5aF21B+=o)~f^9
z4(cm9)tAo)O*AkVZLcCu+d(lqTlT@X?v6UsRVA7NqF|*$K9Mk<n8~ZmK^dp#+COSC
zI)1JWzRRwCbC--Y8`?9-LbR#63uqYgN<S*jdX))^@TnacTX-hT5vKGPvd91By75i9
zLNuLltNo2)fHJ6NLzgim8W3e5ftBr?|F?eHPtXN<I4m!~A|t9Q(G~0?it!jqE6U`X
zUUcw^^>VorWxEdotQ&Hw$9)K%95Y7j{7LgA+u-!`eftG%%b5ER#+sBot(v!cAexc5
zgGXWb(y2`U6Z=&77(?}CoM!9XsyC76X0F}|VUqk!TjlJHp1SP8WnPu6Uvb8pMgU?B
zVO~$9h(w8etUyNfWuF`nU$j{Z#9lp3k-Y3(*0{1ywfCg9uyHspQbGTRr|ddI3sfmF
z_zdlKK?_W*(JUz<q`1AtkL^Acpe$&r`VZF73&pY799UCjZLVCW<6};$?`6c$z>gE$
zV;ARa4T~<Q?PzxY&DDbV$Y)tDM~~M@>dohUwr;oCG~LeI5u3w-i_cq?OZ{d^LQalA
zk{8n0D<a)k-y9>F>keWrHxh;qHSYOv!JO-O?uh#*`g*q8r=o!CsR3jknl9v81FV<B
zGOs@yV9@5;8QHj<?dsLQSmtz2w%==_kdBzb;<eMC)b?c>#A)HtA|ww2-azd_L!13W
z>VR?xDz_D$uI_Yl8!)5K{}f%wIayw6{gz-|;DB+>5xoO+Lwnlm(=ASlzn9@u_Vy9f
z19115JE>4xi#s!Jkayg>;Mvbq{i7$f7wFymUfsJf%_sd6o=>)YtOOTQ$8aZozBNoG
z!3c^@?vFiy`esdQunO^VsCOV6jPsaMfv}*d7i!`&yb9YFbtkXv&lxGVQ6%hH6kSml
zK%G0ADIb9}Wq!p!k`}7L3N%SvQlm{O4~;f4tLs-;_{QJl$)iu)CeJBOR1rbKPJuZ7
z<nz&T47P2OEZRg-zoOG<t|ieo%lfZ+@Xw&@L;>Pr`JeX*_|kzL23xd{WmZ%7z@u}Y
z`*ITwIsv=M`A1TjW6$lw-5|2MLkcE;Czn*g=GB07z;=7+_P{e%eQS$Zy!mt|m-9wL
z?2O`tl(d-6E82Eq+hbYxXh|z2ORoxf0{4b!@UaaS-LZ^0B1`I-PwPj=D=w}!jDs4M
z;Z|%*fIXSj$|2(^9C<NJ5t#HFTo=~ktiuG*aKAqx&@AuCqt9?QsAW{<z3!Keyb@yE
z9KbxkxvoSx8GHx6>@->1S!mUH95h)cjdn87zc*hSnoakLG(FiTd+s->(%x$vV3Rvx
z_dom!>r%V0v%f`13|wR1Gwk^VZ!yPgPfpCa8G9T~6P=)8`xlayc#U#MPeoM#g8=M(
z3TQReReWa~a*9If*Hd{McL^AA7(T)vq=w?8#Cs?C2p}A@kM{FnPFzHPS0ECZL-dYH
z&&LABRM?iZcE8%i1CC3doyoH?6yAM0N!z}-fo*pCX9`zViC!L&zG61&_ivw7BqqrW
zB0dd9m9PVdvkR;xl=uxMj4?**9|=32kjtoV@v;LurO&u$k6P5fmN8jP-v3SIG*sQ!
z!MHQ}EY_lIWjr<rjKd|F6zYS@QtB8_pc?ZT7?2ep`(oCo^ZCo1)3+Dbg;yMSMT%>w
zVs{}s8%x~AVPoRn)_xUY^QPFFPlcOXsnRix)WV=1cpY8zZaY99`#TTV9F$$EVFRi3
zh$WVC!W8z!1zLAe4&t}WgR4xDawibO20y)aL%CD@0m^j1UR2puSM@;dTH6rmT&JRW
zDbdsND+a_S`K^OUP2qDiE6(VX!InHXI_z|PRXRj^cLzr6{Hv*Sma<9X^y9Cz-ko&S
zXbfRPBs7D9CRA?JG};i#@oZy1tDFt(y1lz?4-Uxwsot3ehUnWWL{zkogC^vK@oqN?
zY2Xn?Lu|PYKefHooFbd*lO)*ISC`*e{EuL}MfHb^O1-E-8Oi>~d-V}!Ni0nB6%0GH
z4WF0tqV-=R?6npT_sO|_6X?nLo)!;QhU3#~MY~69;}ETNouuaFJX)&8k9i~qQE7H%
z(n|};&ebNoch^aHZ2n?K=}?jQw`GyIPp;qKd={v4hkKGFTg$~P79H!2v5Q4$FbB45
zbV~DB+1*gJr&Z%PYppA;BvqwWfMx3LI*1Q#pR=|mai6nhzj5lWhV2V!AIrZLn;yw%
z=J<G<foSL0`RI3Tu$%Sjmp{bK6T4g8(5a>!v(34t?0j9}L+#9yFLhhfO4g)0Aw#T<
zzr%z;YN0rD%lERer49azY;qMQ0;5#+qNT;fF!OrXgrAND9Mc&-$K)Y>BH*ah7u17W
zWHE+TSNisS-kKc>QXJF1$kz@6{3d??S3}{ZE95<w$_3J)q9f$Jc7Rva#5-^+$Qv#H
zcb9Bj%}*5--}mn_XzrDHzw*f}Ws)MfL+xuc7Gc%#27a<I_qXmUd3;vtCh<QR9q$*g
zKP_1_Kc|DD5d^)eVqG<l3*326fac|mM-K00xyZ6mKOZ-L6HN9jt~~=Id?^qj5jtQy
z5vhIM3TPPciM8u7@y(p}LwQNNeaL<;|7#<JO8WYB0DnalvHLJg6wTQ;6ASToov+7U
z+VZFXQ<4J}1FY5dz|rL>)@F@pQ!i#@HiyqM<hLz(;3f9yrzjV1!1iON+qe7Y@#7}<
z`*wgWHkbQb|L2Tt`(WE;ZT{CRdFH+Y&|wGJQdy_Fa-(ZbwU<T!WEZs8H>Mw9E9^)u
zS`0@gIXG}HWZ~Wmcerwd8)w=vI1p;~mr&%?-zKwcmEFz-%94DS{de`V^Pknv3j+P{
zf31E7FW+YxbB7*Me!|tsXEj#*xsPsuK%-6k*tZj`xf#v}jvopj?0vJO$|r_%27*ta
zcA-iy?0(afs#k+HzF!SHX`iV9iDu$CJ8ugR>&F+A5vJcP{`B2e<HtVdM&t3twPNFY
zb6UV7xDg;f>;Ad3SVNT|2tgZ(;b5WL7dj{oWhVOq?~&!3_<;#z_N@AT1pAKs?u1b-
zJvo#-Lb+j-sds(*6U?vp?*v2QP2ig%dq}JWbvFK_jW(_)uiQofB1o;JQ#`zFV9Jd5
zoly}}9peiH*GXhs{x}%JFxp(VO}w5y2r7Z!R&mz>VEL6C2(5S%Ehd=0AKN7}qBX<d
zPYhLZeg;+YzC_Vyx<nCyLmm(XB~m=I29D<9n{7)On*&yTHGt-L-(aFE8RYlJ(U~Vt
z{0ng_$=nh&doDDL8~$%%Jis1}u#)yoXEZ}lkw3Wy5^K~cePUbkZ|qeS)msT+g&kfH
z=Jr}_Xo-gd3WkJ9XFaNUrkBDbE)i!EUhx_|^s8D2cm(~Tk9glkt+#M-#sRVwbFYkn
z3sQsSOQG}F4|+q8e6M8)V9kX&(E8EOSBY#7-NcV9KHvBD*l(S#%(v^kukbe=@4L1o
zP(*_zr@w0O?#KT_+dFnyx;5IC8MYl6w(SgL*tTt(8AgU}+qP}nwr$ng`#tv*ZnfL)
zhpG?j`2nl7g*nF<y~nxayci10%B?Bn59OHLX}QY1-c~h24oXXo7+MK}cH??_HR^O>
ztcvjw7_1cJb87;*Lc%g<LHQ&ybj)LNMEaS@7~T}mVK$6@{DtN!{Dg9%;$9D$Cc-1h
z%|-4&15U+Rj#xQV>xB}PR6s!Sk>!OPPN@D|pRZ!1*5py-$G3>_A5+=3wM>XBbuIG~
zEwhG?VU9i5Ug@v(2rBbdfp+yw@yNdQ{)3L>%WZ_{`s+@{P(m`eEfEVm6?$Ug7aheX
z|FJ?~G``BXFIWtWd>ALv%kfxjetlR{sbps8x$$Agx&cKouPZYMOCsX!g>$J^#P#co
z<5OM2eu)V)0NIYZ-|ZKgbY;p^z8qnygo%6(@|^p!eP;%^;x|Mq)zDB$Zcl&dY9<(&
zqB|kS7_#yfI!ZjEc_WL~^gWlJkRJ@*O10>4#bw_xsn{nGk;B2Y;m(nB2AUesqGN+}
zRd5<Hnv+$8HBR84<hZk8MX<}08TMKyXGa1_Hqhkj56lKyp;0UOD*!}kv|{d~9MxHc
zo4M=_`xm>l;U^z#h^o97in%}gq?q_*l#C2{3K7_0pzL0-=Utd9-?pSK#W327k{q|D
zKMV7*0NCxK0;Z)+Fd^O&qu=J#E6+^uTKcKkfT|$zga8GXAW?)uvg;%ZjpE;{tn0NT
z)(WEC#}U2r>2bC=`HER$&!jrpP$VIb1r2AR{X7eV7OVw9KnOf-fiV?zc%kMKyJY;W
z9=1@N{^INM;sf~psV66WpZ>bP&iphbpIr6H_$)T~j*a$SPQvG`Ho50q`cBaFJjkYY
z!E1aFfsxgZ+i1%Fe66bFa&T<p8J65(Gkg_zP1orvy<wdut=oG<&+!4KChacrC0D0n
zn*0t^HG-IfK@9YEiq*byua^vV-`v&Y%O4&H_*5HO+z|d1!VF(}6d^dp@sRj4B#bG&
zhjXkDRSeoET=6?j8$zur7UpOi`KYW7wn-zikD-h6HksFQlHokFzNU#=OMmunJ=v@8
zLj*rC@hI|l#Pj6wQ7O(e>n{#AKneh1x6znJO}s7j)>eQYp%PvyOK=z<NgP=K{y3Eu
zCNEm42g{DXsS_YYscE+_+x49e9YTVm%iBD3NxarxGTJ#7V$M@Z?wp7s?R#J3655AZ
z=qq0hGB+>3M3?hNQ~pE0)yl!GsWqtB4rcqdmjcN$M!{kh?MojVQn=l7NtM1+TWbI2
zH(bpXDK~ATVq4UM?(dts#3f^m3fxvN`+G@?;_+C|O}p?(gh+&H+uN<KR+UbbsA~)F
z!};Y80-N@Ek58~hoy@mvWsgxG4PB6hs&DtV{(94B$+v9scRp^{w`^?|Y2~{T5vT|4
zFV!y`O1?WrE$A!c+st|7Pv=G<XjV+hkfnLZL&p;dLg()>3&KZ1Wkw}z@%fJuU07#6
zj~Db)5coa2MvAyt-FXf!vWE;)fn;M`hIp8cn!!2&A+l;66|qY#`ZhJpl=vz6tc8>R
zy6`IhSF70A`|pKU>mMq`%p}L%g&W;;s@4n{G1g)f2d-ScL>V!CjZ!qC!g}3mj4{vk
zlYq27Q%ehtTZ-j4t+2nDo`j=Zdd>n*BI?`dH0g_Fd=@HiN%Ck6*F?Va3FjiR234~o
zs*-cLYWDTv;i;aQd-T7pYN*591h)0`+4`JXYJd^n%bY3t%i2G?u*;1{2@5*100i`j
zZ8a;E#W*CIYH0^B_9}MW?7$*5vuI<XNovG0+{P!C$}aKu6HwXBeOf-?fJ3LAUQqD<
z4||p;rWH@uTPR0%Ze>5BnK0QJ8bf9{RwvyQ=CC_i6(NC}Guj6G`*89&!V942h`JyQ
ze=py&@<jz+@<ms?X%(1J5ms64ks<MdpJoqsXt5Y)F~tzp6Yyqny|FjemjHj8*+tbx
zVL}%iSRXX`hn&jcosc>mN3-M(lpvO9Oj7SJ|15Lt9Fr87So#hi`ZU%dD2PF>Sdg#g
zHVduE(-_TiJ63dF%RiPPi~N#N^<`t^7XiP%MipqF*$#vwYANF$7*aDGvd&>>k~J#g
zSAFi5pUOJVp3E9?J%6KX(w$oBjxGOSR_skt90NgFPE)n;z40Cmy1a3TMs~YXVsaub
z*>fCA6l7@_VMJk9g<>(3g`DpA@TaIKAiUDDc~ztX%8dd>C~uJny+tS4n}M1A7C<v6
zzlLuY$c^YYuFS{KSfVQ6dWDH5OKJ^n5rZ*c2u_b>krH@TDB$X!%8V!H9bIy2W;BC?
zFh@=dpDg+c(BBLJKB#g#!N>SU;(dVt{!u&$Ok&jvJ36&+`V>7$wcj0B@HiI<9dx{p
zF<;WphF|odb)%vSE{T^y95<bc3vb(TQ<o9EeV1>B@K-MQ`~FVSH;)tVRsW*+M)ghd
z+U`Jd3msKB@yyrYHuRc6Fuw>=T$IUIlpn_fU-)ksCq)DqRl>lKIlAv*Y;x3|*$I8p
zs`Vu|@YoGLR}6cGf|TeW@hiO+L`cxi(UzBRy6K#nYJ5&-mHaDLgY%>Xj8SsBa3kh8
zGRe^+??kvm3K|7gS^oKng;q?z6}`~-7AC5@X7NBe<HKcEc9V%r5xP~V?6qrwh?C{F
z?>H*S%?Ftg*pDjBZ|R$(f9X2*MBEOTeZ?m{UJt*a|ElDDDDOc%`MyRf%B(5HE&_cl
z>s8nD7OJ`p1>~Fcm|GpnQ~65?m;D!9r@|vkoV+~^uA?#J)cG#l7*D-sQVVSvdwEei
z(B)4rv$cNU&pQOSIQJ(!?N6RZj^gjkFk)e0OGjhVdLtNVJvwt6ie%#Xv!eZtbkwoS
zumLNjGN{Qqcv2!UUImudEX5CkXc8lHamGlr*Z{}w%xMOy!dcwCWrtlZ8^!mNev?Ym
z^A>C8gk}xF)^m-9)5Qz1siVRuSW8mZWpOrA(?3h1SGjBsvd*#XVS~*Jf;Oc=8}1$8
ztTAxs_^#GD<yZEelZFA24dv<Ac~iAeF6<SyUd@X$?dMqAhi_c%DGPL0h|v=Z<iU?&
zlg^C60_n9@rkY?2dB7#kn-cG1+2_ii4dpN9+Lw-<64^;Jb>%na8k_TFb;Yd-wkorZ
zFfN+$R9WC?+;F`HN{TCX$z+XzxJx+*I7@bF`_x0&WRKpHmY-=G3i;UGY>$5;E#9$l
z6Br$rz5Ld~46Aen8fnu?j998K<t?omD?Zi_RK+rRXx4uzHua4EknW-iCB;Ylw&X$R
zZ#?g9s(Sq$rJ>=~wdRsNa^-w~Br#>vdSKO0S$@wGP%UX%VUuvm_>*=avFQ^fp=r`q
z;4+hSnP%mLKuT>5p8V*tjWOMEGq`G^lZ$zM6!Zvwa^1<i$tat4BdvLV#p*QB+D4t-
z(Y8tN0Zu!^)6U_F$JMyGyq*xJZ8P%{_KByJdpmdje#mCpM5Nzj*%W2c&NCz}?yQY6
zRTEV1XDo&3DH1to&y!d`%kv;=u-?}&Hx)!Eo4aKgvvDe&t{Qq$d$_@E5+$|PQ((8i
zQ($$s^Pvx-PmySw4e;Nk4+K7L@3)6hZ_e-j`RixxuMlmP<nMW7ml7kF8NAOYg<m7l
zWv94f`b_TL5SPgk{t$m=GfEaozNN-T@f)h~S}qX4R7|3-zTF&zj|!G2iU(UrX*YgM
zfvvg~zC#IfdF=_^wmA5ubeJ<HNG;SWCJG*%95x$4weEP!1QBVXvO0`PYUe?(YUPFT
z+2%pR^~)7Of3gaQCbWr%5heDT*Nd&`iy#}hXbZnU?8c1JTJ*)m0N7Cq#_ytb?s?P`
z@NRyyp#PAg2<nQ&n$HBe<T(|vDa3@anrR4JwfFi{6k<-aOE=&g6p#7ER*`hG&R&aK
zy@L{xn$qk`El&g2Ar5P)kRua-OSTOoKnRw!Jc+|b3mdWL0lUuAsZOr!d0|9n=hHd3
zdVs4pu%Gd6G2`#lpca*%T>8vmj~+PxeFxed!>cI%Y)lnfw;$v0s@KKhQKlEWyCJpd
z;{SF(Ip7S3I#vxy24O3$+11Pk%RF}&6#mf`rP43$eP`;T1RpyUHWSLI-7v)`i`25_
zFfVCYZE*@<7+AJ=X!_$euQ?`66{=O6rF=}HR4P^W6bO!X8x;H9y=4VU+filj8N{^;
zE!V$T8kxMq47%rtH9fe~pCc(K+umH;@IzZTNKLh}Yc1&55|`<7&cP)Xk>!W3jr9xk
z)N9c^+NcLa=AzoqWm`;EYQyG&#UzN~P%$<<?y^jc(uXxZzD(9*BD&@xrp7aO!x@@?
zd`~$L7iiT?NLw~6%cdSA*@dB+Ej+gsy|MJ=MWvKa9Ps|SMK$y!o+9;-&miIr#;m+l
z>lO?>=$ZJ-txzjh@}p~B)SU@ciIZ!z3lpAlRnF<8*6eHk@~?esf7G<H-&LmMnxx0E
z%j}n+blD$F8>u#_)`Ky-)dm~<-<U7KnIoO4Vu6@XSQBIx|LGS;D-E?1tp}ir4%dIm
zXT6mQpH!1z0<J-s*k#vpPF(dD1AhW=z*PELTB=RX`0q>Mmt!s=!mh^WtuIwp=&8(R
zXia~&ha|I_@k+I2g+0Q5*(+UdDe|nZ#7w<F{6P~LSQs*vhHe7aW;L(NZ!YvnuM8>d
z-Q=dk0PtoSV%Q=iMQ*OA0;zSZ-SvnEVVg23u<x``Q5ZqHsPmeP-?ovPy0`LbIZr3V
zO)YKz+oH6D-4WO9EMpdzJ}aEXXO7|VH}wb9ejkeAVY&rbIF7K6hTD_pmMP{FGkf2d
z>6pFmyf){>Nlku#)VbcUVTJdF90^+p(PYz}oDqVi9mSnazSuk}JlUqnMKRhE+X*$^
zKO70hH*_8!a7cahe6oAJJ!y0J#O5n(W-$N`=~t#*0K2;uF?{ehstkXo$LmhV4mts@
zF89Z`pHsu@@apO<CDANR)*xZ&i8$DGc*l0LoiU&ky#Hq`dB)qE;nu=flw%FB+*t@0
z`tck!!i?3<-Dyp6*^@r2oL0M!ZcDRDr6$U$CI0B)tyM$6lKtw}C}nveZ-|vaX&y6{
z6`lavlrOx0_g@kv5p6E6Ic_+PCR~<~)#J$*<@6YT6=VV}#ZgD>Ke_d1!EJJ}iw2P~
z-j`vVX$4kLV0Q802DX+~(~mPX+!_!+SRj6O&!0jE>?k@vc$zI@;f!>+1ym`g7iwd(
z9pBNqDk(mL(9O5($vC@9UP1lguT&Z$;cmKUURhFpMzcCuZl(HdrpU%B+0VKA=aT!^
zAUlM9N80n=%IdDZTC>3^{wV8%R6Ra%U5HQoVO&rrhaj2w8n&{Ic7YAB9zgmh)f*{z
zdvM@1SIk2If5aS`PbMz;me#Sl_~d&#J%jV<i1>zjGXD%Kj`Oyz=02vlp3cQ?LwP88
z>IK_P@q1(ECy-!37PivWl2|d1S<qX@IA;B4k%AKH7%bjp_5a@rC3tr(-L;`cZ^Z8A
z51Qxy*`Sp9|87unL(^9&Cx3BTGe(Pn_V%q!o~mvMXN}%jE+E1?@PL7Yf!zLwb$k?Y
zj=1~5z2}WLJ%=R4XaMu1i4$pZYXDmhr_bCEGf~q|e1+5k;DO=vsAUmn%p-b4(bWsT
z(6aMx?`<~>KISC7J{A#&H^-`gSD|#PHBLQuh9#wkR4LKC!(Hvu>Gc(~`a-orV=(Nl
zOnXjyZ~f^R*c_(*(ONf?KxAnw<lvq@gjtbOO3PRuhDYt2>TfJ;JhdZd62yV@Br2oO
zw+?K$pHT1ND1lJ?pymk^b+%zy7&7oqT6xySQ5NBj`+wuHwI<W5qNGv(_9NYFx{Gg*
z!=yh2<@#UvlbELeul}S(iM50Y8Ci#ACi&*;?1y(rFflGJ#guS_YRc(Ut!<Av^ZWIc
zIsP7V>%u47@`3I)HbpDL?PdJSg!LCVG^0~`>%FTxguOk{n+{`8L?@JHG!%tte^Qv!
zb{Pa+MU$Z80-m!4NToqO|N0Ltv`due|Dc~fRI-UG3G*A_6FW>{RiY;n(X3gF%bKR;
z)aln#Vl|FEHblY85ROKH$A+X(MA3@Dh4X&aPWl0U>p0-|-Qf2*BI@PYg^;vM*_24n
znf{mdB=3P4Zuu=BLF9Ilcz*Z))+c3}p3>(2Z|aj8s0wa3JQLo!hF82GzZqeLrkf}y
z3t0B&hpr0YoF0;nYyz%C=ml-sGGpmC#sI7rKVzQQ|9yRu&R$Ikc?&;#;QyEYq}dKR
zuu_D<WTYRVL2v&;liCKflXw_s7ssqC%ENg~RU;AVYCf}b^S#rgO7uc|^n(iZf-_E2
zOx4xu2+Tbw$xy4xK^uXNSTT+wh1_9CWC%`t2AZwRch>V0=^JX5HA7p_RqD=<)+R0K
zdKUbw{~oVR^{<M>TC=Pk<nBf4Jjd!xB$?*}Aj*Y+AK9)(rlgLr{qPwKcSr!QBscj}
zdl=m6<O4zO#IK*tg|FdW$F++#Sa<W6FvWJ*z4fU+%vAH?^v?R8J3Hy5NOp+=;DkZ}
zxA6;ucxYQd0)>_BMh{Y;9`ruxRZR;uf!|SH4j@qy=68=mPg>g)<zF3mN~Xwt#Q+a2
zW%23CNO|bT!*te6iy7&wR25S84i8QiI@`U;3(H7JH{Wh6yd!{FU67(dsAIRXAWy!R
z<*g&po1c-r76GT{q`xDD#}J^E+wU4V=qv1445=Ikut}o*^Ed3CIuyUG!)Gq<ntqk8
zi*Nea%jEl%t}on}#*LevlW--stI@WSWs`{4u(O?2(p<Qwe0LgU(!|pJ1M?UZ?uQ|X
zZ?l_|ZPjwo+qWELTyXd9U6`=5dx+0m{qepnf3?^6g3PU>RlgB*vIgN=C;h9J$xg&S
z>S!fV!to-^P<4Sr7p6V#X|M{?IyllcS`IWUjsfy0dDaUH!mi_m-Qj7%a(Mb+_b-Kv
zF<J7OZm7r=yQN)Y+MD=+>10dCkNoAbcC`E+X#6|T+r%4K02kwg8T}&s$a(*=*%^*#
zzG}!mV`g-$`7W-ITNBB3p3nE1QXT1A_5dwKDojWV^38MjvUjWrotN{v$-r0(iEkFi
zb#Vd5)wmsDSo;t_)`E)@=!fSta2%PnqK4;ussRhZxn^}}5F;$pY^rQAME+Lr!yND8
zXPxy~dTV%$*ZHMe-FD>FnNgj5|9FR^P1)G~{K#~bmg<&|S_OtyemLv;U{6X0p8A3Z
zHM?LMnq6_sx<7zC9ZD)gv#JLZ<@JFzfZU%@6V7qJor=>oCPVV2Z-K^{OZk9&$r>s{
z8S{r(5FJDJV_-!~(P4bHg29Ub&?D%N?o24ms?AoJ?ckZWHui%+`9dPcR!n-E&W7{T
z8ys=Lml{D0K!t&{8?NE5cno6iyu7gRvNe@j5^Gvp=oi?e`VS97&>lgApS#PO+k<Tl
zpO^>FM{`~OpW<i}A6Lo<DfdO}s~Y)n7D=#MteXumfq4x>D321GfkZbL{g1!fSs0?b
zm11WBNj*TK?*UZ?&vlo))40QAbFou~>dubO6!V+vK+*dW(J;e^Ih~Eqk0!Y4TiD4G
zmcYM{cOp3VJAt)E6`XmV<ZAG75T888lR)BeosJ3Pr9GUmT~x+TFe2FOsYT)zW)9@B
zP<G)F<gCK9j^GjVZN^5sFH*%0HO~V(fk2xs8IZ}XmZT_Pdfa8TD{+Je$UBQJuBaV1
z-gt}Os@81#W?PQ|w-=W>S3Vi0s;DyQ#Mhs3rmj%A_))qN?8!c}uO(_M_#kcm`X~}I
zM8>sFjatEeDzZNqaS8aa&MJ}N;;JG4RGDm+{<0nokX*X!gVvxKgh?JKhmkr%c;JPp
zf)N*bn*jBK_kBhQ^y@VEI{wf+buWS=4}Cv)fz<bke8br>&d}&9CH?m?p)C%2rzYyn
zb(9@80>qDi?3VL40ni|Y)R*lR*#ZzN1adYV8DrsHPc5BW#&@d}p10;n%rfHnuW`tq
zOgj4;it1&wl%x~56kC*GcRTqwxKQom2K0}`;XKBN|4(Ga1-Gs-Cxt+Z;04EcrT7En
zDK>}iFAqX1Hszh^y}>xr)jnGc7%RCke%^u(h7M$3HVj;eUpFw6F43x|#>G0LCp8~t
zNgHz_TwW^HO&<#QN;YW#N!(x^2$GpTj>^Bt3ip=wsz6SXurM*wBS&c?0I>o(XohdP
z!+a!<x{8*72b{(`NPdNXMQ27Yiu4$r{{Tk0u1X!V*I|djAU84wC!)k6vv?5#TVySB
zDU>QLs7a8ybe#dy$?3O}iN@ltSdC@TXQAS9QSwL~SwRT|r4Hn`njB&j@r2ml@|hhf
zmKJEZOl|ETaMj#h9c42D9NUOsK8diLmx2&;zj6gBo?=`$s3n(}_kw!#OXu*-DinuG
zxpKdhNS<?inoiiRI5AW1yXdkaH9m9sADY=tN-<RxTY)dP`sXgau06T38&?jerCnQn
z+1hm!Vi=p=dH+ES94;2$XL%m{DZ}!T#IE3tl$2cZeyO9(X9F+>tjmvBl}vE^9YEPi
zesd)AbWo;i>l<UZ5y2GbRJLN?gWDA{ZwSil1+gP~njasz*U$al&Dng6s;vYe2K}q^
zYC?xLs69h;#qwA`q2$x5p<>m;bwi9&&up92TD&|dY6RVz_x+64Oh*x7yLSQ9fu-U}
zA)wMRAI0S4UVfj%9)gWA*81)i4;rxolCsUAsC?9V`&&^-t>uwoNZiEU0O!Yz0!Q86
z4?7ifQ)7FTq;_;>qjyJj^%!EtlOgj8z`|s*bI_&Yeg{*FG3#gXm_t@4XW@2Wz3Z8@
z?dUsX_0Q?;oOl20Qyp&ZMfmy~v}!t#(a*kVx_!Fe+tn4^5bj-s4mr!e<#I<jf60FG
zVYisyHNmIUaJB(VbfOpldO?2pa~j>%?<Go(Divc~XC;BHS;%l1$+{JE^0!B>_(n=t
zwh*p=j$)>OqgctkPQJ{3Rrl7zROR=5QIh&`i_HE^qQ`S~_LR^YXb@C8`KuF~w~v!s
zjk7m5f+AHKXmeU1|4^zMt7Fo|RN)Bura^>=zC6XRC!thZW&zTu0PvW#7l6VQ04QYU
zBJf#!4MY9wDA`QFU9z1ZVmo(tI3qan5^kKK2T*PvM3U2UfU>l~lnCKCda-3wd*f$I
z-$tlX<o9rU85cleWWi>SB0pn|668r1^0MN7f05GNb<+d{G62Vna->~faUC*ys{giv
zaj0zp-A^~>HXmPaZc!hae{=zP#y12%LJRiB_NE7U450A*nmC*4!T1s`=QH10qB;+)
zq|0=V3WlmQLl!EscaS1xAhoiE{;7!?K8Zc4;$nWwR&z<igVW?0Lj<omy`|()KhV;E
z?OBoTV-n?FyE?+L;*!oqx1C7JP;r<wwnc+K`6tn*=8+U+R_&=+KUoDn-QJ?rOE_4A
z>Yc>3iIlH0+32zb*kLEhC^c>#8rpOHR@INzYEacUJ&S4sIDmoByk+$x?_l#XUGFNH
zJ&X*RTAB84HqcbTvC+E9=tNp`y(+*?hd{>oT&d|f$hh^JYCWs-cZBH`oe*jIW#-HR
z3fbEZRsA+6i0DbHZVmUI`(bJ5J-c)LkV!yBs4Zucaht=;b?|c;UyKKO#efc$H2Vnq
zgR;Fryu#6LU0v{Y8p>#H;i<)L^bYmgILq%%JZ1o9IKE0WiCglI#4nOLyFq;hn27|V
z=LB;Uyk4}DI&?XLVv`F2E%?qv!k~?COjiDg_?-^l95HIFYNjc!G~=o-sg|R9*mWe^
z6qCQix^c9uV9_swfXkNBR?7KMe8QBSrVwuhIrLxNbN{u-j(lFgK8k>w{iKt|hqLg;
zoxfguLR1QMj25$T;$BBtEzM5GxK&yZAn|0$|LrAI3QD<xgv9t}MNQI&hUfqmIF{W4
zEU@%$PePA>Y)MUEl%Fae_9LJRJhpGB9QN31wfXA^F2cN^wKq^3@`>?l7f|cEk&MAS
zz{{iUL-TOt;M{5>&u)~4)o=SbD7E?JSr@iT=Ak;YA=>Tb{7jPU`<pc_!r?>Qr^2RQ
zc2XZpdLQQ%u)i*F8=g~>xQ%PEfm!rM+;>z36|f0JJhg39s||#{P897!Hz+*>dKfH=
zZSb&=;14g!zcK%13oZ-mLu~v@dbPOIGE?g)`1v*~HVtod;_6)CQ9#2*DRJxuaM)3p
zgTShl@n4b66^sY=VjB(=hHOyqQq(Dtjf=HJ2X`bPY{S)&{mlT7z^~a>&V#n9K!O8q
z^MZ>Hawlv}O^1vBPSm-fhY%@W#gW=^V9Dm<{?!EX7dR&wM-+m=mW2xe76rXYp!60G
zKfiadJ*Cyk0TX+)C%hDTM>7zIbFyQZu+EiUV*0C(B$y9lqS8_0@2F(XM(KGdO0Pij
zpZ)Z}s4v5&wVyz_SI*BuhRa-v-K6;BEbS+`zcX%;WMGi4Dqb@cH#zpR{P+F=?UPv+
za(Xj=rGRu=^+!J-DPXu|d+I+6AHQ3<8j@f2Q=qwnjNRQaen6)qta8>tv5UvNGP%*y
zwj?*6o9jas2yEzuuv5dKOZJf2jg3||5XV(fN9-38=rW`ClG~wRY5~a9fp@bi=nbOq
zh}b))ullHb2J<u7FcaZwRi8;?1`X`&?8IS+L4ZATV57<LEe-BCNjS+=B%mt>J$t2z
z9(+4V4{TFYu3H82G){Wic~2#^kD0Sjp~&3F%ErEv8O-87q|G`=am=nrM*xFR>6mSt
zu&0cJ(M?UCA0d%L&?`vp3@rEyq=yfHt0V{|rXl1{hNA7akK4TuQSWG;A;%0m!y?XI
zjhy?0XSqke->;+e;1YgiyJ3>9H3NDhjfHNz&-v3>ZO=PX)FG10yA^gR^ry{klE|7f
zk`5uU|K(A%P%-4YJ0f6YpxM61c{2bhHsG9`BjN`CCLg9^`nN4*)Lq4703&oENLQef
zvp1fXc_wfwS=mSAv@ZQerfHZ;As&OSz^cN=ASH1;)dCP|RK>=Qo!`%7;@<@?^f5iW
zgd$dlQ&#W~1q@WaT!qW%1@>YaQebGsym|vPDTUfdlNoWuCC5OJo^~D#88Khna3Q^2
z;+4RN_gILYe&=vH87ij=9lYPzdff&jymr{k?aE1MX8{|q)Rxi8={AN9mg>S^xiOOi
z`4hre(YIqA5-Kx;K<15c=?BV2|IV2C(gwpZe0=U+ZuJ&amN!n8!bI1*aP=WNyyxZ%
zzbF`jd_x5!8()NoKkYa_ez3}J?Rfa?IRC8#ybr#W2U?D_S6SZXuS*4O<B#5|A#7%k
z3CUfBQFXA@Rz@sbuaiH0Jg|mUMM6*cZo5=UPg7lYMZNu5+r3(r0;dKt;1ts!yXW0(
zbe>MhPdZx5c4SyYffZz2AC?zz8*#el@ysX9qcfgH%%g?&!$Ovt5v0s}gewdMwe%sw
z`Z8Z2bVrKbcY_@bX{b{Znzf%?1l{QyDP5fY+2fv;RO<iN9(Sd#CdQ{vRD$|PwLzi~
zj_I@GVI;f^ga0Sm#l9D58HGH#uZlyjLX#uBZ@PkREx;Y<i|5q3-HHjdns={EBGjBP
zf=ljvvJVxZDC7pm+XDG}?9yWnobK$%8`6aB4p_)h8{gqHuONwXrAB?loVJ5R5^5lD
z@k@(O{pDv6R!xm(tP5V?&{x2DtIsBLNK_UN1g&=WL?^iGE^`ZDm-_*>4A|w)_U6;e
z@>9G0{FRXU)`2xBl9B{k>mXo`fZ4~LdOMa;$g%&)Zfv9?ZZ;{<%kG9|Qqkz)XuF6p
z&*r#?s9IkYcb){a`2{?;`Oj{(;Oq_K&uy@ee&NlYuE*UxZx|C@KyqK8p;w?6T7Ce7
z&LpE}EfcVNG)3JtAuLzgZZ$D{hWvpkeHM@B+fBQ)ZQ36=@g5m|5+VX;M}Y&7OG(Ce
zyH(0$Z9Sf*3eXF@6zdF98UO8%SIch~>E=aA-JiiJKngxe=S8j&XIe_<%{y93nc)_m
z?`7Ibt~si7av_%#$@VReH^t)mTinIXBe!&&NO-_S9x0w^iCdbkXMXu3k}!WQWEVC_
zTvH78NH7d`ZkqeI;e9Nv1s%PIVJrFKB@Zd9Pqf1App*9lX8ur(26J1RAx;PbAA3&u
z*DN({1TCRoj6>lUK|yQ$2`HBSLfL$THR~5W`2umOG%t(NoB^Ia%Ew`Ya*oW;bzCe1
zj>2X=p@dE<UT7yk8&u4jbG#~29uRqueid%OMP524xR<>IYCNfEhte3CyZC2Ezn_1W
z_ewgV>5DUp*hn-<6@OLS@tgnlpUo>RnB;m!0bujWXI4(QCS9Eg;-sIGt7f=A9Z4oe
ze4tePZt+rcH2o3ReN!idRVKIS4*~N+A+?CFswiH_q6f3%+5LU%Yb(s|NJJ+7PfKH_
z`jer#$~`|QoAJO~<ivySnjW@o=5k;_#4TQxp88knxw111$bC@co$Isi_w5Ov=*wa>
zAN<Voz01v}PxQ-Uxs<a8Z`B&L+%J61I&(zu7d`5JyoGNwUblA>s^o}iiSB0E;a@t}
zvb!t=&)Qt=4;VCjY`+C(0T6z`{%#IoQVcCqyH%Cp*^*q=@mn%@c8bvTBc`<aX3TtQ
z)HAOl<wkm;42sbqnF!%^x&V2Ah(Cjvu7J_HFWm~utKxa$!r;K}zI8mG2&FF-`4kjL
z#QxOc-YYpJnhsgEdQ8$@w{}62ejiQN%r!ER3&jUrSEyiqFTeaZVjZc8Pz6+)5#y%d
z_2t;g$RRl|=XwQ^wa{Au*>kxAqj#>BAHBbo)8jKLk1t@vQ5)ue;UZ-&6mSYHLx?;5
zX~~CE+&dUUS}#dp#vGx83DOeMkox!P(v0z2ML$*}K{>#r+P}nKqaFU-xd&yPfib6s
zqMSMQ6-)-OU^M5<xZMcURq%FAmxUpO@g=%<BH%u2?I1_(K1i7uZw3C+0#z>)eNckn
z&55uh`9X)&y!h9MfEK^U5e`93BcEmE?!QNj@t9p+{*w{wbJ<w+)-%mF*tx`%FsRc_
zXx^2fl_8hR+%8ABcH&Z^!DekSRPo$H#-J~p57k&+!aANa<!_a^<7Q;BDyEz<p6J9<
zl-jxephsSEgLnW6cE+2>48jM}kFX(->%!l+bDkt-b8Yb+UGORj$MW<}F82c#+QmeK
zCd{s?zDxY(nq#?KMv8n10jyERMSp<dy<A@JVDge1PJ>x1sy`@2?NfS?uDNKLrh%wd
z6rf-CdWGL~M_OI)u4*JN4HNEWby8P4RItFvy>l7ZV}q#CSS)1^7K`*q3(9^tll^j)
z$$AmuhSJT6gNHEB3mR;)z9cdxlmz=D`eL`NyNg}^yN{yOk_W7mje0RT@SurB_pAWA
zf{-dk(VNb#oIapXj`3bjtiFHulK5<Wk>w)^U)Xc2oumKT{gw3hTDYh;<~!v_;@8|S
zoY%N!FkxOUo`k>QKB&j#_FSbBNEHO|oqn#qK6Y{`lwgJH?o>tUKgvX&NW$`SyVXpZ
z8}A`0`h8A*Z`nyO;tEUM=yJs4G9|zql?NJH6!fP0AWcM=XugbsabW{%u(pDrzuGR3
ztr*8WFOdPEanl6o+?~A1ucloEnXUc=e93<SEoIH4&op~_ucdLOYSfVOc5cUF&sKg0
zcvc$R!pnoIe@mzMHt2JaYbogQ;Bdn7r-B&#r{B@HVVw2D*wn}%#>Gw&36{b48(XgG
zE(+?=l$#?AJYz@&uaIbDpaK4*x%W*fcy^KL?7=wY*b5){A$X6;<Tek9^g!z(&59@(
zw7I>@nFu}~X8o~dNd?10LpnyruXs06jPq|jB@r3B_{}!G?Dn~^C|+*i3p6bphMT$Q
zo)3aRQjr;Uxob#YyE67)U^_X55n#Ln3X2UfM#*ytbm5M%WB!!fi?6$dbS5na8stKl
zqbm5i%8+`iTilbH?-L+dq83D$Hi}_j{cLGVVk^J}WiUc#TgmFb3Alkd7C{su{P0MC
zEfJR{=XGhckaQki#`D16YF_E2-jI0qqbz#|%4*(NknIqX0|{KhXPqNLxD6>;akLqB
zATH~S;~$X;B3D0^ZF%9gl5eGB@ykbdDV|p)h4KZO<Kf8%#^%_oZi=QXMTNKC5)f8l
zok>MQmY9I6WUM<tvk4J4kOL3`w#sXDK6wVkx?ImWTn_$?v!RC-#}I#(R>JA_a&BWP
z`?ct%4qkV$q<U;sajAPcx=(8B+&4Dw+@)>bcN|r5txlE4qfy9yE>!(iH*^FW)AD0d
z&6#jis$S@-0yb8tVP%v(m^0FCf-t<Dda}tv&DRCJR&S7T9EJR{j^WR3LQV)Z0AH6u
zg)<Es%=$~{hF9;rM`eu>IVo-`!=(v`kYqL;Pb2aRnF9(;SC%+)FNJ9g&Y3Nc()*(T
zfWnnp0HE;VWf73!O2ME1PZ{or_r1?UmYG*Xm+*9U>cP+HOqrHm&wz;i__%#Z&nx?6
zLa$CKx=M&8rpqSBz~jX&{nxd$utUDE0jQ^PCg$ff>vazZT~!M^5F8(uRlz4aXs833
zCPiJLw#nN9V)LgmxEu%Z(eFF)(a5>HgcD&+)lJUYT;1cc9|1C}4am?`nzPlh&y9|x
zXxld=nt$BlG!B&y>Lo*@Y>@TRda+BxlZ;vsG-652i8;<O)RX7r`~FAp2}JZy@cBk2
zZYfN%dSS4n=T)Zp1;{<g)YmIb#r9^lhsG4~>h#Z~%^8~_d#jvygLP2}Y;GcbbNOZA
zs9Y`47VsJb{%jfJOeq_<7V_*44xvslc^<4>(7FR^$@zl&EIx_Sgnn5EAe`}8^CPIs
zXDm!I#ENG&g$*j=8J>Oedvl!Jhc`<9!`{<Hs@p^~Y<#Z{g>)rXocV%bSGd;MWpQ|k
z@+Q~MC_%YKD0?iq?((SI+T6H^$R4~~ku7t%fH0$*lhsUPfZ;tC4lhv1#{q;i*3qzB
z@Pf<UHbsYJj%Yka@G+X6(IMH0s9M-W>~n#7pBPJnvgJV|tqLQ=c&zk-`z>j#5D=@8
zWU`ZDtqf7Q3A8R@JMZVrPLm9joHy=7T*+WZ-|6H%xC`L*n#Yku3w42!AWZcA6P6aK
zogjLCawFg*UE%ej5;y5}4<aqK;q_Yyu1wqz;ptxAbKAKQhG0;){4jKX-sKLSadb+h
z?XztS>7o6atk6rbpX^LuQlMUeWl_HYeKo9zj5$%p+2-yl+4G*=*}u-ykV*@;h%L91
zr;Rf1ex`Zf6m8u2BL@{j4Rgs<mygcMRm>=oU{<Ch<&zKL)T68H!fLJ|(#wa$rYWNk
zb2%?osc3dSNg0-rXLd=;QRY~UCX9TY%rbkvSHg7U>^8Pr+NbevWV*14DH}Ts+G<o0
zT|i^8o@s$%<2%TmHQC%3kmXuedEyEyaLXhk_iWOSW_Z33jw`(t<sKAy8?qp)6U#-D
z@|`FB03-7abMdDHS|i4Pg3vak1NY8l<Q;xb&B&beXZd!qqH<L~h?XSQGqL`0s;4i+
zsC_luo=D9u*{^bA>vhD@O|Hmfp(LidT=8`E{Lu(O+xbPP^}HGq?CSf5n^Y#P(S{m}
z!hagc`5xHHOG+YPlMO;TV+oX^XT5zO$L#kApEJ`RvfLntp?u-hp96GTgFomqsT4u1
z5GWyZ@;N6fNRh_x^+cMLEMSs>eIkx-Cr92@JI*pphw?&<^moSCvP7{#T=eq-F)>>E
zWm(SToknaF#nlu^keShgH_c8?aA<wDxRdT*fov?JHF1iXky*zC6~WE)Ki%F|(tnmb
zjsIrY;clmi@Zy2#!WmVnHO@&$-ygl5rT<X58Fc(*c>4tR2rnovX!+u}AH>wxHjk;p
zWNE4tpLV}4Q7~h{7_<-k#xnd<plJ*LW~pyfJ}&pJcZ;EdY>4(Yley<U5aowI#@3xF
zLFLnj+ew|P?$MNa+H}6h;m>NPV;U9JFU$5h=a)RgQ4RC$<LL-GZ_QBMPF;v@LYhkS
zf>2EpQt7=1#WhRe(|&V2If>Q9$BJ`W6zAb!xJf8%7v3cH?o!}%tKfkQn2CxmnFcE~
zvXh4kC9X|^W}@L+Cd?9J9FTz8RzwRDZw<Q<C7Oa^Bx$%%vO~LIFXzh63biMfcn`8O
zHr;nSW}WxTg2H=;gM73rs3c6(QntUVnm^`XlV<qTgS^v1>`?YiM|7{}GRFrDW5zLP
zaY2*JPi8NfUe>8@tE(nAz-zD1qg|>3ULr%%D!<C~E~+v>>2%tSDT<-AqJ?uzdyxYr
zC0@7DTCKwp+@u%tr^t0#QBg7uj}>qU#Ao8F*&foJ(p<F(W(0&iqZ{0LEbb~$8H=zx
zE-kMslC3KmHUA0Ft+nyfxL_!LTApx}?Ii0-TRG;y?J`95b7cJ!qFXJ%$qT6-DFKCJ
zpvg=mps+xN1IGSfXpWT70za_i`dM!qfv+3;la_CkAIW~%93tM2qBe8f;DuiLgcv^y
z>8}utfh9f2ABn=g_V5fMU7;a*{~;8xHmH(Fk>tDe%aH!i=8VZtLDv#$y?<uP@{Cs4
ze#T5k*yRiMJ6UBbOpWS)X{hxy2f^(uH0<Da%}>r9ti{wl-d|*aHA&blEKdKZYY9`x
z@K3;G$d72!d3gqenn?6uf6vD6qk!9(eq!s0&}izY@&>^u@Ex{E=cvEZIN6)M8}P)B
z=4yz(#|vNsbO8EZ0r7{HqPyAJ^#n%qGu!uSDF#5Y+x<!gt>_QH=*?+yckxLaU4Lr>
zf9jpG{FLo?<I<@iz%J*DZQx$YNsOY~v)#V%`7UsdU7Njf$CuH~B}(AM@ZoBKB_jL!
z3}ac-UhX*<Owp#eP*+zF{r2j_#hqj`d?+BnGf$3$nchF)R)tbV#L(a_Z?TM4dQMT5
zDSrxE+;T9naf~b#c1oOd<fBEXKpQF##kW|t&owS8Xd%PZ+&rf<oaRL(9Fo^siiKK_
zT5Ib!tIW!8fX%P3a38!ftB6FQeM0}^{CtXjo&LAB)U9?sBftb~1+3jFOEb~OPE9FD
zGArzROfncmkc1|O5?2nP&4~C%oYEa3RAlqO;(a>}thK>c%(~ig2hj2TdD-l6$q!$U
zGYjL5o&0Me{Cvh$EpYHLhH*JIq1?`5$iT#|C)?(esY{6;e~+|^)6*O?n>IrnGpB}E
z4K`ppG6r%*W^pW7*24rNd8~SKhdd*(X&pD5&sv3KN5ion&`MhI^Hby<O5S@af09G@
zHp!R1avMXQ5}ckDW=IeYRT4{j5PDR+O`Ug}*3J$rYBUNU9uVQ__~6u^bnMW6TrjyT
zjLXxDcH%tNL7Q!}G-mPeTGv6_Cmx<JF31w$|IryIgHe))=Fy{ROflh5&e6mE&86#8
zl=FtdJ7H?;;B`><oywB@DO=TN{Ox$KvlSoEKK)f(BIViAVU_4fQ-M8lD?*X|BPvzm
z0>x=q!lp7Kx|O^5X*)V$Nwad&I??08trA~oCAUV=o!L$8Hcw6*3E`K_4E@n;@4>Ho
zrqqLF+We_eCAPd@P7Ly_K#uJ6q%Eg|SZHl#nIT5}l}{^xBvMe_e?hsFhE25)d4098
zT;a4#X-T?0o+>e`*}}DJMOrv?@vREQkuPxFMrFS4kO%Khf5)eKn_e+--giS9n~%zf
z5)p=wUfV6~=6bgfpKjQ$`?y>^$-v{=Efqe<b|}V6WT;*_jwKn1fe@UmHboc#`3uPS
zjC6@PY9NncGY~p<%(3#3ziLTxH^WlBQEMVCSeYh$q$=S7av$g`=LHO->#(m`>t#uo
z+-sbnU3jz*u`A}n_9~n=gqpWMkmrCP6{smUS9z{1G0ZX#midzb!h|V9U&;z@X*&GX
z+`I*6$<`eH{8z<xi`734rEC3i^sVotu5aXdK&G`2&Hd7i)tOeC435P&9Qo&^en#u*
zq~*=jR*Wi@Y2e7dfJVZ*Z;?AeA#{c}$D_8G6HRR20(7Dk^n2EuM)Y`#%D;Y7Q57G-
z^M`|GxlJ!5I>AWRYdGmq!MQZ8$DIg#>r_)g#9K1}!Y_-=P3i0W(2ROM^-24w*><`l
zo$y0J0bs1kO~VRnu4x)0(4p%$>2%(;gLl_0cZ2C@ylck=)y6!G_SlZ&lhD0Bcri=%
z%7!B+i;BFsUpE?sZ*<ov3rxW}l3`3~&mr5(k58kJRRcJh0ZUn0&in_I0L@KxUdC-u
z($ndkK^fIl-5$vMz9*qaN%8ND@)SojM?jwMH$UX^tvzT3yU(?E8gk9fT1es0P<s>v
zS<c8v$Aqv&jHX01Q-w-qWS|2qtqG2uAAtJ$R~qA$*%=}ulv1pvfg#$K$f>t)u{SY(
z15S{3!X5E#i?}OLI{xq@%_X6<S2AAMn~mk<RCF1a$3|V$9W%qmrO{m<psqGefklt*
z>*E&~4+JqVMcxVRIaH_dBku7*)|fizDYav7F`5mUJ4CA5(Sg0+(aItBCT8QVSVX2)
zoYwoGBS?FI+W#pOfz*D+;*f;^gl@82@D6|D4miH2+jxxiKoHi|41w>pZ{`HRMb>Ak
z-QvK{h{e2Nah>@?p%9^p6HsymPQ?WMbaWn%0~1HdWZC75?YI1u(yiog!?>r}#PW9{
zbsFR<?vK^rk!CGsQ26c5j4m1P>kVWjPMao>D66VZaiI1AR6HfQ&R#CYZDVx?fck*7
zQNiOtM2K&?)_8CqTlu`|^)Q22C2}#%%J7Km>`c=;ugmnfHCK?HgXm>@o);6o%4A)@
z8&rOGw)65(nMie{jH4Tv0*pT2h#Nv9s6Zi%tzNSy<HW*bNxZc{u!o90_%$+&?Wv|*
zoiQG(oujHBEZ0&^g{@k%NJ-mplz<K}uSkS@Wwckl9=o#_M)>{7lK?tm@2gn+6-_$i
zWBQV}g!P^R12{haOtRldAHr902w@52YTe<DKk|P+paNKw@`IkU(6|2BWk+h~2tiGD
zyP4Kq=qLU^dP=8I?gJ`i-0Z?V^Clj>Hl^Gn0&J`(;{g|N>1(5hAMw!wqnTSUd{A8j
zxfC?&$CSPQDJaEP)FxP^>O%}1J$jLny*B@R<Krk@x1yFgyV8e=ntx#y+bm-HobR%F
z(@2eIgl$}V?w&a%JmGwNfR7r22pLOA_lS-X%+`;vT&0e9CNE~##-H{VxQ)7Pu2Cis
z5M(<DuFKVdB#kmU#NU$Cm20bI?iEI^P7)0{3X<0iMF^DgXeW2LhXe#eMmaiFzun@s
zfDTWOwvVpBp>%YI;@v!RePmk4;&=9#P#TqXa;0pI7uatlpcky4|0EA8>Ni2&xW|0L
zrssU72Hcf=6p|f-DE@T<Hgvr~hO9X%WH{oN2&xFWwQ@O~t^&ovxVdzBxh$LRf^tm1
z4qRkv`*;B>Uk}l2y2a+p=%73vr)T`LVtjyW!JDX&i}xDgx+B{ey2+c8mbww;UB}#_
z?_*>A&c)&JKZ;f^9soaceWd5RwRXTrL%IE_c9!;lEE#T3>5sorBHla)jOYh?QobB%
z9gkDUMgm7KQnQog(+q9Cv^rsBs-2eM$zH8X4pH3ib4~9$c%>TF4<A9oU8DOtUc1on
zvUYxD5!@msSljx2`GrU;5uAh8*hQ3nRrM0htmOEr0D)4bSH)1P<?BjGx}5tustWQF
z(Sf({L`lK&08)IpeasOlCg^YDJe*U>LZ+M0VxR8T9qMg}510Y{#D<h-7&{N??2Itk
zihW?o?B@ZJXSFQ*U&8EfR86&&7jD6+YgbVE7oh}KbjsU9f!9|kkDKg$P5E!ZA_qs@
z@IWDr=YAdoPu3FKxf&B|Ed0jU?D-Jx1`a<p{waz5x=AdNf|g`w4BV>i1LaaD43JFn
zn8zd(9EF76@vIUo{4VG@Q}PWh5U1(ckoVkJVwIa}uViplRhMKTCuL_PCj}@M#YbN`
zG%KX@W@-eZR&X5t`O^>u_|rf*>=}teYemy0S%KzSu`FH!ik1_{@XW6^O=oa;Xog~5
zi%z>D95{$8s%k}8*GE)lP`Rv!E<LMgFpHN@q2)hY)wB<q&*owiKmlb4nvu$3f-#jK
zVR*xWRcB|`NMROT;(S(bG(P%-lTVvw*pLo*0ZdMqmw=D3Nke3tK6?6ukEz26a2)*s
zpVZ?AIZKd^Db>@|r<F^oGSCk1N;;MucWlM#$`ARwdRjF1L8pd$&X1L|aw{tch7vDT
z^_|{8pMg;DHz{79BC0ktm=b4L>bg7k`Sq!)q35Lva9v|X1V#LzWZv;F47YM57-RiB
zdBo^y{OGL6r(v<^;q4`t71Q0jxXb7}Xb<hs#3pSge&l{@jF$eU_cw4J)OJnFT}`y#
zQ*@q`-XYf1U^g|Zt#8<<ef>@K25u`8(0lsKbYa84($R<dU0j(``ExtG{J<BwiIYIn
z^X6OWdrQ)d?&&>?qF$HY>>gK|_;heyC6kKS?dLdzfdsCJzttX^p9a=db+`08#@^I-
z9xD3<BVxER<{D4@R5hw?;+se|v~-3}0T$^wV}a_^K#7SD%)2?oO!l?0bbpW#7OeEv
zFMKoN#+Oe=?IG{}Qx4?-Mb>{GR;2MVxMk-d*RA17?=8tb1Es=|{U7PT#@0oNsBH9K
zaf9g=d?j@X)Kg8e)f41H6T=vl1)WM85k&E%ux_AT@IjVnZ5eMge)vEEcRDxa{J<a9
z4xww(L-AIp&YMpw?WvQ2lWB|m!c)O*8nr2VC|seL_et7}c$Og&=j~?|bw~fq?XsdZ
zgQn?sktPAv<Y$h>E+`>{lhhNd9F=5*EApy0UR2V-4YZpmy+QGgwwA!#JXE|#XTN~!
z_<$f$SW$nudRNFV&To|=XY+n>2Y`;VPq9@52&9F3IG+n|@wOyNl+|?%ZNw0_^ONyg
zX<$y0=?4O8?3}rs9~e(*1}=9FfR7$TXgpn5=-48uTi&k?@0!^5Os8x4UsW_?kDR(@
z=Jt^z=C8<sN(0F2&)(TwhD7A$%;UsMT2zeTMvXIwT152FheEH!!vv5%zNTX5r_vR<
z!cfyoQC^Z2t13cu8ud7JQo4)Zln}2mcYQGtmD9o@bMPN1hguK^uWpGtE@^0y@Z-@Y
zqqNoq#BakU<MfaGhefAblnOMz?4E(I5=wqMlE=s)Kd6WFu9m%c^up7U#RQ*Vi@*qb
zjg4`@sXH|egN>poJ4&jgOwmKGm;adhLqHo&a2G@$kcOOzrN?Q9c^hXrP67e40O^h(
zO>Z~#NLz_A%7v#x@UgcJKUsjjr#CYTB)?j_At$;`+*_6Ul&tfWu9G*=eIh2N;y~1Y
zbr*CK4F<N$(H9Yj*&d6v{9V(!Uwr7-SgwQ;Fe?*jnWsH+DC9%l;~9H*p;($Ag&#(<
ze}bV|<!~-f?}~Xl=hzUgUl0!VZGpWzC#aB=MWm_akOVE{5}z@c;Cguz$F#==HT*Mw
zH#&}pg7;KkW2X#NaoSu|FftsMWcDzyVtk~bDv~m@cBWh3q;yb5_*l9^h>5<i^=Dkx
zXdIn24wS4e;G$Cs)C$Wf72L(xcb5AvCSYQ*MY$xUq)z0NH%fE(X#37GT9JR!U>DXY
zn%0BY=-d9Bb|rl8+U-?z{j;>cX+KBW@K35d;U)5B-`PHq0s#ixk=>xFy4yG|8B-5i
zhZJYs(=Ao?#+3aGonkeRM$_mWCnxV5lUG%ooanXILiMy2LU%L?WB<ofx+Q}fsjtdb
zA!cJ71_I(Z!cohcX3M7ohq@K;mq>^k-a#&2J%_};9E=x|4~3N_4LEi`W&TZ4lW?Pz
z;Fz~t9?VihbDBToE7{RkBR<ilMELtnJ|n@=D%#FB$xokgRYs#(uNO_6*PquCg?#lR
z^weGdT9YiAcV1wJO&i#UO*fFT^$%t#!A6sK!_I7pVyM^Zo8+!UlW895RiK#T$M3&X
z=yKM$U4LqWKA>eu1!Fei$bhz}Xqq4hB^MuC9-r5wLU7Le5?MIXhS}uZZfQ`(@y^Ep
ztV!N5QI2*Qf}ZW!83CnVI(tg_Hl$LmrT&CDAY9V@0o;lH@=<Y)=tb5DEo$i%Cg{Rl
zJ2n|vU6cn7F;PFfoHvVZsuY65-MTDf;S|)aG|zOxs%J-e@T;wGgEifNqP6Xy(#Lk1
zgyD9_(qrE)F-&^1Isa;K^?WTI-e^QBvj$WBth)M7w^8Zy@7@di{M3%2VRgXa9Z8c^
zzG0u=f4Yq^qE~{dvX77GUl(!0{B0*kgQ!x-Z(M1T#_*ZVVkmiq>J&)FysP!3=T%#O
zrE?X3{HpShWO+}~#}!NDEdHTSTlar3^-k@THQ=^woT}KiZC6;aQAsMcZQHhO+h)bK
zZQC=MC*RupS^NBfaWQYknEma&HSckgzx)--Dv-Ym=Rj+mLOf6V?gntfx|@C}-kA)o
z@8)eKK({#S1%Yt$OcLhL)42*oW(5TOUNb9MN~rve>qnUWZ|BYgzQ@^tG;N@kN}oFT
zyu3sKeMxqKL<{s>LO_<gTS`O5(anA@1lCNJAvBEhnBT4};@<J6!~<NjL}6i?VY)&<
z@o&VQLo=H1JG-_-B&>NmrU6;Y2jRSd{@Xx{rWONNO)mpK=fakuBiGh<mAmxY!5O-6
z!!FlKGdj(~+Mg-jq+T`OF`v^vwYT(A!Q<b^S(;NqE7N^OZ+z6J`R^&OqsLBu#-=~=
zjX83&d&xMDx8=5RqAfCPtG2@z+FewbMc|BPi6wvPiGC4SDD*6~y$p)VA$~pCvOlW*
zU0*!B)=BKd4`T`rl2btz!%s#sWE&`0NLVhiceg~+AD39pmkZ@N(!f7=Dr;Qq-XZY=
zy^w*m_4E+8QXHvzz!HcS#{5#Dd!)#fJKK9RKQ8WvEWR3%zr7JpZ1v#ivq3F*HQDg$
zpbMMRxz%YYz{X5@Rq~24fp@wOA_r4bg<a*TAxIXXc$qtg`t&el{F9Xsa@kTcO`44q
ztp9<W86uX!tBGQq43=k)h~C>1l4rVLYS{^Er7B8e>8kI~S$|bzR&3>})uq&uGx+{w
zqByBkJ)BZ=o|}%|nlu$s-q+G;kUFHT4mOxES9UpdKezce1YA>B20Gf<7w5P`d<_n^
z@sySY4c7WW38!-njRanLn@O-KxDwd`#ce*|T7^&3W?twoag`Tpi4S%*aZvNdZk389
z(@+O2%Pp{iF7%!|d{saL2WPOYjB+iv+*i)Wm9C4Vp36qIr|$WF<uAQNio}d!H7$G;
zV?8}#et=~RLbXMjvWp*<Zvx`7(y&n^UVQL-egmj<lMmt&l9zOM1xa1Ctcm9#frpZ`
zRTKUQdzj0JRv@{0s+l@*>D1k(xxHZM1zwF~+w@+?biGT!#XQ<{Uk??2i>wSw>H0rh
z1L4@l$N79YRqbHZ6>J%&7AjJMNuz|f{|ckQ!no+QR>3gC4{j+jg7-M}kRS9hRKT&h
z!z(Tkcqfiwt*Tnp{!POF0I_2}{p0{JCam$utp65Tp6^Rt+y=X0{-jVbSZrPm_}&<2
z!W5im$eOocE|#l#1YbAAXH_BJ5-s7rL}C8<I7@J*w;md$6YY1nN=4NCv~8GDNOQx)
zcP76VF#fjLiG}GvNBh|}f!}!Hy>NTUjdX^Ml}?A<qS`Z?GipdB1m6?V290P2=5+@Q
zO6h^~Chvh4L#;lnIG>w!j*LOFfqF1C1bl!~kU3#ZyFr}2EanaO)6W4GMDEriW*aEp
zmy|Sw>{G{%6YXz`QMyw9jWHe+E8BsdP9v_E3l4%fAnlxUw5ftbc`25`59<XM2NzQr
z@?THX5)_n-rqlCGrpC;Ctg&G;494e4DXR_9#Fk6P|10tqI_X$+nf)V{v(@BRzA^Ur
z%HWn>9#ML7*isF{qeATRv!u@goop)D=Q0Dq-uOs25!f5_8jcFx2y3q6IIoemLJxE7
zEZLo>`FZMaN^FGYs~z0cex|_*%ZU@69G-3V?<C^rtC72Z>5n{^M$lg|{pNw3&-B@G
z(?iU7R|R5TjswPTUbMo$28`t97z&t4i4nju3#><D6H4vW-!#q8PsRx%Vk>ZfIo_13
ztI9)qH=SA-*`Fqe15Ha_b6B1Fw&vjlYq!pa4RM1c2$6lp{R`eafLC%gieYZje&w1k
z+@x9)m|L394D7jL^xnx#)wO}E%6`|=!HlB@1%40=JLZ-Q>QtH-nl#$@+Xt6#Zprbt
zLkaAFvAVBK_lw`95?l4B><$ms#UdY3r;X$n4L41`Uq^NnUtMsu(Z!lc4FSP^7*l+W
z82nwdl-Q0>)Ikg&>2k;w9X1%iy_deo%Ruut>JbBBsfN>j4OL4fDKfl+k#6EMHvF91
zGvIEr9kAAVukpt-?X<3P(&q#YFaIPR`3QN2R$ex%*StW|ieohWHN{Y~gckbK#;x`p
zyxg>3>N0uGDbPz;7oC!W`iP5>*3zL6`wsW;Cx1ZgDdPf&bBJ}j#lv%l<jNnGhP$7|
zlGQI{5uJwXA{5my%IdIGaer9lx>cUx5}K{tpXnDNnB@YP4Qr%I$t_ioE>^P>(Kk#7
z*mI4Y{M-iFgui<YR^`-g<>mlmn9Ph!mh4yLfS)#=r<9Q7O$U_t0%xz1Bl7D-l<I?7
z^~4=J#b<>=Q?-Wg-RlGmyg2s%udT}&<QOPV-mFHSN?bFa#z8f%-6Rjgdi(cEq>dGK
zj;{{EdW^*hc=^GX(2-Lu7<1@NPBydLVqkW(mS7@A4F>m)vncg#ZRIkZ=y~F_)srEe
zg7<JGSsi%|&E!fSWE2`;KicBKYx`}BKsloM!r#;qPAubEm{z{wE3eADDRMKO_L24~
zx5YO`PNWb`L3(0zcCuvsT+U5bXs%VlOF8t5db^%2MX8IdX5)7=;lI~SbpJS9Vv%=E
zdR4mo0nelOx?sG+dysd7C6-FRb&_)`ul4E7e$>Goi8Z-D9plwC4waRg?<?h-<B}uH
zbwjFL$APbA;A1xo!5mt1HbEResn(xef;cxPb(P#ULN>o8UfGw&My=D$JZo1y$XZr%
zF0>Oi!v>iHL2^zD7;Ek&V*f3oRoGg~7PjpdM;Ld&#&d?uka^SG{@`fg-?GC7aud{C
zua>3C;JDuu-nMMi;UAiCV1Y>2Lsz7|{<nfgY5873?}eEvYcxRY!rWkfgu}c@bZJtm
zhX`Jq^RnZyfFk#y3JRGxvPAxI7Tb}w1r?&}B8!0yZdg}@IJT}3gccvP&{{X54;<B7
zIJ34~qA#rEGaM;^>AVXT#37Y#r8Rc(d8}iMg5l%=q)^LZqk}^gH+UR!IPhbq)U4cQ
z)c-ICaJLVkuOY2ofU4B^Or&U^ZeZ1??e3`J%n){A4x^!8G5c^Y{oMQQp<RWn(prpR
z3aJ#1%eBlYSljkT_|P5N&W)J_jXoVG83EIVN-!9KOZ!CJBcf)lTPT!goq*gL5p|{P
z^By{>hKW`79R5`bI%&ux?|LWCa>=LZyh=8JZM2Tzf~oiY({Caw3ukpAl<lCz2^nb(
zUiw&EaJ+!c4;Q7GVxqo%N8oShGm8Kmq;DWJg9&tA-CJBX>5h9ML^|UFPf;+4|MJ@J
z92==Nt-UF!z#)_zh%5&OTE6~M>LB|rv`3VB9i)C)J-a86JCtZ4+tNI~=R_nVe<As^
zX+>|CmG<wlv6jkzW#e&auvidzbF_cF!b?%tn-P=)SccEE{d?XM-#n=|(LQ*WrwQji
zpS|)Hp4tJn7*MIHgl6QF#&*yfHm51rw=!z6c928|4)xd7+z&WbwW9mBS8aFf{w*~M
zP$e}uRx+k0M?8SAKnFqsmqy=F;Y3i6_y4bLJg^ib+>8J7NiONyH4l4SV7TP8lHh2A
zDo&xGF&p}-(mVRWpTpRuBgs+Ki-Be($dRvn(#*-d3~#trfMy5>05rxEp_rovuersE
z3d7S9=+_T|rji#rp3{s_;V4Vz#45xv>PwBQnVtz`to}ok>T+$`DDCyd(!1u4!uW4M
zU$=fd9&L)Y$49%0+hJ%RPdMB{nFySr?g|PUpOj?C*Ixqoli7gwmziT8Ww0XXB6W8Q
zQMB-WAx#<A6DVmwP`b-e$6gYi5Fg^aI$SCA;7{j((mkeC&hi>i1OAeH)VA&2AxPv@
zP&=frcYvkeXGDD0fcfO5YPn@4q62GH6`!hgNAw&+DbDc8hr*A*eZ}JjR0`doLYZW{
zf(b$;XL?RaT)a13tXT;{RI;AekHnE!=)#t)FtJt+SkKN1Q!h_$^2tVoNQVpwi@mSg
z%n9<bAp`XA$d(cJT^1^h6SPb0V~P?_73DfJgU(>H?fNl{`fh19Tl_aF&mYQYVO!)R
zG&M%QQ%XS;UxjmQ6BS5pEClNoEsZQCe?edQ-0|WQCOleV1dU?3-vR(49ns(>|KbHm
ze_yW$m9s^G*O+#2R*~jx$k7bd?kyeZ?5PhFBw<CxZQ-bOod#H>szTANLJfInNeYwn
zczyl$U>w#S1q%`uvIsx?NzQ1qPu#ULM>j^m(+Y8tvb%}$C1vyTFGld6Dn|q}Lt7=b
zPR9ZcD=+za`l$W7>cJL-jj!OkYDLa`pc!Uqknhq{Vop#^?C&#@f6~Q!<tkHV8p>|A
zK7Nd|xLP-eT?mN>yYFLqMaLPIl4fVADYl(YAHp{ty_LeaO>lCZn&ARu;pImss_IP-
z9-FTV6I?wO8NGJ9xo*1TuZj?i^W{-ACc`=&xKl|UR^$~`y07uM5Uf&_lSh`!rh`co
zXcjm#nv#F?*93%4rlz`F4W2OL99)3CC0o5mub#8cRhDljVrh1wS(xWj5X5w9lS3}g
zZS3g?F<eIG(N_)M^HK(oC3IV(9oG=In;F}%6OPU0)?CcLJRJYfL-MFL!+mdqtvU#6
zXgP)(5+vO>j{42ac%<WLIkEvk9k9O>n+M0yWPusO@sh{=1HZq15>kWHc13)%RI|2b
zk~w*}`hPqRv1G&apmg&oeE6?}{ol6sd>2hJ+mwMwK*{bNDY2$gPec$p9l67ZBz{PD
zQO4&UN!xQ_4W)Hl?T{9sVF@jjAe(EZAcOX4vP^%-)Nh^UFdk}^1*G*z$4?{cbNlsR
zBP?j6suOwN88l74Py@C1`OHxLOOhXk(L<ULdR4C4*M$X@wX?9_C2d?xnZh4YD3I`u
zO~!p+STqOgji&m{6>i4UN?CVbnJg@oWKAadySQC2tQajzq}P%YL)_IV2z43G$y%*&
zr_Y$OUOIJQ+H8^6kY<2Le*RGbp9z5$rNBEOUTZXY1k#~m_(gpy>@Kt~hvCr4zid1|
z4wmp>(P(0S-5`?>c>V~CF?qcR3$#UhTZ=TE$>9gsEOds!$R0S$&FThq7C4GFTz8_s
zsZHa;!leY}8^N!d^u6?D97Nfp0FGyLYc20ZG*S_Ts|G#L=d$%{ePE~SPT)MRu4p+f
zuS8(A^UyXFMQxX^Y!Xt}(8#rmabJZW(?$omrEaQ!S>7lf7DI|OpLmB53pnod7)*hl
zr0xB0S^J<je-(AOvC<qc^n2NTuvbmIFFuzizr;EF^9MWFs$ATeMGVsU6!Jhz^RM5h
z5a||<0a2(%cwa8B8+$h$E!sjQPo{qGS(``5V#?qJwVFcQAJlwy<QqTA#iGDt6A?x9
zU-=(1N=a{y4AQp>R@M)scB8|xQXoISMas}auKt57YXnrSqvi7a!p&}thNxK4vVnT)
z<ZUG<bU!Tl0z2y-0=&8R2HEgS9t(o2d9Ck#Y<H^G?KaAf2HA9uQzGZQNJC{C%n!`c
zjP+DN#iLPS$%T1}w;}f!a!?wXPu^f6B$_$=l{Sc{Rug0cnap?wN}Tb{cF<K@qZZiu
zb}h0JA)1uyksirKjVCSby)Hoa4v0Ai*PUBl#he|Hh@~4@qs9vF=0vumJPy4@G3>&Y
zUxss_+8q58-b5#?#Fp(+S|AUw;1qqyt3%9O@2>FjV2==oaBzKXoSfMUpq%+J;0c!j
z=>j8|Iw@445=CHcb-}&WB?+{%dh~iXpI;+^JHCV@-+#J9FomLApbbD<b%xo-tmJ$F
zcYZp;#Bi{Bu$cGzs_mMyy3%`GZ{n0+&bvEdT$I-A8c`^S4oA~d>kjVv?4Ma-l#f0@
zd{ouo%Jv(0slDQ}Q!n(8RqNeoy|+P&e{$1#dxC|i0{<re7G_nyx4sBeV%6bW>u^X>
z9Y(*kumliNe7qeXe&+79nJkQ(a;jcu8+OI<3QYho5a`nG7z#C8epDa3!Ck#In!fga
z2zUY2fV!_M-){up*S*Y7(;a~w-}lcK`MsTQWbUUv@a-F!OMlfq>$hhTe&P-O(HUg9
zx>|ejQrnaqhcs59?`G$awr^-KAxIRBS*AELfr1Q!{mnib3KH?-uL<}Ow+GtCtdsR4
z$TbWPOmPJoR=|*ofD~p-+5`qKsPT`UJm^o0Ei$ma7<B++o4cRV*Oe#}WrX5?1l^BR
z;LpqfEe-8el`jT6w4)$o27WQ`RWBd3Pbp_j$|YmNnS47;VLQl0XD&nGN&AH$!2jTL
zJ?KG6Qt3l5eb@#fI{q&{SM=_G@wubj@23mMkOnNPCOj2%RAGd9EI(%+Ny7h5VCsn5
z3W2_o3tp{>R>8s#W}wf?18NkRZi#`4up9kKWwp3GUGc_Bse3e_@%c89S#>(YlFtmf
zS`!Ad4$Uy?N}O0uMA%=VH8g_m=N*Fnp(vXlbXqzrlHq>@*<e!=wXi5M@Cd!VJT%_(
z(^r<ZtuuEO3$OaZ@9oTnjw6E$(SAoNR8;-LOh0LR`U%S^9-v*(0N{;b6D6v3J2E9Z
zWE!UH2^+l~6#x6i5sqZ6RW*F+h9+AdirC4*Q89p$3wEa(&#}+$+nM}Dlehu<?Uf@L
zCDTFuUYKn#^X2Px40Q75e60BVuVpA`l1cLL|5%0|-^Ks43_VpEvs$VdcC3F}hFZ0a
zs*6BHo5Fce)8{@9kIvL<3JM%inIkJK;e!s%iH$%N&^l0x++7%q@yY2!MuS>17y{^)
zP)k*z`H3LpHRj33RoFcy3V(Re18zZ>4{Bx*W~lJ@{jqX$<c=x`7t0|bdKNV+cWap3
zOINq^29qoZbxgF%auOhbpZAa5H6b2BA%3)reOh`Xz45O*;BlFML`<KSZInM!pbF}g
zlzmJ=5x2yZYOx8LYKoY|0=)l20(X2Pfwz<PG7J^rH2q4axqDQ0tq?%z{Gv<K1RDi_
zg6n<+-5%~7{64-O92DK2TgRHEf0^&LU{Vd2&?!f-SOK~{OgWGb$Qcy{TsQ*-|9BQU
z(7mxqs^v+r=<w%JLtA;ZM3p<dB%VW?h^o&os$E6PKrw=U48R;vmq-=Rl9%O0VG0}R
z!`ESG>THn|p(E~eODuGRoHtB?7oL0PbGK>@a~iZJEL2uT8)s~cO|}}lqr9Zb8VrP5
z)|@7%LiyL^oWs7@{vQ{;kwMaj{ON=l10(d=w5ZPO%6Ui1m8dtCs_c1CIUWayPT=}R
zi%Fr9dmR|r_gqkw0hVHUM+JLwbvZB)-&ss%Z2+9p*C|baOyw#cmL-Xg{;3nJ$X%1(
ze3F6)cJwLb4MeCJa^X{Q&Q5n)UA%l$w5Ox#hp?ZWX#(cDzF~NiO(QXikIfCH%aw}M
zq;^gy&JOSB1@j*I_{2E;`M?oTtEtm;ahlq=aG>x5{9yLUDY+d1)bwDVI~E|A7mh9g
z`V!#=2H~VO*fZF>Z%;SW7ys*XVpn$oLN!|ydupCKjT-_y;7po#c=v{94T}}p!hf$^
z=T*Z@nEhp!kI$Qp_(+}Dw|5BzED<MjSZ-wVb_bN%Y8f4NadgQ6a_UIDyjT5f&UrkB
z=l)MGq__{>o4M^vBETyC^QKrC#LF^p1gB!5Rur_3+v!_U7<!G@VQKq<x`piwt7bW_
znTg6{5Xp0#nmV`0rK7)OoX`2@L^B1{!O;?#zmD`3$mn91o2L4(jl4<rk^I)FJAtP@
zDS1VlJ6B*vobfL#fwe@?iWy6+;IsB%_inG=9hDZnwHHg39ClvRuYG^>%~RuLXUQ4m
zuM$XxrdbY@vWy?7hgfp+-Ze25#dF(bCmR}8y8EHxy6AFhlWv+b$Is8$!>^mF^_dE)
zep8Os7VpoD?~-@W0XeOO59>mH5d}mp2cdg$TA*yHG8yUjc(eHaKsRT*OYexpN+uJ#
z`m?!Z58cJqC`>+)G5LU2r8VU@cgdHoYm+$i);gHZrtCM$D|f6Xlbq6~#JZL3S7+9g
zntJz%s^SZQpbv@L`lrOsMV$K*b4hnrDY=Z=0l}b#Q;TD%e9Q=XPks>4rE$0O;0f9s
zxNlQ^HHuY_9qLAx@0{XLS%cH`xR#SCe!T-yolF!;QNs@uddlOqpGe^_DTe2{e@yVd
zRrPIHj@MPS<h7JK(i|cO&oBdxbHz>h2ZH+mHt(w)0(_iOg|aFf=6f<i3H6Suh1t~_
zf=qjxyQjHpKGeZCRgX!g9*VJxaF3S+(@n*z+7JuPxWD0I=niXe;@KF`j{nu1_y1qb
zxfturIpjR#DLyG!eOEct4xH}TUR9k(@NSo#M<qL7c+eBu-N0Hf$|DAKGQ;f8FDT9P
z4|lYA-kf66I1MqYexJy~IXa!FZynbNZ;Um7_$l#!ef1)}yN|tn+o3d8R^K)6^>d2R
z<G9u}RlNJ}ZV7_>j^&~CX7VHW|1s9bl@`Mv?g0rBa!k11oOmDr9EXK)?f)i8szvgs
zs78@L9#yeginYaIn>G8OF+DQY-R&3<lJ=S1sXL5+Fs2w|XKELd5<v63uwn$2hr&?6
zqZ&3*77WjkOEU(lXVLw{U0D7pA8QY4D7f5hp7ssC9j$_4;ug7WL=NfJafHM=$ROBu
zJV#Xq&ky)(pHwE!{i2r`>1SrvF>-M8hbEytYEUnPB4oquXp5<V*lu-i#EvMuYk&ot
zwYFjlkxOO^41Jb^-NOZI+-i1Cz}ABAi$5hghbHgpo0`z(PvN>|mb<&K_WC)u*S{Q<
z>HcUsS0<>Xy5qxgle%BMGO5zwWUlXHyn*K6y(xrWQ_e)>YWWGVdS-}i`kHRSzbEW9
z9JkHyJzpIae1RkcIlXB^(MB4@8ArjUKBbYdo<2ONnr~$SwImxI9U@^|Lhkj|Zt(VL
zCH4am@)Nz?Y;Q?nG`B9+hob2g+nufAlYS6eW<-aAAKlQW-||Q53ReczEJ-yeiZN47
z@R2<|j;)FPV=o<ej@eBTW!mOD`=n{ny`zSW^Z~9pn?9^fU0b}^A8R|yhfLA^uuZT3
ziCe>-yn@HbFLejL4E2HvR8&*zi`JWrGG=nIcN$y%Wq53CmL4=k?f;B6zfMS}*k+10
zOQs5ccw;i3J`t`Nc=O`w|JsIqcD;Gf?+MUP#(FG{tdp7oWzm^wkRIcPglzv}b?9sG
zoEol=*23czfqh}rmciL?OuFpo#;T_OC|M0}qJe^N*B<y;?#?SwgLO&{SEOybOH!*%
z7ZwTmcJVLZ5zXD2O_L$>sn}@gpEs(uWwN>rem3bA?_e5lkNeSBSR=dSbjTE1I7+RZ
z)!^nK(KbWuAH-J=)zW|CPIBy{oc6WcIg;gcD(cknxW-}2iKSORdJ1}Fm|4q4cqrYs
zie{*=?L-KK^=r=PvDco{Nz)JO;e?hOoDajI=J%7j1@*M(SrIILVNnLFX(|_Y_A}hk
z99*iqo;Az_QSwV8THaxpKXToZQ!5VMC^G&Rv!-V<Ij<S#|BJ1ma|UD_tl;%Nuk5WX
zE0o*%Ww;i5*ed+GP;;+s3C$zO`Xk(scQ8yaD*Ty6ykwz}=KW36Y5PseTSH|rcT6r5
zrkfn^PN^FHt3|@9AIDz6s*f+efPfw`hRnGcKamV~tH<9s-!wW1CFa+=^Wh$chRS~d
zs}qK;9v!JQq{j-e+W#+LZNKt>ZA1B=fb{{cv7wddvZXSrY{L=}15?Y*7AEW?Nl$8v
zQZgIaFB>(!vGj4~jDvL%PwE7X0XI3(4FBWSRG%=4Tto8oT`ZdLU)v^~?2qs`tZzMi
zV)E=twq~j4WF)PB7d34XHuMvEuGe0p%NHdhFNId)M_n;i9N5N(bF74*{OQiCv!=kx
zwqnncQnW(%)!hy!S}(N+XHXe(ilCJvoK*?4&nprCsvygHvtD53YK<PL|8LDp-M)T!
z069cfk8x(l#Q7mE<qp@|@E9k%HRpYFy;)&hDynT&=j5t<rP=nSw2?>9e~GJ9_K+DL
z&wq)lGX5qzEI6HomL1iCv~JY@=<00_;T%xmy#RZM@H4kTt-FN(F%~4u{$nhV<~)fk
zr4=W1?hk>1T4(8D8}zH<Ny7(=aDlD%KaY7y9V_Ny!pPa~=`;S9xQfbV<Z>J<mkUCO
z4^&XEi@<}A_O+Z@8yY7~Tk;r=&<7jUtK9a`kkcktzTHI_^oc=lGG+gCob5+bR*h2T
zKjGGI_lQo$j*RQcNvu?g2Mm58l-(a|wpa;Qi;d>N3bf4sRSe^eqOO=X1PqiX_CY>2
z^vOk71oqFs6v1G6RWYVv_SjIWL)&pNlYr5yBPVm9Ge8QWBXIE@iMvG9RN)E-@T}pX
zTSF(xlzrZX#?>%IihQT7=TJ%Z26@+udDg`~O%_w~v26W$6kANa1DXECnMuy85}|Ap
z9Zo;vrv4{wRr*d_QDbpX)zh};zE$-e|EcP2`-IUN2aebNQ`OrZkPnN#x@g!%*<?{4
zo@occ!fhw9snP9e44#p<&eMk0IAV=R3)LdALLz4|1y({x#NYCH6hchd8wb&uU3iS^
z#rXVb%b4PnI}U1ZZ^u^D0d1Rf!zm;>PS-O+HrP)XPBRv>li6utin8@Vt_#=#IN;am
zx=Cd&ALI-(3zq0qT>cX)DFw(07j_W^;&>#nzEPVp2iM-U&#=&FGQ<S$gr*{A0a<>=
z4d|z#T6d;*Jj4P{c_jADKvN?bVBeL7BtzseO>Vb;=j#3Vi-_>-LbiyZ*s&9ULzRn|
zSpc+2V(b+h4qJ96D64&Dorcy(jW_#4hy4&$hKC|ITy&qWc(iBl*7H?{CVUG_wMTMx
z-$HELH(?@C_WpzjMbdHRO^y|}B~?{dGuhUQn*Z{X&;6gIHF}T~)9HVb)?pU$+5eK(
z0DXb_ag~7NcIh4!>q~lv)B!cYpX5p4oD5ZGAx;G7B#plQR3AT?)k!mrJ<KSB=Rk_6
zyR-g_T2*MuSf4;6{hN|oj`DYt(1dsp1(iZj1M-7TFU{MapCv7n{bFLNGa+=Y-S~w5
zxtrqo^^$$l9l8wu?Ko;Mb*h~IJ3r7MjI@ZA%e1g&8)NRA!{$c|NO03@_wo-P-5pgL
zn!VudR4yKmo+}ai!i0L97%|dk{Q5e)JLoT?7En8}o*am--NoLKlgqw`OD|Z&O5kt9
z1&BGES=6hE?xS4U=QMOZ4ZlIq2D!7HO{1az$T+niE@-i;5p}vkQN$JJ8z%sB2LJ68
zE)ha27k5M@i2N0Il1iEsl8KE3c+AMrNazr1jAfG73^sbsfFx$2AmF7Gh-YZ_o3mS-
z2@~1Cuq7eh7ksAB3dAXGujx^$Le){crp_d%lM0^=y=)nb_?;@>88<JvL9si1F#ZF@
z`G^%m$!cyy3&RNq21Vjff{NJw4snk!#zgXYHod4bWnX5#TH2Z73_r7|77q1TbBNH=
z&_-#u(K&%*(jBp$^gC_+M&oAEFX@kD8;ndd{Dz*Ti};b7c0q{?LrWOkAQYxARjF8+
zFw5qDYXSh#jpuCJCUm1WsqBAB?3b8gT|uFoXN2ErzQ_#Se)8Ffl~p+7>USx=k0Xl=
z$;B~lS}qKM2JPdrRJg7D!w>OK?Zfj0J9idtldMk`qa4W_X=A^BkhvD6$%rccd?3~<
zu6-Yh<awdGKuCy!aoVr4ET~RdIYBli)~<AdOA42*CznA5$0UOE(7k62(>V&qR6mSP
zHh|`6hy@&?r@~kC5gsAgmvl8id520rPpoz2AdYQ2h>Q$oFGF)NuWyI3EkoUa>m5=b
zcEyU_@_Wqa)f*~15-lKmZmT!ZZPT*=@A8%3fSc@N(Kg2JTQcIerka>sG?}&(to=Il
zog-Dai1qL)=U2~TZr}LwzJ9(C&j-$lW7K#hfuG#^?n@Yun#;c)Aii<|e-Xm?fl_+f
ze++ya$}=9kMtpe;0_jaB1bFUh!GU6W)Yj}cC3{w6t-9tDN5ttoZsE`0kb{`x1UvT7
zUup)2^K)-BaP=E~xc&E`oa-nL%v_4Y{$iB;TLX%6O2Dhn8JZARq0H3i#qI4hTUyfB
ze2e#3fk$7TgY}iI@mBLF?#yznDYt9J!B>o_U;o8PE4c^EO(!!sd%$bp?Wf_V?_KW4
z%uB9!<M+|?<U_s}_;rRT;Pvo2_LW%r@h#*2*f4Pfe~u;3d6@z`#o~<`_R;S3Ev^p0
zh!^b9b;yWj%%TVPAJfUxr^E+G=!7BZ8x1}8;Z=LZ7Ul^~o4_&Ts~b`v&U{yDmb<Xc
z3VZoy{&nU58Z!poW$J|lh%2&ge*$#KD{}-Sy-Y2jnl+l-_3o;$!PDQ8!tB0=*Ig8O
z`5K7bjes{m&!_%WK!A7>04uU@wG9xBOXe?k+07lF#PITmO_^fYF|#`lNCE(4;s514
zV3V03v6_i9gfjMhqr7ST{;7hRzzPC$d`m!+fy8u|HrbiCuGzaw)w$q>5*VF-HPkD+
zAet8-VD*e+_Jp!vz$<Y|0TW`gG$uLjE1zPOgk>vIrETK|EJiC!m~*yP_F3`oHEqi*
zhhw2cqc;A+<9g=r{4fGm5Q!69Q`>KAvRPW_DOI0*H*{&<g26n(rEy!Qy9wmj`c>!N
z)Rzp_>lzo&8ZB+WA|6Bi+;bLZJnkoKx7g!;x(6uM%~_*%v{hfC)->Q4ZWtqs>)S6i
zoF9mh8E<zigoYWN8(>{$t#eABYFh{jRC!{thtQj6r{o4zH}|~`=rIM@>x@J}di4Tl
z@}W6S(Y-xr3VX3~7f_fW(@@U8)(JsFerA$kp1BT*vc4`vo>N$GC;)6u;X}31u<!YW
z2PQx+3EA~a?~<e!l8BVDrRKH>pD;I`RW_PV!ROf|?rtarWD#&UYm^<_<OU(6qbCDq
z<$ZWf_0L;<|8y)^>n_Oc$`3i0P31Mz9er8#yhEws(B-*_{`zYGnwaun&GVRHOi(*N
z5z|bcA9;rDtaZ=ZzAqFOkDN^XfB=GWn!oe394l)gzFSbcph;-AT@|B0>q7qv5p&UV
zG#$m8Z)*@cKqRk1!z^q^%C79Qz`i9&6tm~0mualzrMJc&>1HTa2a=v+)A~--*uIVg
z55=c%Xz9tqqjjj3vu!?EV1E?QHBa1u`uX}hF!NO(EunQGEXq@q9tKcsM2CCa^^X~#
zK@^;QFqbxfe;n-UqA>kAfQ`Z|gNyrH{E?-D0pUh`<?{|NnL9b8X0=w#er05F=x;_{
z>>aSTo736`cML=1qtOSFfsgYt14(ksGTOxAy38n9T3ZJ#!KxP*{mClMPohc44-<sE
z(&i=d4fo;YIJL`B&IBx+4;6xXJsW#Y8zcV1;dw}xev?ze3xmRr)SKGCnmKSir^!T>
zy*4qafsUgVPpg6<zWr%a++2Y&EPa=`GX86^;k~LHCs^ATZeC;U`s8)-T{f0oY<jDk
z$Z1m=`IEVt0@#7UsE9Mu)AI}_vz%Tp14#85k^H?A9l_i3Xt+~IFD#I?rOhz+ihd0i
zG2FcwSW(^ZEK`)(6x9{?O7?Hvy`=Jy8d?t*rzPg66}8=csT=k~GRzA5-+D4JYB=Ya
zfk&t}M!LbfeKS$1{;~1&c6`YGsr#M4!I97znEM^dQ2AV}w;K+rx0qg;8GxzFae{>m
z2GpOf_f8o+FCCkX94)stCkoFOB3z7pp5SVAw|;wzd+CFT-b2t>r3XAXrF6f~CvQE>
zlDLm*ZxnRx!;*UQF$a!SZ-Efsfq4*MVK|@mpNA2t$gi8V#P8B2K)~y6e~lF!*s2J_
z6f&KqIR*y{lG~FH35TTM%i<fyC@}oZyy41g{1HctC<Vgk_<U)~a68_^lGa3^F=oV%
z9d$+0K}S@QvCMs$6j;fZS7CO<I&5y%FWDV2u$17+Rh4iPN@t+#ze4~c@Eb+_zKidc
zG?h@*2i5x_c8J3{SMf6S<7zmXVvP+1zgR^PEaA&OQo^+Ei|684<<)!gGQ>gvoY3@R
zJGYKAa2P+ym+m?JLv>Dn;rg!^t&6Tou@74JK^3;NeyY?-F0gvF9#Foj`E^{Cf|WpO
zx$2~=lqf=BqteCm%+^p!wMFs3e`eEn!y-fH)zi`|0nJ%?CIZ1X;X_<0c!Ho8#d-BP
zv=|6FzjV(Fzh=Zjcs@1b|8_=yd8E4BIXv93hEgE|q|*|H{sFb5S?)$L8P{wvyr%5b
zL3y(~j!#8bZGV3eusa-Y$>Gd}=aYK)b3MlAA?Rne_m%%@BX$N4<u%h!^KS8Fkfjaq
z?C-5`i{ks074+(LlRh70v2*=JtqZ*KY}A2fcrkAj4Oj`@;(Lu^-aWrp?JSsXzW{0z
zQ?1T$3^|SPyM6>6Lps7(Hzt92h-R-ZQ+<5&28Y%g_E&HWcl0j#-?1>6dlJ-D!fR0m
z2Cu>L>Q=3v_-I$E<5c-|i_HksI`OdR(DpFe>>3~E?}+uy=n2l2d}!te%bjhLVM?nC
zDYm=E&63e1JSr4wi+SeD4%+kZW`^d@hvZvaPbMx-I3cH}RJop8OiqH;ydJDGqbn<S
z2rzc<Q@Wzsv#Ei)mbF}nNi_aJejFPCsw(S<+iyYm9d_XZ>-aUXaJws={K4kvHX>iN
za>Rj<+zxL!=<qP}xg28~*Q?WBh{Zy{iJQfDnq7{M+(F7%*k=Lg8HA|M8C5AzFqjWR
z`)BqR0cx*<TTj{5lyusg08%r1#LKTOA@wZq7`*A(5X}Zu!g<1ElRX0|_s&}yPrJ57
z5Q%he_idamGvXZ1n=_k<heg3d+q$Mf-x_xfaQLP^U?8S^<Sp>7|KSAc%eD}W59(pN
zgFQu1^p<hdRhDj6aCirtpv-A$>I$lz_|Ur{gV;Bi&-4$Fj|9h<YxC<1Q-4<<P$Jt6
z92^{(iMSIWAmrz``@X-DogI@}IvFrtg`aq0?b$nd`A`^OMf(gX69OoR0=eNyIYnCg
zhp>cOJ{7v=ZC{I#9}RIK-dui;Ud21%l5a+QJFy3+3GoC@H{YJ>DwoV8H)%HPc~e}8
z0*8%l+grqZTP>(obZqsWjKI$LBS74yQdKq^r$*c*Ph8XqXudgQZh9o~kg53e(txl~
zNpKshUh_r~{5#%#b0fwrTHC#l%A#`pngTOEMDTh*NsCf5$Gae#{zU+OzbaJ`D!epd
zg%^G$?+^@wxixCoxUje-e1t;&Et<O<w<KMMP}?;02Co-m%%VUS=0}T48)Hgy;jKXS
z_DdkNhV7-z9(b{*?QK9mtSY{zx<3h%^QdHn&pJX$AM=p}W9A4JJLz*QH_XNw7D<sU
zKvC_mW<P$Pt(VZNz^m33uJ*JGAy602r+kP}tgvZro(R~jA6~Qf12TPE5n{6d=>GgV
zlvn_GSz|2(u1U@9U(bc{5BrK;PZs9As&L2?&U+3P9_5afztEiWj-mLBGG=QE0?{eN
z4D(1+^!?Tn=(&%*f2!$+6f;o;DDyST_JeS3QS>?3UiRg*r<Zk>Bh12>_V4^?Z-!2%
zK<n70*Y76yZn<9(o2---ngH)&?OUxt=QG}7nGp4Pd67<75)dk<sq^O5;4mINi;GtY
zn^rF~gqC)oIYUv~C_({-Z8C-G`izvAr6Ye!1HCP8zX0UGm5GIw(%V`Au6tw`Q#Om~
zg?+@BabdCnb?l<flikOOc5E1T?8gUcrxem34LL^!NTCXFXV{3{cB8FURMi-^$!-n7
zMQBYUZT8<zM25MA3rm*yrtN`^-!{RD%&AyK3;wyeS1MW&4bl^>4xANP_7ychOjmjW
zKNNNDOll<KQ8$t9M>Ugh0QDEIq`o>kFlkil^u8}@WWBpnf<GoYTKIg?+tHc#hOTCo
zm@f5hiv5A86`<6pk7D}*{55qz_d7uF9<W6*BM$WdbY)2W^#+PEgXFtAW!hl55{uy;
z*x{$jSAqerR3K>4>I`0T7Pao)IZW|ONDFPn<+ob4M$CCx2D}q@gl)+zecn(qZgF}!
zEg0BJj_$g0KYe}+YAEVRRrYJ-)-9B-#S<tAr=6{@OYK4v<~(BcU|si>PcGcRj+tT~
z(DDS-svgMacGngJ%*FixUZL^5-H6=-ub_NtAVW81V5!8e;|Q57JJNamrJ#(r?ja*`
zTxo3e4yMef38|`0aor(?>@>$I)lz@S%Lu>cw9HKjQE9jMI3TOOlqMxA@JvluA5vIJ
zajH$<YW>=J{gCBI>%4uJgm#>=Ohm+Zc!j6sAVd|(_aBo-?@mSK(zo7?qk7tw$K4e>
zv=3`_=_<1@dA%yeOs0f3ntq&6SnXM4=j+!ng#=HpN?Z?87iB$N7x}w7vDy4-^hJ45
zj54u?&=t?cA3G2pIe#}=OlG4(ib0bqUPT=2^(ugCvcFi%Q9a*gO^>hALk6hlUdlNA
z#FcF?Nhg$jdso=Ozb`6>-*N6@xgFgZ2Z&838oiCv_Ze4iH|ITt{IM*7=<9IxJ?_zW
zpqY8r?db7Nl{zCNJUpk{8YP8G8@m-P9};?rH)q&Lur|)BoFGokw}!~H-(w5A<SHdq
z44$+4YI$I|1uaxD3a<9kr+>S_5mB`~>ZCPtsoa4Hxxe3Nso9lq7B1>m*a)4bJ{8g3
zkQ1dG-cps~VcvH6vtV3!Ef&#%_SZ>PrF6Fc-K7EMzPI_IuX)JV<Gsxc`1bhL?;j7e
zE<C*ey3mMfd5CkS)71QZ(vfv(FWFieWhq^eO-@fxlJ`(Qaq6Twjcp;VorLPXp=@6&
z00FiaFGC#&;PW%~0S7S|WdOa^NiMHIsvoH6q;Z51v%2@UWVj7Cf|84&$k3Lng$(BO
z@a^*-x~vFhxSubV?qk4{+wywgy40HgDZ$QSV$Eu0NLo3(o?f7$n6q#U3~;qnK6h5o
z;c^yZ&s6<T9nHyQttn>j&v;^aWPnD}7l%R?-_YMR6;=x8*B!p^hXMrLG{%8nm$QAq
zYBcXJ-%R4)Ds&*%=&o!E?wRoT8m8lQq(;TmI}+6WKxD!8U{2V9GETLXVW5D3o8l<&
z3lJU-?8v_F<7q|h0%I10jLhzI{^bg8*>LYALty}l^a&Q_!@KUOr#;oZ8u3@U0KXc`
z<zK6b50`!bcUiZ5ya3A0Fu82w<F7odQ=+~oFSF?fGwk-2?Y~5CKWaWF5J_R#GcXjk
zR#8fW)=ef}z+9U+J>1{U61-Fh)hG}1^}M;-oA4MTUc^`#u@``iXE)IlzG8;&zITIO
z9K%3V-(k*vt_w4;3r+fJ%Nf^$ZXi#DZR#x$^#c~*+tBA5Iy<xN`w7e&g8p?spkkHX
z%^Pg*zbz6w-W`9^_MD~?n)@uqdB^6oc}Eaqe>dO3#pm;O?9^oU%(8ER!+po~VP|`y
z>j6B=ddDq%`xM~grF-}7N1TcJGNnE8cOJI|!CV;f^aL83ukm*!=R);(X2X4*0B<o^
zX=6$R;Act5`Eg=NKQMMSyx7%2K?9yyPVxQxyQN;r9|s4X1M2Zd9+?qBeYgUF!eZ7<
za3<g&&~hw5b2~S?TW7s!;0X|m5qPq_eRFU}D83ASq3FR!pOb|GGI}_j5q$d$h=01z
zetO<Yc7DIVw0Ioc-tGnXh+5TllSx}Z@cQziMEa>j@3)`4Bh&*>H`3b;s|1oN5W9DI
zqA)ljZ=Y=K9Zot0v<GnshJp1Bq%Y7Hx<2yZ+ktbwxcK}w*#0X74dd0HH&?~b|6FDb
zrX9@UY=r(?v@SvLcY-K`Y=Z>(eD3J#TzY>2+zmz^_(YD)j0iMZ4wA_5Q_`r?byX?e
zjQHF@yHG%$iV-woaZP_e@EB?n{gyng5k1cK{Hwpt{w1-X_X+}x!lIT(>v?KleK;uu
z(5&Q=3R?O>?G1Dw9SeC1?1a~uf3#x{a5W!*j>gt==#7`dpAI$8bD80-c^_NXADc$X
zT#GeH-hkJdWUBgiDIQJLv2X?t^cd08u6PGmf{BFT=^Zi*;BvP7V_I8k__jlMMIYFm
z&rL|jMqI%@_dApg--9+ZGk<^3+}teNUgO&lyw2|mFuE)A0RHku^C}@|`0jjsAi;io
z2QZtxr;Mlc%@%K+=t=?HuOlZwz=-K9qKhH=0HuZM$>r5fwItTN8ajMU-Tl#gw#N!V
z6<Qg&nw8O7${}@jwmTU<yf)PN9JWfd>XoHZPC0;G-xl{Pk^4~jDH}ViqMDa|<D)ZJ
zHAU_1MF58ubMjx4MmakY*r6+@4I1bY<kCKbp|n9`e_l=cVH8pJA-fo79|dNmpZ2~M
zZJx;4Un@8xT3hYwEbKV&(H_vWe6IY2Iro~iwWkdx?$}K%xrSm`h%4sdU0NsRO!=|Q
z4)o{d$J|xcZ1OQ5N}3aO<Kf6X*7CJjXaRyI_Ns)Ozr3kzBBi%N^$zgsADH`R5gU$D
zxe8$}m^E~Hp?NoPAipu*(R571h|p*I-O(73bgE8|8YJSKW?tiH8q2p!IlI8?MJke`
z73XY2OOqP4mBGm%Lm5=eTnKpByV0X1?zItK)!}1K!=9lVwkCE@<3j#TvlenhsyC|(
zlayhMg8i}qleJ^rN|Jg{C=mA2kmHJGo;Y6A9_ajix*N*D<jmCXmi2@mYpEJ97OAp1
zSg;XqFqm+s_m*YPD#B+OfgXNX@lPS?K^dIdU|PKZ_Lh*B&)mevdg#IK=$Exw{qRg-
zSAyXeWGu6FkVn4c(Pu47T59eRv3{r)`Ex~`Zx?)zX1Il8Os08gsIw_rJFwp2ugy6|
zg62x2=#}PVi{cf7GEcC{!mrU>q5-nZ_MzaF<*aqLKdT5D8{`46i~=Q;uS3qM%cP$x
z3GtG*W=ikI06mx_LnbZy(8-Y7(26HCz>1h)OGxWUyz9Z+^(0?(Y0Hd}EV_bbac_AR
z{8;$F(G9fkA>zsF)5ZD%^)rRlGvff$8>F$UtKS0#daOiwqlz6~FFg3ARW`#mctc!m
zpAh{pJx6G7Jf)wwe?X(+K$*L_tzX4JoP1V~?P`ezWC%@3UuMR>^LFgGLivWNJ9z9+
zYg>gY)?*}YUk!3;QoF^zaR2#)#iB|z_a8(02v!B~EO?FY>rl@A-$-8_PuD;Tt-wnP
z?|n^`ZFRDIvE{YqU>DQ+i8iU8zkNyv6jy^G3Y5356i^yN0hSn6zt017xb@fggo4$o
zUFphf=tJSHiX_uRkY6^6@kgXZt9~6+{9&5;3o7V@E^70$`B2EUPD3Uxygdc?ha$@N
zdNJjIGe}f)4Fmvxga77+i{NL_T3q<>Nfc4AAGCL9a85+o9FaZ?p(h%U#JmDymtH7Z
z@X3WrxhmbaCYXSRb%tB=VT2l<)ds0y^pqEiOW{(PclaQfSg~Mz(83bTN81_**(g26
zNG;_Y_Ino}jl8Nb!+-VfdIUq^sHQs3z8Ct;6Q*A^OyV%i4OI%s91tdtmP!YbAd=Y%
zE$Wfxr+q*gq(RjwQRba#*>lX?Wo|tx<<8F<5<krG)v8DBR4Uk>Om;+&x4}`-Rl#g^
z?BpavN$Ua)$imTA0R&1h1CFVAyb8O7{1PdwCAtGewDTrud*vaH3Wp3AY}rf&sJXb;
zh_ulh<QE^yQmP-7eZo!gn2$BJ+5x$X)n-3R$yUd`)t)e`unzvkod^~+XSk7GWR2Cu
zv-lj5_tsFPtNr@-XT){5BUrLdKwp%ZkUZdE+Gw^()f{OVA&zJ=wKtO?p?F(VQnrC~
z^UbN7x?@Clh@@K$gSr%ysOahYmnD1iVDAElYtEIrJ*!G-9ChKkls;DczM7GfO+tk_
zI)V_tUN$dv13nw1{BrmO`IMh-b?8tE;%-5&tECUgWGDq)5L|}f_f>*igThHAoPsLs
z6@S`Vn`1$#O-N{JPcC<AUFATUcS}wy_oYTyS;^|Ja?*TSpu3h&wANANSq)byTkqft
zOZ*GUziaG6hIHy_(Sy5X?OIYxmU@J+>uWDULjs4ZqKp(bVN^mOy+D(nzYp4v$37Dj
zh^$CoM2^Ej)k6lLhgy@-qeE$v#Fw|tUr7*}qanb$6{`I~9_2^~30?Um>{#|Ylq^@I
z1@k4(hJ@bXJB8lmWV|c<aS>xRQ8{iyvWHP1q)wKm1r5nTmJ>dJix_T8{Y!&qd1z*Y
zQf2iFK8uO~DM2Gjk$%!zdB0E%GSY)AVoC!t>`n5zzsH!hPxGAKuCyD%1fD3VPXAhx
zrJ(^zhAF7EMaD^%_|!w`8%QCi-ELwVFexj=(8^G;8DQm5I54`E%HL8NZH0-f`nVvd
zkU9giJhEbdiDFyQ78KS;J#a#8q8~qIm0o8vs-ec5xKbCNzzdF;c=%hwtaF+&at&<Z
zabOomj|g77*Q{1a<@wO>F0Y(~o^%hlL}xlj&4?P?lSm0?9<3X@GkJo%&jN2aq%b5p
zr;ciEHX8Sj5AKEQHV-aQBjRKWnP}RYydevk-0&Z6P`SNYXsi3&*G2xj@=t~4={(SI
zlN}q$bK;5L5UE+cjLDkV>{k1tty>$DEl1yk<Ia0-UPsO6SL{yHeNv?MeIMDYUE=tk
z$X~nLOa<U)y?(Fuw4LotMwL*%{~Rg6JSq!gEJHg~De*Znu^ge1(1YvJaFBuJX37!s
z7HzT=Gc$##*PPflsKrqKSj}@#qJN9Ah$HfXyoahmBZlR#e20@rsQR6U5#JV;#~%?O
zwrp?pMl7=tbEYzRh1<H=>g-?@?yiAH<Or*<Z+N+R2~t^=vZ_ut?1^QF=!HOaL`>r7
zkg5yP)fctQz(6l=JqW|coZHb&Paan$BAAul@^A>7ULrLd1Lhu;AzoQbBL|_Bq3R^H
z$Ps^SrZ`b#U#(dmu{Tq{xYg!vVU7~K$@h6T^bpAH31KrJs{u5G+=Yyxw7wg~?H};I
zSsyCB3(TW0`czC~Boahpmfx!HehhhB2z0PWieIGWm%hN)O8K=CbK79|W<G&EN=<3h
zJ_qM$1s?+yECl@l{&*0CXu62>MS=KL*uQTx`i?WJ{TBSQ#&IPe(U+_J^7i=+yl=cJ
z@T(<sD&D2U9`!H^!`SN8(rsd!cSQVgGaU*&hjD5x-u4{$xdVhoFOy~*?^P4}v0z3$
zyZV~#7CBurwkdbWi;tqnU-&0H4Xv4&haRcv&tIrWxHRTA`4e||Ohj(jlVKB;tD?3^
zH0nj&366NC99bXDbRc$Sj9!wxmXo@)otV~Km;x`<DRVaKc+cVjsoZAYX?<r?e8S6(
z579aqbi>(XIuSLWbUk%DYqwNw`%#b|Q+y;6gtCoMQ3ELCW$R7=py%w?*dPSnV)>X1
z8h@$!DDEG<lSCs<12tN?##2g0JD#Jv+bygYj`EFd3c)W@T&XO^L^SmIP5n}gEFd<j
z?Quy#8FlrK#+^w}uxyGN@SnqLB8p=quAqql4^z6)1j^+{*N<pPZ!LT@G!OW;BKqo?
zsrh$ODf#y929O<Hn?YReKhYMV$y)?*B(*uqP})lpW9sNBCR3b(qlryAPT>~ZdT|gn
zL_^gQsYU;$t|Fz(y+b)g906#qHj2v(Cq;P@ibi8|@qdK%#dJ#G){6&aW?h(Qs~F-;
zdC{KNrd-0jtG>wIo&8GRFvaJ%7#UaG)kFYfuB0wOV=D(E{7%livEs{C(iYF?DDJR%
zbdqWAraH~Q+2A<MI$w8Q=A#Y*s%t{4a1IYUD^A6icq~a$2U%+9a;mV7BAl01ki2lt
zmurBXf5bTJOSLbK_+r<m;qXPxWdJ|!8VvxYnDV*luZ$a1SVvdANGBftiod@>Mo?Em
zLQrVeu^AzAQ8>wNRu%W&;;C;lK$(8Z89i|<fGOO=zyPZ1;;s*sQt^0979Cbd*%Hbo
z<RAMzbHD-N<IJT@zO|!YQq@tL0fl<s_Lo6B8^RyV)#Cd2XOf<LJ;tfdVwAUHZ}ApX
zsFHKOIQbRw#^4jw4%@s}d1WaOr}O9!f<OmeUQbnAATrD#P(GJmzzgANH`Y}C%Yg5~
zlSJhx7Z3P1TVQ{d_@((W=ZTco`c42b;w=|Jm)F;1U%<AwPPrS4a61QI-R&Og{fjj@
z;`N3Z;9F~WItVnCClKJc^~Ehd1_*dZfO}%k3?43&HZul(z4i8;9|Kwyl&1-uM{`-&
z|4~-`4(k6w+Z;O=0Q~>hddJ|*+Ne!Cwt2_4&5mu`wylnBCmq|iZFFqgb~>3n?@UeA
zSKs{DyK4X5x~_E`Yn{1#G$Y@BpP##H#z8;KqD?0Y#7Sd+O7W348V7(EjyABD@Z>H<
zM0ny^mo^DN<=wxb-4iy08)ANzgeIsPg9d1rPb%smlj~%~RYm<2;6~F*2U|z&<#4bW
zqo~X|+j$!Nz(-p1sinCTC!PdC)z{$dPj|^>9s2iQN>mdL@Q0nr*(w3V>e;fwdfN()
za!M_*Hg2ANJ_9Xchj0A@PX%`guIXP&YBmGv37b5*_o1=XSr+vRmesycLVAR<)eeOf
zcB-T8R$DcCcIn4-3q6)^QG$igc)ENnlj!HiQg1^nWV%eH?Re8Lz4bee`D_;^=%Is_
zhj5-#o%y$6uV-ro4fHF1@Q&KQt^63@hIXE|{yw}>eS1wj)z3bO%X%wfCF9`3&&}_b
zlCZK?RI$6;@@IT!sPfRN81rTq+aS8DxK38lE{4`=C&xU%xHdLjyQb+(aH#1hd5von
z)J%k=IlG}tbA70*-KSC<apfKFsWJiox>=Sx7GDN<w|z98ccwevp&5XJGThmG7hi0+
zr=5me0*UzP=xxl$@HWUAvE`ssqeVkZBvmzzayE>?6{_g7ca~`}YZ<Bhi#2!se0M#Q
zZvH0<oq9Wwm?5f+-c%w0=c=$>+qERJB%|5T*>xAJBFpSaccaL)lnlbzYtLNctXS~f
zne?Tib^1*qkBA8S_|0Mf4EL`$#_067iqs0nDt7nx*22pU`mgVQ^EZQr7z~f4%(8_d
zrQ0~b>mD*MQUTb+H3}{ALu^4iA7Vo<D#@q4V-cN-epRgVzZr7ydAU4vroKNu`&Peg
zi>u_nJ<$M|-;v__ekP~#C6E~zDRm8j?lLxx02QUMVwYwO<}YJTXHcQ$<g7$*0qM5q
z+cOCPY>2A2>XKc}l(T6l4G92y6k2vn9Q$+x4=C7UJ>liv00EYltS@36DlA7<m=!KL
zx?pxBZJXAZiZqQ`h&01$g~@3~^#h26_)98*MTATnGAYn7B&D%NeV7mXeEweQPmd)J
z`~pHGK+7ab&e)(-|8MMP>;B5ht+AHzSuOF#Y_6M|mvi5l{X^1V#E=p?LwdCj&%_g<
zggM+I1P<-<`d;r&GP{k1DN{C3LZQI}*jC)+pZ8WyxS2B(v3+318wiUiK~o@7y3~}F
z!&lY2V64<&`ptL2yj~Mg#lLHx`#axPbKk_;OSyj7d4o$^yJ7r)W5|zZ8#ph?Tot&O
zo%Q4SxUQL<?jEyIO#8SyxtjhRZKhgI0t_w&X6#XIyd8Y}p7+L0hsANp+2W^l;Y?xy
zA%G;DF|@(clKlJ6_+nSmw1)JLh<o9kR=X3R!w@`kY~TKTi%pAFD1$qetr*ys_eR%g
z6dnwHonS-y%5r9C2Q@{T`^Yc8s-i6iVGTs6JjEhOjMPtNBLL_+?J>{(@S0hjYFPSN
z_D3Tc#S9EH`f1|e9S9^YnusHY$L|u7B0~d>HZqJADEIVR@X2TGrSE}}@aRMNMwlYK
z_I6FvKOD4_i>@BY9W&EiB7`_iTDpc!B;=*{<TP;dY;K!4D+Ht4HWuOw?P-1C4ycrg
z5OmaeVT@Xwh)OqoTG&l4qnbqVOLv6GdHK$<bf3R1KpP%V*!wX{)6_Ldak-VRW0SWY
zj+2J)!ln!T2>^|tBm{=DcDuB~E@~u$x&vBjU70^U-WZB@xAB!c{6r$McZ_KW?aHcZ
zJg|Ak15ff}pRE-mp|cpX4EXzkmbrE*8pJ#Ccp@2%RE(Dei-NQ;>%_fgWv8OA^C(S8
zp&T@-HS5FV@j+yTxfQ*YTN<=C#;N(i<4GQjUz7vCbM<<XKp*%A;${2N`)3O5Z^OSi
zTm!!H-Qb!;7+fG$QX{-j#<w?1Vn$XWoK)`_1VCL<ElERbsv=?*5In)CdbHiyP%XMp
zeOj5ks@C-);Zg5Sbhv<QNlST8_~)Fn^H%iVjOrWedUMPn?NUTpyD~A$RIEFBG%gvg
z@s4rIY85q}nC#=}c+9-z$CBv(>N3h6EHk$bHO)cp^9+TuMwc_Ydw$jO;WKo<VAlSz
zUa3A>5+CYW{unc7Oh$&C5>BcHT?VIczXG8FFO5y9Fw|4iV$kjgRviek0X@s-_-#Rz
zJILEL4S6t9gKQ*6<qY(TuKu{?tP&q6RYo9^#j3UzA^DKFy@It0*0&=SC>$(tT3RUu
z!l-7-C3m519?BbcParpRNcmLGoS?q0Y|orw$qLgA#XQqa#IRSPi3d?s<33+qb}%LC
z{uc)LEl<N3Y5GM&xXre(cF%6~lxfbaV8_%RO&e&d8{U|{H(UMrWR*_T{?f?6JgR9%
zayU5hymi-fi%-Fuwe7#B19b3I75po1L_ErQRRrEVM6YA>nK`D>SpZ<ECGWWB-Xr%+
z(HG+`dEO(G5vG{WaBp$m@Oi-@166~dK=UX8Ml*P9IBwKU-LqE1Wrr4H75-^r%N`n|
zsK9^|Sp+DSu>;ki0w^Ef=$wYog-d*L4j@hCf<@nu#o{=j)({!3GM9<LuguGv4kv08
z$+QJp>J@(@Ft7fERA<qvMjHUJYxs~FTL8$<ugk4N!Z3&Qs0knIt)>l=1Zj2YZit5S
zLBz(GJ=o*|R7b(8qTHo>(gzVqhcQxr($z?#->B)g84y#-C&YB`Em$1FS4!!rH|x?S
zBGM@dQAD^b*m9}s;y0JwoNBttpkjGnsxR+C#U<#5kDH`#F^E;-=Y*M{N?0`OymM;O
zB`3{8x38i4xL(B=;d>u>P);sdG~oMl9)p&gOgOxor;nLO+aJ@3RCJzG3Tg!{;bPm^
z$rvj5{(dEcvIphb=ZL+IHFMa<OdAEf-Y<=}KP8B7HO%045jP73o(H}}?v1*1E(Eot
zNvGZ_hRd4%6ZO7BanE;k!$Xd+FcVK;Zr|i#pH{4fsKl<a(xfsi^FtHPyfBMz*|rI#
z8m!UK-H%1rvY6J5QoV9YV+dZ4CN6|tPZtVu9uRVHM?+9iTun?mK7}r?vr+AHN@)Na
z?ZQbYXcqaMyjbl^2Nbo(4&T~de+1|nn`|AiW&Z0HGR;0^hHp-e28UVn-Vp{wgCE&M
z?{+6v`JiGRfPNw{(({DX@im2ZvG2+9YIx`cF|RhgA)wU`kl2_nLM{5$O5$zUXRFGz
zyX>zGY6ss|ZCL<k$5uh3p1sar3sSnyB}w1GvHSTr4X~Zh;Rp9;hF7Haak7!Mpe3j9
z?>;#zCe?<w8;Y0b6oW94;zr6Te`qs+Gu`{<H4J{bSXz2BJs(SjWtK;AOVuPAK!cuV
zU1z{BGiIoU^X~HUjd05MAO3CIsk~y?RF_0z?UdF8EOSJ|(LAe7`z}HySi5K;U&h>E
ze3((2jM!jmK_^Ya_Nbu+zt6=?P9bg5r<PtLQDlZhQ;ddg<M^RQNl%b81`hxuP#`<v
zsDwgSQIsW#+$&i)1owCQC+X=(Z6NEtKOs@<^bGg8FEi^rDqvRMJ<Fkp2A^Ca<s29@
z(~{I3;K7z%2piId|50X(!-!bU@$8h>0K%a`h4NQePMlIru5|8(y@Cb`Z3#^{MZ7qC
zZIPUVc5S*vHO*E9=bU;P#s7FHM+JK)Dv`t4^y!H<*7FZ4zYbS7HZF}uo7%MA>NzuA
z1l<~}0yRG;vkLC2Uu|f+A{vLC^HZ>?YxJ+dH}W&ThOO?lHs0-EJMzb@a{r)F#bOFo
z)j4uOM_iZ+|LxmDiPrK2MxG6Fb(BGzP~`=tmL*(abpkC;;TW}cR7IQ77xns<Chg8b
zpA;Yw7^7;>Q=a;|XsHl>T10&q#H9d;RJ+Leoz2e1w25oz6j%|Eea?$13z-;$aj4X2
zgYxFu>hU{ZT1SqluU*{Ubckgv4ReF+09RXITij(=7V9bH-yO2B0#7+2{}OnDDp%}o
z)v27@@<vdqq>lPwm_uwbt0^jJTQ!^O#0Fh{rlnfiv2_jb>zzlK=kY<B+f$kuyVNpc
zgO`ci<8UQ{LbM3PfO8dhcpTUY_=-9&tN7jDDTziUnf>by`RCjd4i*B~6W)JLPkP4#
z5)x?R&_jc;lvpl7>9oU$098(mGe}S9uKR`qmFkBkK`>Mt#0q^gO5k)D3~NNkozlo+
z$l5`&iaj15_}vGGe0|Gd8Tc!*?#oRZtD{o`ja0+oX!WSlMQRNSb}Q~fef+&}BxZmU
z3yY$#!ze2nuKiP9mi{I+Y0mEL3CL<Oo{yxwH2PdKBlvWYB*LF5GU-wrv{wtZ%^2zo
zkRY0%J`jG9i8XP5<200l?A3}+0>vDd7ehB{z^>OrCm7#H0WSH(?N9?X4qwGmH`B)r
zda?fgPEI$P;h`#@4oCXX0yaK%C}Hh|`PcvL?Qd@^!?qMK<Jt!ejAe$#K<t4kO;{1{
zO(x(yM){=6k2>A-0mBIw|I{mStyCFEo~zD$(!i>ve1M+qc%$gA|K^B}N6eeY>r$~f
z9!O_DUCJwdO|{6YGkUwe-6A@)#&;{C*94f2G11=KZ;!RB5wqctXdo3Rd!Dipdroq^
zbT8?RQa7pPOKuUgC}h79Qaq~0_NMOw*Z|}q5}k&O4?8^BHfVOeAi!m0xqCd+Wd_jV
z$Sim8j$3$-ob+Gf=MKGGU9$Uk;#*dCy{J0lyinalHp1nI#h3ss2rH`TB>_6nW|*aq
zBL?KDvf$f2Zx@vUB-b(()j`brZ&VqKga&XPOg|tXExT}t6Ne_>9sWF6I(g*anjz}V
z<-E4TfTwW#QN;ALAW>-se<#9h0x~-Tl9-NMrOFR36Q$gC5$r4`&)C1Wh(qC@FDg%Q
zm-QU5%qjnvU8=<EFSJ^&;P&G3N3C1nD`!Hiw!mzZG@^xI4fpd_MczasrY+2coH$-D
z*R}fEQ7h=PfneAs!s_Bml#^j(CR~H+k6GYW8fApHfFxdA^)Mjgg`U*Yo0^`*`*C5N
zlC)W+%VDZ@x?p^rinJiavy-<s7#Tav2Mgc<XqEsJSD_NCP~mP7xYH#C3u#ACG=>-Y
zc}w5F7B43ywKBcX*uo6^P}Yyk3@>QW)E^Uxjo@<hLHhawLPs%V_t(CM)^u^>rZ*(r
zsTDFhwAQ+wFU|jo?-Wm3jxft;bK9neH-mMUg!4E=BfX{yT4-$<th_8MR-5VX@^#Si
zyK?-6HM{a7I4!){R~~S@%Pn}wi=mdA_5Yf^v9aYB53O{|ijCGeg}divLo6LtY*;|3
z68bY3>jE+Up+68aqk{zYZ|d|ZEWY$Y4`taoa+IC%<q>2^*1a#*Tu_8?D-x#{nsiay
z=^R{D#NweYHo7c}##62FX?0Ucb=8iCu?2a&C-J~zc4%Xwj*4sSzm+-z2(auwS5T0j
zA<;~DkYL-392s>XqetC|RnbFyFQ;zZi!H{$EA{nwRig#nNV1n<4V<T`DAshSh)%b!
zBoe#K;iFq7#Cz@^9oI*GB)C*aQgjWqQk?HYGkDs{KOUl1jsLLb%LqieYh4UQ#sSj>
zJo>h>q5-%Sj3^{t(_AlEIx0bq8`a3dwV0O4bq**3nJ+{V-?Gfs1irCh1%5hNb|T-u
zitiO8WE<ES@pq|iWa9$Qj)4}ZviY6!i$_Ls34y5{{`B<|V_xG7<a+GLE|CcYXx3Jf
z?^~&DmQv=IvWw_E=KL4su617sLlrk7414H(Z&B!X6~0Qc8-EXIe-#cfnWzXenIsbx
zIt|Awk`|q1MDHsR=;E-@TO3i%-U8%6&9S^3z;8L2ZNx}vna%G94{|oj&w}GSU=<#(
z5~%dmP&r^Wi?H+$pRZe+A~5ERPOuvwpWx>i+D*$Qd@!EX$0sJaZ7Q$9xtE%KTJsB9
z@a{HaHC5P;znnmP6%^Q?Ddy=~pn$|xkl!VPuL9sZES!d4|2*rmNV-@@=6|XD9B@x*
zG&>ki=B9aDK<gDoK-Iua5Pz`+v=>a2^RrE1A#JI1RyWc?*9x{YLn!PiunxT>5u;=B
zt(e$DM@H&e062r^Mz?CVYjilm)#niv;L6wM3PN7TY|?niK2z~`t3U&P+T0GswyJC3
ztW_1^tW7m4f4-Y}lzKhd%Tgp+FT^sNtrcm+F&!h{`GwgXdHF@tH82vg{S5Dl+{|iI
zF-<BK;0yGUEF;{Fv3QVtEhUo+^9F1GtzUjwd0IA5j8+i|%c1hP<?`c!IKd^@a&nO`
z0gS{2zF>4&IG%pi9i=L|7d`S<&NY}zdWVBL+hQ*?U2lEQVV^zGT@F6Zj9%Q_xFmFp
zehQj<f1lHwKO9_~XiM%KK!X)lUW-A14?>LV<$z)aNWod93TKo7LLO}X4lmV=w>KXC
z%!~U704pp7GP+l1f_fn=6O@sx)a+!;j>0*iTBlbKbKe{ud_>n%oIl<LNLY<->#Y2o
z{x*MvM_8+XAT}JmLY@`dm^g_fUPts0RMZPGN)^!z1FGf-v**oP)K?H?GPH3k_@w9p
z1^S(^q$3+x2GbL;pUtW{{BawLsk3ADYit(AD5EbeSq5foH+d>*Om&9-*pL<r?<jJ1
zZpcnn+VrxSucUTrkh_0mRQqCVrQ%@6Rk=%JgiM5aaf%VSm@f;RDXs^wKsZ3@ilY%q
z-sav}wLku%ih~zY0;(bY6vqCWav53X$$j6Q5sFC*A=)E7#b`O|K~?C$HVDQn@SAj7
zmfmBIoVZ7SFrW?jTAD+2oI%su@QKouDm>=kfo1apCpiE(+jNLs%to2bo}?uq3VEZ6
zb&m1ZeqSlgZ;zQwXM5~eYhsT@s8#xIP5%=?eb9@~M|ktYmzeK{fZyB??6>mt5MRx#
zYZ@Nt5rN7!3H>YEZ1n&yuL`h*3E=8ds;=WLjT^ZcJ*Ql=eW(UP%I;B((XZyxe>w6K
z2p+WX><0x4NE~VHqv1ytdg`R!hJR`mP+zJTh9_8cXs;+W+pel&=+n8!J1{V#O|uh5
zih`{9^K@PxA5?kO6UV6tDsW^9d9>04x0<invnH~mV)8yR6Tu2VkYP4C3Abvzcd}LR
z^HOgl?A`A{c2o}gNqf*mh+x!xUbySYd+>Y=6HyZ{`h?T~5&aJvsOOyN^R9c~^q41;
ziK)mk&<IqA^H_q0!0e=sQkgB_4wRC8T97o7TI&cZY;k`L@)V#2i{(o4S>%k)n~+CB
ze0AFp+W&ZNn|*a?K;i~5r5DBy$Se~ku}N4WC9#c}z*l7SjAK9gn!yw66o4P|LtQ4#
zJ0l+8KBY0!!O1Uy<!(CRk{542aL{#V7VFw>%|&i4&dGmSjXK}pM7#N`9|&g_HtsOW
z`s2|LAh_vNjHS8iH&eF|yD^KjGo-0$t!T9^wBvc)2~8t#Z<U67LE+xnobqvEXlh7L
zd<VKXphgZ9Z~1YFNW$aqayo$Pid<t43^=D_htU^j&%V-F8_D+?JTrT!!473rJK8sb
ze8`@3#-Yt5u<c%0ohWI{rQRBzTtRP&oORf@Nji;ih(q0MxW!XmtjeO`z1>-9Hh{+?
zk}0qW8Wam(2e|H6oLyRN^Y6nhz!W1O50&?&Ql#5b_HKN}&=mcimP!eW*p_1!1b414
zOM)T<0|DV9wGeNANN*5FIkm`4EDp{Nmosmi_D>u3$KQY}q+-czsPM#*&Cqd6uthog
zSWYHVEz(HYa~YmEUq_!NbBkOm_Q2DGt7W$Id3sOmaTE_<&D>0A#?h0-KoxsVT1}%H
z){tP-UWhB;MJHv$uwzD4MKEwD3C}jEpC8*3Sx-eFi?1hE`3@>*XQI(<MTqJjhQP$p
zv2k#eMTM{IuD-M3624@fO~ofV*&rPvJE$PN1kvBJdYjV%z(oNMLcrlL+VnZdCQT2?
zzHMBMv_<u9t1)B3*-7DwQZs*FjMCtTl7&=Qf%<k~_wsmqHn4pWIm1p>y0xPG6@9hR
zL^sB?frHr&Z7>C*{?0H!qUQjSR3}kMosNs(M$U|zWetK|UNUEG`mQmmF5bw|<a9U;
zy*D(x6iA%25qB)z9A=JY{O$Y3+C(1D0#nY0B^mUO^L2<X?J|(>qK}#;EpfEvRy8p(
zK)cC@Jm$<?q!r3b`L1yW(23_V{jcMZIFQ^waj<Xg%XQMsfDAuDPQvs+CD}e_xeuOE
z_~6(Qe(i$p7jNI#8;#4_@~JS`{cYgkoAMP8c=e`cC7z2Kcj?lIQpx}^=ml6JX$?gJ
zrL?w?4)|q$qq=S%TdEvkXOq#id$4JxA#?quM41dNPTf?JG~}sl<2gisV~LjnZWR6R
zP}2`0)_RxiEID4BR9Avk`Ug9W_rsmCUOS2+0zK3yweV>hH*BR&y8!;qqV;RmZn;pI
zz7@N4L>d4S(L)E<2bso<m~C2%VfzrPL7V*0-AZMzlAoV9b=_98T;l3KmBSbp{{Ejb
zz-KnJx>t%9$E02~TRgI_`t(M4&r!qV;X*6f`*u8A{4(ugB30!4(Y6FJHu{@ahNdER
z2vO9OpRNvQ>7&RS-kc+HUjgi6L@4)-5S*EKgKlQsdtQa)Ajo(r?;)Y~CWkB$J|^)n
zW{Ae6n=aG@Q>;3yJ6QE;T142rg0^Sf&iSDMaku%U5+y6X6ysxec`3cZCq%fUUAx}8
zWv8KaeBdIpD?`T=th=7sRjd;8pZqV{aeBmQoEj9d<qC76SDD-MMhE)?`&=<-Q1!eq
z7r=3KoIZISr+66UNNAhsEwvBF1oSR^xAp1P&nx4lP9M5$Ygu6GxT2V{2nw^-a$YW0
zO>7+ZZvq>4gDDbYE*-AXTf}_HxKU)43SwW-VTlRnLKW(_)4Lv6O-;9AlX2pDMv)u$
zw2TtZWZt3<ljIfmtXVqrFSH99uN&*>b@$7o5);kZe0wq~3<&HYW2^(jR>Q+SOa`TB
z?@;jC&5N|r6YWNntD@GS?(LfR3M+Z9MV<XXcJlOf)89#tIWSh>99o_Nk*?G>@9Rqr
z=wW5N$&N})iBapGIO8EYa2ZSUBEn8YNbe<rFW!6zEc`?Ql6@(DmBDr3bsddrlsM78
zgb1bfN{O70(s)(bkb>>U(=H^uvY%p7@Yrss+~YNGRIJxG2n9_!b8G*OR4(B|Y`F>x
zMxNGGlb0|%&e1-bcY^yW#w}dqkWd#S$}K5q9jgU2Ia+SG!fQ-AVY&Lo#=I!*vs)03
zOi@@*5C08YV;n~nsOjlu>k}Ku3|O8%#2-rY1O`cKoP);gU>mq-L2AAC;Vb4^rj4<J
z*NqYvaZ8Ttrf#$L1WC8l6);YPWLfr_xvA7Euab<kBtY1lNs#o{-ixZpUup;HT4F2p
zE1RtZhLx*#0O$tK2?a&LJif=hn-9oq@t)gDgS)k1UVYeZs3dEbeN>Yk?AVxUy_EE-
zgS))OJ#H94nvL#tO&_7^&X;4eSo%zEr+{-_a<`At?vd2?-~FZx33U+oU{`53u+~>3
zIyS}h_F=--IL${^=~2V%kUp5eX}5<~wP}Hc`fbCngYD8yg8cyWT<cluz^nl{#)GQh
z0O?b3*KEDc7q|el)J$+MCs6PGPK2;)s9ziQEfP?_y}fyeXKg)rJ-pIywxCPzG{92H
zmR)h%rE?qW5p8x5?fLJ11uyw_++E5$uY(p_GeZln)|+J%F<;Ji<JpttO%eYo6^>zk
z=QINWv3qmBT89o9J02aop0kWs$fOf#It>=wn3s#L8?kdZ5H<8K4?S(jCldgWK?xa<
zUcfKjh4MbkhfB`}y($2kboZwpJcCsq2ikCXtdXa;L0oM}Z0>jgZ@Ty%R2BA|;-mY9
zvqwaCz}el4XTo5M;<9hN?C=%6!@ce>KZ2;@YydAXz=;Jr+2I?jZ>A2xo255~ZR-I{
z5*{FpP5K~hu<y>_*FV;|;ZU4c?3lAjR*{GfY6~3_L@(u)fef>f3rziCT;oL8Fe4P8
z0v0z>DAu*HvB7G-5jKy+gR80+3$G3J552-j!p}my98Xb0R6(xlVgIt-mDEd#fQU)%
zB6H$1Haj%@B|CAVgT@%(i*JK=n`;hO-F+3lOOaa3e~WUp-<45guNQ=Km%UM<(|SX$
zMLa4Nr-xs|0hj|MFD?n3dXo4LqklEpj7Bh)=Ipwgq>5Pph66Q2nO`d5Jy!8#2Z!h4
z;t&xa3d4N2?7mhv(neg{IpVzifCxC7_CAsWTcy%T6L1{@bP$VOmUoXG45;ePg8qyG
zJq>xpqUi_qG&QMDW4k$*DV5t|de3kK3LT|VUw*NvC>6xmZ;kW9^-@yczKxw*7vt7f
zXW+CUALqO5X(FW`9<akzQUj$2$Ld86<mL<hHcIwR>A2Hnb!zota%vr^G$ggB8<yCP
zKCJG}N$8@I+)no|K~DurxMF&~*8%;quu;B7_%}hmw1S-x5P~6s8N7&tz5xfn&9N*y
z<}N79*`Pc&T@-}>g%K7|(dc5Q^gAT991UD=l^O<6bNX^dNx(>9@gZ+9d1`_NU&sqi
zN6i_rDR%^f8@-jhh;a{SdY$@Y^{|(i(5(fTnHdT8!#WrJFeQ8j3C#a%aJ<zP0F$oZ
za`v~;RI#;u?8=2)TU0K%G;(oGiZ+wmN49cDs87W1&XF#c_fyP{r=^zN(3eJo4rle6
zJd($Pwh8!R1>rctE46l`!TYKWN%qgm^@^o>OxSyq+Y%orU642)j;v`fNw$mfI)wZc
zf)5~!Q|By!TfItFe`uNdo+rWQFGB6i;`6^NDReB?RV8S%)*6Mo83?a^8iyWz@;!Ca
zx&2<{%9W~=RR4tLCXofcBpilr<(irWZY%b}xd?(9+-RX(>VH+@hs_^I-1xG07vZ+c
zlnzOSKVm)aXMXL*8XW_RfFQ%}_Dn-2r2{bJC_u2sqReiVk-}1mGZ;Su3YRXri(mJI
z<HZiX@v5E1RTK;+A}JF8NlH$7L`2(`YDA<nj0}K!bu%pDE#2^q`@B{K0@Qhhkc577
z;+VP;Z~}y!N{<M<|7)sh6Xr&Ru4`P=V3;efb@o9kiAs%+Fw1d=sjYt(A_&K81pZe>
z2xauLR)|a(gYG=oB1qk)sMqY#G}Wlsvi>6Sh-{#@gRQq;HC`Z0o6f2}gNC~-59!gY
z=e$X6VJbry`##+CB2X<me5Hf8mRtARYnUvYt?{e{X<NnSPuSrj8S`q|BJn7AC~5&A
zu9;JMnAc*-c}g=L^>Hk*tNv9$%PHn!e3kv^xT*;xQ%uNy?lC609g>owa55uXRNi9W
z2ng1R=H%E!B0i5D%a`(H#g~(X`%=w_`nd!+48mI%P9<waZAySiHe5q~P^SDPFrKDl
zva&&e1S|tYpE&=FuZApGC><^mKkEhmcfuF%RQU{Yg(yXSuNGSFGULLCR$<7WRf(gR
zzwjbm@TWeCO|pc{<J^9(TJ1_c6i-2Q<FO5`Umv}{-t|dr-WKFRn+khyK5s|Eb<ZXY
z87gBto~c!1ZU3kF4T_RFjI+Epk3->sn1+Gw5Ac#AP9|F$S61KIxLW0%%QgMwrz5Bb
zT<q*DA8&irt418q-?1#sQx<--dl<)F@}G^8`G^ehC!wDH&+W=By+3T}Q6lI2BLgvB
zc*GLn$kdL1fGxFG^=G%E`;l)^o4*pNwT&o)%Q14lt)6+GbG<6LQIaF58rwJ=;?q-o
zA$2O0xn<w8%_u;^o{_};P;O9Dz)754==@al{VX^fdEIb+;-)Z6)bx7{Pm~@jwHl;c
z-AWA=hnMY*Uuyc^T#xzv-Z*;sb-|%t16<FEqr_o;+XS2fEe`Kx<Y}~?1805C1!2r1
zGDpIgGmz+q33u}S$Al$RVX3YAzAzcez@Dff-~Nn(1g&*B+fB#kq=jcYIeK}L9YOW6
z9JzU}{j%qi+;m*!WsbXT6Nfv<Zx_hT0@u)T_uqhJh%mM9IiHcIOr&61mJZHmv$@s;
zV#BQYZ8XXz^anndE=QktC}^HfH^8t$t}Vktw?mmO5&ir`k41$vKvt^OE=#T2ILyG>
zri-}6b%0YB>u&+Iba*{8e=G7X=uUTiKDuU?P_@&B9cd%?i$4CH$R+TNsZhS<LUz9f
zhb8gJ884i%x*JF^fnk#3&$H#ELQI?6MQ#gQZdUOuH<ovf<-_(xn0-Ko7{4hqeC&2x
zR5!J_*567|!@zBGDX*&pr8Dm0_l_>8w&{XueXM0OBR~OhH~b=qI%6c_%$%holChBg
z35&Ht(Cb@HoT-fPu^~&T!*9PQI@uflhc+$};H=X=>&z3+LSp2~39YT7mML(Ea!;Nf
zG@yD}290<!*-|uwM#g;H1aXbY(tUD#dWNxvhSY^`oD$X2rgV8*Qk-%oc`Tu+f;MzH
zbqhY#O{Px9sBZlfWPAjAt~H;(TFD9fT-|CI_|5h2oak$m=8oCL_%+3EZFRfh%-+j<
zjq<S#WCUM%3OE8JY60o-j7q>Z&v=)>#(FWNbKn>0u`nGFJmEN6aQ|Oj+N92j`q!C3
zg8PvdMp}YI-n>=J5yDsYd(IhZqrU`>e)}_B<@e#R9GUq<^!^r0ANg4F-Oi+<OPuE&
zf<Svr)XQk%8?_pG=Dxu^`Xr|+^{Quw!+D-U@3ZP!pu#b*-VyRI{K%m5w%?GAV525#
z5+kp6*Es6vQd^Yp9Yush4s3Zik)bHWyFkgpoY*4_^JJ950tGORXbaRrkf5*D0$glp
z5GjKFyR-ntPd%?iDkcGuXa64fWfHgK+FYmM+Cf_VaU?hAF$P-{dhC8_G0$4T8Kbs9
zH)RDffg+!FRs5s%eQoK9KgC0T*}53}FPNAkN8!VXKVQy{c(?>tNSYL01GP%A^q!Hw
zZzAkRnJUyTroV3GFt|y~c@O<j;<%I_d>jL_lPeNSuygyGPbes7IlG(4+2wc+$N4yk
zv|10U!&+_XEiLEJC*%?~EwO&`cOV!x@d<058njpS$uz8&JRcak1d20ZH0?kI?)Pq!
z>9pfKLFo#Yn~-O}R|*wrZr+wg4~k#D_M3B3%F>rB<4jiH`R+3mq948=rpO{PVigpy
znsNiAx`#akMcW$I6xSwHxx+j?{*)5Y?7u~_y_|Dp2R<8v3vbOcdyUU$<{V+5HroYq
zw3Je6b9=8veD`OR;3%%v5;<QUg2Hvjm^yv`d>gj=?K`o_Ods&q@4-(-Hqd^CouzU4
zfV=OiaS6{~n+>hTs1#6nFs_Nn${{2r4IUn@;=xMN?r8m7$v$p3MjSJ0J>8P$mo1a9
zLW{}@&8-`uM5<v1saj9AW-F*LURInJMDtv0BNh!;xV2AWdd{-R;hfN+0Nf$J)uKO@
zGGY`}B|=OqK~gJ|$vBU<>RuCdeQP^u{~tWL7!Zyky^^$1g~^iI^DCnsAYn~d9nb_Z
zzs!0DW;x5`-v->OI{d#`G23oSNd$A-mds~C3|S|jP<H*Hl$wiy8I;s)sLpIT>L8Fw
z#rX?1DPM@%TCCiPcPur(HKlMrRcZOISmI&wXF?l^fQC2r*>4goeD3Pw4O!XzaN(Nc
zU#4}0FFIxbKF4<R@*oZ(r1Np9QjsKF5`7t`=&u1jbO#k}*EP<T{F-@MU@iGe$zq&V
zO3x21HT~Jej8;Qn*pDWc<=B8pGvesr46l(?ICP{&$$<BdA?5!AS}TR_BLA6mdOJFL
zc0m^_oN_4x8^skaM+X<2e*Ex1bqmnDsFTi$H4*L@w2+?8@sy#dY01$Eb!RwTQJXzD
zHmxH$k$Sux{o(a_yQ|n`br2+~@aE(Eo1zGDrE*khK<0q3Yu?Wkt<YzVm+Q-7HO}RE
zkOY6upCF|QEs{BA6grYQt1D}3m|#|DfjEa)eHqXTxc@<d9W6cV2p1h|%E#sWTP5Im
zUh>?bW7+*n)~&2n$y_=L#?WfTffnEyLhRGFW{#K_y4o_%m3y&YcS=8z@lRZw-o}v6
zQ!!pCb45hT^!~pVrRzPj>?hG~7TRS|w2`;r_%%l{?TyDpf1$@D@(V@ZVMlO0+|cs;
z)CRybSK3G()v;w!ysR>E3XB8YV&~l;!E80tKwR`$$k23f(b=;8mi6Pc7@ffKpkg>H
z?`LWz2k;0`3bbu{C;|+^F~HS!rj3lb_gL}!8GodLZ!CyH%QnDZxUj~e14gVpf~Jj3
zSKHtk4E>l!7b<5d(IW12QpmTzX5!|a{kbGh^ZoI5O9{?k0U>m7=_I~mvHF~t2=c$z
zo0KVct51XIwDdcaN}3VrsXDyxMVnDO&xos3V~jj8cq+ccsm!-_3L-C4$pRO+K{6hp
z{#r{HNkcP#kofS6ORNc@L=~YcG0(qh(E`&@i|j49L2DjwEnrq4xoD(c7k%x-q#Xa7
z$HG-vUs%)B#nPIOiJ1QqD9tc_R>Jm>wXmp{xFCCf?MNvS+wd~@Ofw8_kkqZfldhb)
zy?mWcH?_m=joUg!kAV4glEk`7ku^ZE8f2JB7!e!>fdw#8V6qQ_J2Z+Hluq(~0!2Lo
za&2xRU|4vR$LO=0=t6Pu{bLL)Lk2q6vY@cdQlhn#v)__DHnpi??Nu~RidXvAa=C(a
zt>&3cxd!ogUB8-3|2VT`LIl~3C;MqAdxL}WUECF@Sh%TFNnk()oX+c9aRcIn$MvU|
z_fH#vX3;jRJN9;4LeEY*aaO0y5>K7Zkdnt1Ze{=)fGG+GcT*8YG7IGsz`1ud_Wt5f
z%(}dYfS;%q22H9t_1mQ{te==TZ^(*YY1X`7`hy;0j8{yAwb@r6zA9U{Fm%~Th^gda
z@BTR>)!d0fpoVj5G0)#RI|o-Iwg9HMjVLnN@eh0Yv~_<8SvarvSux1o-QC+7g`4&&
zak?DmZ=Nux5TaQ~uFvA<0xIEqNhpRLJBotBNS3X#lPxQz0Anzn)7>i~-G8uMOAZBS
zmsK9St?XtKCTbW`g?-MU%D`Y3JN2c+Rm`gib3qopmr}w@xyo;vi+Y~L2~9b}tsX~}
z22le|A;v6(fhY1Q1ds(WZi{&`Cl1qX<Q>NAE&(S1KMZcS91M>{uHVXTa9q}6KMegV
zP575d1pLe}jpYO*btJ@I9~j89%t9UP-M^(`#t|VY$wyPNznaqek&(ZDk!xpkFBhFt
zy)8m`Eh~Oil$hW&thFpJn(?g5QY4Nc7%|-0>9ooAwqKoAJqelqI=;pz**(hl4hQH0
z89b*d@N2!<Wrf%g4yXh%v@t9Qs9LLzFf^;|$5-Y5X!Pf~m1F;$3hf#qpMHPjnYTpR
z(k4Sa=L%YOo`pFO%~y-~B_Cusw~;B^L&LEZ`zl6k=7BzH=smEIAt|wg<^99dg<^^j
z2$5!Y-l<MPy-`BZm1TO3l@#+%jkJQTb}7o=NC<Y*3QPrSy7;L>jhpK$$xmmmB)Tyx
z4APHdBVCA`kNn5!laH<PQUkO?&i_&CB2ATvlpp_JT)#pX$(n+ChRGZ73Jhe?PK2E`
zIQQ)P?XS4skTng%;SugweJ_o#5%=o$>0fT{8Tiag2|53!xDUZTU-m)O+>t9x{xt4c
z+@Dc4jLe4w%0&GA%QaR2WAP7ohVtP5pVrgE&UZks7S#blFb1GS>Lc!>5`DUxYQEpB
z_Pv!ODVH9m`KM>gb}LER@S{!0rt!Y6XoVRJEFBePe5&IY^+W=PqHs8u$~yqgug>Jc
z5V#pJBAC%FfwO0?ucq8-&*tH6m)wv4ZZROImi>j0K1QB>e#%N8saK=vU>nVhI!5HS
zIsIVjs3^<}tfP%c3rQf4aY=VWh!h7QSKtSa6p1j=#kx`Ajko<5gXVGC6x4VxJx^cv
z=rGykuwM(~o3J)tH|j-_3hmex3^M;346o)N(bi2K)XS=R1dhxp4U{@*316~iYFO?x
zp^*y6JK<noB(nqW*ov#p)0bFDSU-~Fti7nu10yH*e-h7EVRky*)(EZUVWhwk71abo
ziAAoJ8H<jv*2a0vadP5cE`i&DXT{;;M&($mGsBD-1g*TEEH<kZnmfnnpZck{^mWus
z*`?y&z3Qtq3)4KGg7ThL)s=+$lA7C&c}fN^B+Y8O>W56b<9w=*n4X}TjLdK{Bs2b&
zGEPZXSn0s1oLdf5R8ZAdxh}~$`2E&qTdzH0KMt<2rpjK0+K4r*4CzSADG;a+!l4R0
zj|q_v$@o6rw(U>pFN!Uv8Zi|p2BZNWFvrvEq)z&WFwij@w3GlCt^2Bg8zH8aS=UUW
z<;k#!YUwOYhu?7zUn)0M5KLOFvqIHwiD-3m7dy#d^({>e!zD(f)!EH7kn=s!vC*KV
zZrA>EC6l}dzG)EkW{767^hPH37yA7kAn2C|WRLUvQz5j~W;P6@+W|If^CC25q6CJb
zo&Cq$boi*C-z}MKin|5fZi*?vM*8&f@F6A|czn+Ba@kPkL9=K&2Z63nYutSNEXWG7
zV2d3_#Ch1P5Arc)ZZsfPk;Ci4=HW^m4?2UvDxUtI=zZl8{suXjzaK^xCeH3E&T<|n
zeV=nyycVdE(e?g$U$aj=MJ=P@TeOXtl8;0oi&^MDogThIb~h~^&Jq^L$7ec=xL+S~
zP8a{lz$k$$&${IV|5a^_oJ(`G%FFM|f_By`OKy<_-C^`hj_Tsfl#z!sA!i=gQl;8C
zH}l+xTD{EC?x;hc7vuGHn#%E&=nDDW?fH`<;X!3Gu(-;I2^=CHNxQK3lcEvkyrLhw
zm(5veiDHbM?tq2ZZaW))88@<^ipEx&r6?*^;kV>zO}ZRjP=P9m2jLS4*e7>Yoib8*
zj^OSLJD4TiP?GVLte8#{IP~B3g6;tEA^s*fP_opaj*&j9xqa-sQ7T7PEH!|Dtp?-D
zeY51eB`pEC{3xNQ{u+zE*je@|@90V<Reli|uJ~$$FWn%OCeRMWw?Pn<fU1Hfv>;V4
zjlh0th{{WBHN$OYJRegq@{F0mRe0Lh?_j<4)yVGPY-f8uhKSlxaVp-l%9SBgS(_n%
zVZ0UeR(Qk&r3!97h5&_63<4RnX#qww8RYLKf{nH2W|-a2mj#L-Od}v4%St#g&)@zL
zy-t|Y(HCo-obUV1ryUnc;QC*+cj3+(LpDi`@2C34Q{(TocfBLNwqX?xA`YigOK3yd
z!e6P&7^T6J#XD8%V|e@0YWkC5(Dt1ct)}AS#TuSB*hWX=&is7*oeWy4X-<cuQZ0BJ
zghcvM2W%!aO6oIuMz>*E;W04+#4WV(b={BnXqV8#WdnZ5dI3sW`!-C;k7NO9{F-ET
z2pyd5ruQ-nAdonyV#Wg+Z1%<jlxez0fI1&-^5_mRH0Im$pGohEA;lK89FpinE_6bK
z@<SSNN~3fL^Wcr7fwc>%&7!kPd=B_gdgcSY3aI|W0Q?9?Avq76ya>V>w3_m~Hk)KE
zUGE<2Uq;GjG^Z;&Mj<NJ9^;99vZ0a9Tf1WU%h}cO$8cdeerF6B2p|D8aHlb&#g-l<
zqK_c#y!W?@yA5=y0{OfA(BPy659xnurmhT9C#0Yum?{CIoyU1`TUj{>F3n)nCY&LT
zD(vdbIRx9pNC=k<QZP3cM3-^z%}SjNHVFEg5x>qZ*ny@){mW33_iS5X&AgP>X$1GI
zIc-cK?te@t7DIM(yoim+IZCg{!;|!g+SC?Iwmk<`E$s5emO&Ot{Dz#JRcX;#uF<=6
z?ZI|-?Lt}NBl`Klw4Z*2@tJ68(K#KYGGU5;*@3u;u4;+c-Ke#7Q1+XPZP#8YeX^Sr
z!sPexd3Z>?@C}SLSJC)Zm(9%3?w~T!LULT~H{R0AbKWorsz@RB?z%{9|EW<`>781&
zax)A&77=ZFA$wD!3OfLlhs{=0k)^<H)bX@y-Dfi5i+#Em5HZ=jF;WMn6*{w4x{-}$
za|_u&yRkkr1q?~)-EB}LKowMCKqg=U?f16O{!JA-7zM3%|6@%}t7hU9g1&Luv*{VF
zFwI~+lw9jC5wVL9_>C2>inCoujkK?DzAU33Y+B#m@Uwkw(Vgh&{*wd#IB)i<?1(nR
zGJKM*pj6kbC^+7<mPGcVPBYC(ceJXX%EtUi82o>EQ#H}yH~JWgb%TZrKO<!3R8u)y
zG=g`jK3H*A5>Z^j>5oSo-L<n0s(cY!*u>rqiV%NJWx1K;f8zO0SHpCkZ3&2rf1g(k
zrM<t3P(+Il*0s1gvGaLmRJ<8q%(dUFpQ7qF8JIkc`_H+KDl?>|TYUnh!jIWmAZDPr
zP*QxrfF{7lEhSQ*y_lslM-439Ul!{TKdN^jpY-26d-^c<@GMebG1IE|6~R;lJMq=E
zWSmI_t8bY>6VdK;m*4^tIQ~%Znge*N#<RmI1)H=xu59fOdJ>BV$AEWX7~a4!L@$;$
zwi}JCC6|GNY4(X8D+i?qTDhf94m}*y?Ki_|gi4*=-$RlRd}f!TcPR{^)H^crHPQgH
zYNqNa$Cq9X^Ih`l5Y=xzy&k$#Yf6Mt|2be(YjD!z7efy_4L5=W?D*Rvy1rh|jXC#d
z7cA3ft)nTs|406^rRb{bm3l^5Hq>@y_*-5hy#MfnUR|o{3^k<0eTlsQ%-`h9J*CrJ
zJbuQyq7neE*Tp$nM^w9poNmse3{npAV*Q3Q_x+tAJSv;vlAlx#TU|UEyMbDkT-LNs
z#XeNMyf%sleeF;l6kNOVu52x|YxZa~%Ce4n1xDt;4kHsVF|nWDZgsRkJGDChDLL68
zHh<A>J41Wk&)5qJR3C;JC5XEi4B-A?cztZFl%N><xWw=M4xkNS;OYVlmiW!De`3@0
zo-DTCJ3<dR(Es3zw6=Aa%lVQdY`L|{#e%2sgvNdm?_Y%}T!HUhs{t+Pij-;3$X7*g
z*9a5r8g=5@f~FVCp7P01w6Y^evFMZ?<kC`wB3#!y!>{?iK@7|Mm}}I1?h<2Q=*<C>
zo3YiB;hmy_igI~~<fA40R1(5dt+8zu1a>;B*D|ZaRjSdwXA0QlL8h`y^B^fkMc`su
z|1Bz-`X&TAftyr^fwVv^;Pcr0TS~^wa7TZ(nd>TDSv#eN!9hYRQ+manGg2GG>MP3S
zEIDhbKY{8V6t-h5k_$BD4;P9rV&_Z(F0*<P<O+`*D3n?&BZ70260mg?6$sGnETt~;
zv@&rLNP2Rg-N5m`9Iq^-fo0*H6_nwe^OWG64bp>j-t00!k17C;G>$tJdN4hc;`;>L
z?<ug@QZp+6t^a79bcRLxw;(?ZdlcmTiV_IA%@{274%1@WLEos_hYuZIw2|8Syor3Q
zrf_K1-;tNM1=dC@KF@NY72fx9wsz%;8rPkrhr?8iH%2!@T*Jy6zYq?B)gFmej{AYT
z>HgERQ-|oLzE?rh5aA8|nX5s?)GakKi_Mlq5NNQjn4w0EYla&+c}WW%1|u4{rKPUc
zq9zUY)O3uf9_UV^KrLErS*0k^Uy5`X)h5kV0dfOcw4MFl)Z}%;1)>R*uNH=qmZ4KE
zCPiX=b;~$?Giyp8tjOyn)fRv@X`Wd7!7|6T&FgO1P3LW~4XH;)+jf#KgDn!Xi47n`
zZh>eQ$(2&^%o^_=VN0*JzqJ4Mcpvc$)ksc+L<}9>cs1X}iq-RM9S7N?i+){nj%G=8
zv%QWmYR(!?mt!$SBM++lC=-T<MnjB0mL}%EN*I%8>8LIDOiZ1fTEnW0I8N)d!Q-db
zi~*Zl{lq#3Dr8e4n_=j!fwM+QgX9lQ8c#(Daw$cap`N-iy!)BWB11T%mDpVp0dqCj
z9%^#!H4IUjZV=w9)JzUrAdwh>*h|Ys2|9UKMOV6pbdLO_4s|b$Ve<-SC~(gdDNVVp
zVdnNpC-$N}j?`PE((U=@7c6wgi#u!umc(&2DtG!#%dEE=GUCy6u3H4dAEPgGI)9cB
zV%H(*K!jb;7nISza3K5A?Dk7~`6nGlN*AWd+s7}o)HO&3RiP-fhyBrYsSDnh4pUga
z^+$|jKj|y2<U7h@JGo;AiwqEt@xPk?V>n<ZMFxv_{bR<d`&|9G&4&0oo7(8(ZwI`t
z%$peBga02hu18fU0tZOvZ=9LK@H(`|bZ7l`c2@VHmE%5217NqibKUrReZg;*!W5D>
zne~q&lL~a}+qLJ+AEfvAig?=|A=%BwuOf-4Vmz|-egpKrMakvnHUm=Q_|gBd;-VIT
z(8hxQ6XTSKX#TGlSDO9*72{aM4M&>J+_pZhi%^1Tz)8Tiw#GLoZUce?guoTU3lJiM
zdG4-uC;5!C)RU>$v<$;lX6<JuF53LpG4ytwc+y=oSc3zo`iVlM$z9RVFbsr?qDZmE
z*^<PY5y<alH1S^uEO```e1?Mpgvh{BPK*Lzo@O~C$``~u#vWbwh}}z&%IXac!)1pq
zjPM-bMhs%PVHTL37bld9KiKJ`KqXdc2U^RsrOIyUNs`FlVt}V5gvR1R9xZ%fK%2X!
zI}}E>@0dHy5gXw>(kwkvE$0uo@lAh$$DGe4O@YN((P$&!7Yhf`Xk1V!PX<dj^?gDH
z_$ql_8)g-LDV2omm1k~BYa_(ZAeBW9IOzHs@;3XvEUO`QdW_>d=HH>-1w2jd9+nNb
zoDKSGcN^~qsAL;6{6c4&X-Tn21pg!Z36a74@P-;f7!NfE>1Lz&{32Vn)B%&p7Bk>3
z^S<7A`1I8U<CWBMT_fL5U!X<%a#&PNmPA^Y4`0S-K(ptWRL_IJ8)3P>!!-B@j1a?B
zzDlZ1YJN2oE_O@3ObY0&Loq#WcD4v=s&XuC4iYs;#auq%h9rQODNO43Jbr3GNlMFv
zca&*_^{Wyuq`DJit*8qX3Q@nkOW%s#u^JnE5a%OV7|WNiU4-%W9Ka5Uxx(=e#~L{q
z0wRM65omQIF_U}?;b^y`?@*khpR64tgg^g3kTx=@5yVxQP`6#UpJtBMR`e1>A~xgT
z2er^;O=BtzxN2jI>=|jsrr4iOtEgqg76ptcC+Y6w^HX8Qg#C`@5L7$HR%7>;NE_ET
zk!7*TDot!__pVQ%(ZNP(BrD9Vcc2_;<!j`-#`w~!M+%H?1E@u&m*s02-7+gec5LSI
z8wbhIOhxU;e6yduM!uO_X6D>nHIzoRPBW122TGTRi+@`E@5B&$#n^He+Yd(^q_LCN
zDgd2mhC>)VgZ|0>7}NnWyEGdMbPC#F)L+f!Fop@)fADNnudU-nkQa>>WI(NM5I{l7
zw7%n{9i%v+Ck1kDHXLgJHN%Y+CFtdDdeila@G1qNbA`g*^}Ef^-`q_}7r5HCRcJ*5
zlUAnfT~Iv1u*$^%%@@^5BbteVKmk>nYHPa9vrU99k9;wnk`FXR!~ha7BNqY>3lgd!
z=>UyYFs}BdC1yHf$$oZR$Qpw|m!bBU_CE_yhV9vD#HKQrXPB77YnEyTN5}@fXFe};
zjHhGRx30}NFZBhofrckmo9L-EAEAF-o|(P-%8Pn!A;$@0U|&<jwdpbd9mfhFs{C4N
z+_si09<<!vnJ1LW0nf#xe~;HD4?gt<B?<9Y@|C2CqMx4QnH-|2s#)?yR}b0*OiPoY
z4(>@|Ev6L=sS+3h*H@WV<Y}?m9%LR34%F1R><`q)({xR9>wUECOfxfOXg5X?vp`rm
zi8tVaDByB_#Qc6#Cnk@A;_;EqxCC>xs*3B73a$$|O&fH3z@(jaYKTsEPZMdowT<jG
zB{kAEJGpVHY3+xT2wp1f%5wCqUJlHCDlA7v81<NwyYoekiDs~*EoD?y)Yz}2UyA<_
zBNc-+&pKQ+;JnyQm-5tu^sF;4iE&b4HPp=p=SdE$(u3Pfbe6C!SZLU6G>|R+(=F@H
zyWjz-KlbI%Zz#!Pr7>kb(uHe{#anS$hmk-hqHx#EyTu;wch}EzFcN|8%_0REBzybP
zc);OAs><fdVBbpDBSdQPgN~rT_gv&XG0WtH22IlGZ5FJ6wF7=OJsIa)OFfpqJFi9%
zbrVVNYKT{uv++X=9e#u-8fm`HJfSNEqUH;#wUlKr?!TVTx@y6qJeDp;k*tPHssF36
zy9$akc-I7uLvVM7;O-6sgkZtl!{F`^+}+*X-5G)fmq8PPyL*DWbIAXkt=+2Ks=fIx
zyS~e}yMO&WwKR$NW{62L(M^F3<jzy_thv9cPyp%KRdm_-lIazFO>4U|MgOp42>O4p
zBMwmek=pA&*pUv5CrK5U0Te>hY?V7UV8N-$IdJIvjEn?tpB9#ax(*j-FrKE^dhv;d
z!nEZhSvDz6`uZ3Rhid)Ylx6NH!!lM{nN;IZ8yl+v4qjSJC|=3pU>EHV#g(_u$Nr1N
z6=t=iHFTO-yO}xRpYYQx^&eTk$^R*EyHypc*R<k^P>BPhlc?I*1q#mK_N3s?K-(Qx
z5QeeTx~rh3eOLCLoRy0=CSne=eo(ATL*EU7x?*tri>L|O7vede?j7$i-ZX0`^r&3g
z(A+X39cce1w-{xn@48sZ9SA6>8q&rvDq!F&8n8?F0OD?7fN_lpOKFQXBQ$a|)aPiY
zZ)AcGckZ_W!kjvpvK@;K1Z>milJyWh(T^%Y2(KRJ##~k#4}6jko<nBt;k-F;34{SZ
zlO??){?-t_AM&FxA+&Q71b^kuveRslzRcfQxt{<vgw&C_24KA9Q;eR44U@BlLpg-k
zv{EF0GvrL;)~V)kw;PTn+|FEe3dSuw!)+4d4~FN?7`56aJIgYF`br0#Got?pMRZKv
zSZ=VLc!RK~7ni-5N3KWjQ4`U`msN~-#T}CtLS~7A<PhToWAX_=k_?>IuFC5#RWKI{
z{V7ejzZdpF-j4Rjgolpxq-BJzk2{lBZ4{&@CvPX#Cc55guF|I4?+<;$CccqfRE4_3
zw!U0~V&WYY%P<*_B=b|hZ_N<liyzlYiOp$_z4e9^LR8cq>*jfVYbyQ(d6X1FCDpBg
zD2M~z%)FzN_xEu1#rxYrIz2Ah`=pNWgH&?~JNxDC)7&pVRXN<msF>Ru30zyhpmBv$
zdLXPei0fNV{PV@H*ZEcm1U1!@giEf;A`-bNXMaE5d|Tn_;ws0N3*-iq4du#Oy<J)z
zW|E9BKI_8!TLZ*A4qQerx4{78bn!Eoh)^w=y1%Qhn_PjVlV5&N)+Tk-9>q1rd<C%L
z&j3>Qfr5&yq)sI(S=Q35WZaK7Q=DE|K6ihoqmgu>f082nx~+HNg=M<H2R4u?NIsa`
zpshkBbKAGfCkS^29fx5*(ecta6KpBquWosz)=;vn6hET~0ilA}wfoi&uluk^0e#d-
z2TI@1n3|m}YCqgGP3N;Lm|@Xi@uyDo<3!dr)0F7-`atH#7rlt|>Ww*CK-NP@)+uAB
z%U(y5w%St0*-65#$S3f?hcM5PpebU`_3Y?F`0*u6?s~hyOJmmlHl_aE8i*)=s-*3t
zw8uEF&6)&WrP9YsT(}>`u5Z2a?6cK+hTzo^iBBBeff`r5-GR<aW|v1RmuRcXaJaQP
zroh{>6quxYX-Ph1bIlYfqY=vJL&my5HLs%QxI?&~L;qh+?5v0zs-3BtYzeqjClq6P
zG}|t$`OcE&uIX2u9E^usXscX!yQ+P@aDtNz)HSdwKMAW9Lsn(#G?>zr-wn0EdR3M+
z=bDXA9Gr3VrIf}>{BC_w(da|#aiinWa^9*`91_T+Y$`Y*GS|<Bqn%SMj%y;m%ISgE
zO|lpA6t>QDZT~(5cQFx&pS5sLA<NAEUy_(opH8JY0`mSSoJz17uo4aqDT9HnO_L+H
zs0wvZMW(2i+pl^)8~b8fz1%@IHEX9V*SgX|B3%3)XTFOn`vOsUpA^!<Aa(=TRqBU@
z+6El?vGX;)!ytRvv>W0_%_QSOR}R29p?@116=Jss){I2OD0p+M%g@uNn+Ih<(MxXi
z?+J2c)oqFNPa0NBlb}j{^pVVUHL==FDJG0Bkn4U>gFc#;(|dMyCVifivx<-dReM4-
z1z0!B@(U~6=MC;dzsX^veL6V$4{g&9shBNLn(p(+X2B1D!L4frS=!}a$DWueHtX_y
z{WF6OC9?%a3ivL`Lq2Ns6Q&$*uT2?TxUT4?oxC|-lO%P0OQ*=<QQ#F;aYo+w7Gswf
z2G$AovZ~iUZEnx$Drv*}>0GgGTbVGnwcpOD24m4%a@BHqY#Qb=Y8BRt(~u&k(=m<m
z+sW!)tJcujF6@JH2PhhO@!88fQav1E>Mo>zGTGyUDXgBr-1>+Y!M(dR1Qk@q7^=8#
z&}ojvb>a5n<?8Ae8NvObyinA5YB|jf?g@<@>aQoMGt|~^!Qaz}&cToJKO`ur1BAou
zC|o{ph8NWI*WqnI7wBlK5bh_jwFDE#plK~L9Akljval`Rs7ZV2+-r%*Qu7C9-_wvu
zCY`8iQG)MnM@h=Yf{%531v&bIr-v+wG{Y@bsncYc#H#3uPmGA1<3=jUKIS?p&}Mi#
zBhC9_BP^^R$9AcUVd;L7#p~vqCPFpT_WPoO#+<Fcd%f%UnIyA~(`*W!OMg$9hxPC)
z2vZE2MkdQFw|6THDWk+NzSRXwHmNNIN6Mgqsz*XAc-=jQ(Otk=mla_^c3~0#>g>1F
zYUD8l1C&i`#Jsc+8JQe|Q&mBXgPz3gqv1=*NA4tZDjh{9g9%b+C~U9^o!_YrP?aq)
zy&a2#<^#TVIPCm4lNKo-ICnnR=`~;a^}AcD<AL`QTPwsn(j|_wmg<rDnT+pZAe+!T
zng&SMhBlSkAW~wn8@`paV-r#Vg5raORU`N2o)hcNc%Hm2!OdFA?WT~R)()P-EjzSC
z6uQ3y>7q8NbC2_DDbNVzfx?kropwVGht%E<?h)+D-N1^H4~CIzzCG{>2L-y~n*yy7
zlF&S}zH(Sz$GgG_!Pkaq`&OX>$r*~7J?N%csEbXsH+G6S2IL|*I;16r69U$Jtn`*E
zKh7_r*>}>T;yVf)H5Jxc{U1Ww(RJ(dYHS-Ja|8z7C;TC~X1c?4EYtDPLWll~T7q7M
z1-@T`f1)>4u^g>u_UUtW6=|rQOH>Apz`k!M;*1#~Z!F?$$~W7@>|$Gn67&cA9BxCk
zsXB)e(d(cLsnTrSU=G=Eg#V4BRTKXQM>i6^<LEvDsJ|#Pi?)GkO~M*RObJ;BvV6z^
zse;#=5-au@msnJeFL#c3z7iwLvMqlAw~}@4{6QI@3W9KvDG!?8fFDr$fz@#u+g2R1
zF!8+?+g3<)DEiJ=(KLOZ7ZFtndRaRNb(426hP3{`$E5egE&h*?zA*TYkaqI;e+cQY
z^mif6HW&bQ9CRA99PLa|#*2WTF_u2nA~|n}7Bh<X^YL+HC;UDXsL{O^x$%_RZ9M+7
z!5)7!w>(B_7TrB&%@M-GhF=|E0P&Rq6SS7OepTc&?sV_)_JmHMZu*TWL(kkIW;#Wi
zWO?$!?1{8UjQNK&kPK&pVl;I{|DGaRRQ@AA0bhY{>MpS}=8o78HY60TsNI3slZP)E
zI_F>4zO+d}g$%8WQaNhr#GoI<lezOPDenp??TQiRQllVmrkVpVW!`Bj7H_w2c|~rC
z9J9XdR_Dx+)0%NV6Sf^vLtiPrrvY^$yZeZWV4()9#PAR><W3|@YE;}L%UE75#%iq2
zvbGz3CWS5QL$lxzQ6fZ{k8M*OKEa<4sl70A+E4-0FT9ZN+PI)Ka2>&m<Z!L0J9FG`
zS?9BTwfj|@#r_2>frwL!K&qQYR0Z`1?oN$`fdv~hdvwIKpbihmD-U+rVV9DC_3P5o
zt}GEV%Qey}b?X($q3pskZX#^DMb*;O1I-TA)>BhJm_gQl@{f<?Ixi`GG)g{$i66|u
z(QEHnGs?ClAdM^Y6KJa=*{YV_v}&9G1bGx0UExd=zKh&F5%G2TuO6+x7~Rp3S1N;;
z7wMh3LlyMqICvzrm<OgJT$S~aMCV_+L2P#UI%vNOu~XT&PZ$MFm?5|lcDFVw9)#jC
z%VTdjVTAGq8_04^)cyy==h7zG&hCd=yp`SaBc`{ynEIHi4(c`bJnDrUsxN{#?FF=?
zOEf1>760wbt-sB$mb@aPsg(+LHfZ3of1Ns;Q4ujz{C%siukS2K#1g8U6q1CmNZG0;
z0EM{2TwSC*SxgsC&27>}!QkG7+~&qb`yNZr){#1tv~Kx7$UKIklx{~g{rj$)AlG*>
z#gOrnZ!Or-v<~%0KQ%^v57LM&T#o+TZ<u#?n0B`RbL!m`{CN<qjmPy|Xv)QEIZa$`
zIMh;*%e6=G2c!D&OsvckYBR35;5y$};IA+uBz5W;Zn(k|ELe_8<F;uk*E;R&?uc5A
zU3bcd0y0o;<;l}ZDkJBghEnVad;P-gT(s*!Et%bh23YTT=F5?j*&a2-_X0!*ZA4vT
z>G?>S8{<fOxRu4=`zerD`D(Y?U(SZ5SjA_@Jww%vS=m`Hi9iYR&%?zGeq@a&r1196
z*VjkM;iA{B{wgCiJO?JtO2+mi^6&Y3cnGY9M}#<+_+)sJ=(mrsM~QpAi31}~Gp>Gm
z(qwV>ynmxcGH0a}SKQa=z2?%4al3?>`{=!TFeK0Bx#0!mn{{0KG$*9u!71~=t`5g!
zkBBsZ%xLwk+$u=}QIr~f#OvGI$=@dy=J{EZS|%|8sP^pd);uiFNnA;anz$y1T(L*K
zzdq}E#b&+=WrjA3SSq&6Pc(*D6mB4AFG{Qz0oolDB-XnD3&T61<7pKp0RFdvQ7jGN
z>bdY{*a?S4t%l**=C=b2LQiN+*|nG`m8uWQB|wscc@Km0UL6bEUjw1KiohmCg7IB+
z78VRybSGd_(3hC;j#?r47E010MLG$mI9B~8wd&AO7L@)Gv{|e&tdMHof6P6#6B$AK
zznObDYt5*Ur&3m@%rYM|ik-yDsQDU?NJLuntWR;c0?^B3l5omYqumS-qKb=jnxwl+
zxZ?O(B5`25co*8!?!2u<Ja<{nd;0-2)41^SLc%&b`-n5f1S6Pxb8#>S!jLJ>GAcJ#
zImA(m7#W`^Z)tO|Y78!yI=Oet`C7=v8XHQB_p?B8)tlNP-17UBwjP!rn{p6`4Ux{0
zSAX0J=^xx5RXx+o`ror5Os*wCabZ5|u^Pk*{i%%_x%x`th&=g=V9}-|dJEi`MPxRq
zqq{i?Wx>#^EerFP1JT=8<1ymWO%n2W98^dC*J}p!V>2K|vQj=|mFWn_k9chf#Xp36
zZkRvd^7%;Z`D`oN0`bzn5$Jt!KV*QOFXHWYzq<scV*@?!ZC=dKg-^a3liAuY=|Ced
z#xeh8Lvavv_ib$ft=u^@_hQvYc*>W#$mIwan~I?)4GDC0i*M>2VlB(XKivV04BI^>
zx}196W86>DPp2`?*uPP{v^nCCJm_5b`Mw9+^feX)tE8!tQpJBjxEtx<_x1Ji@f7s&
ze%@~`gyvFr2}>5b#=0Ot(}?`bj1UqLE;&5!EWXuew?-QCx^l=~48NtyEOp@n%w17Y
zopP-cBmsfu8_ZaV;;oEs#;<m8TJY$Duzrk)|AGbr<^9_)9J_nGko3+#-Y6Kf?j8+v
zo9yFed1SEq0SlqvBS*npKK;cPIW@-BoT`->r#RhK%i8P`&+KLg^;gQ@metfH_h}Ez
z%PCH^Ax55U=}FZD4IL_Y^}IDV(B!%U6bN1qN9UUt;NY=IMNAB*6+cxksN(DH`0Z>f
zvvB%nQbEx548IQZ@V!<hX_43aRh=1q+h%?q3!@E70$C139F_WhX6ijWU9;Z!blH#d
zjjLJ{RdSOhA}#Z0IaZ$QhXH(l{;CeR&g`qyv;6S$wk_2>{T{Sr7yJyca=Jd`PjR1k
zC2;imcv8I6A{7N+|EjCfe0+rNd89*-!D5IdR@GN1OY1i;D#DdS9LxJODg*x#+Z3#2
zUkZ~6^HbO4c<Xes>de???1HwlSG+Ypz0RRn6E~DmdVc3}IY8*@GhOXPjWPu!p&R7v
z4)X-ZR}7RvCiMY$^5vcVTAlH*e&RJTthW<oO}?}9X@EsF$yMKc&mEs8SS3M~bHoZ8
zWn)L&-!urK?!08=kJ|`?*0iq*8dW;yBu%+P;WZ^@O><0J0J+8>K)!y3Qig?G(-f;A
z&)I+W|L(Z)akIMf$%@yF|JiGiqRwpXeON6`{WZYv`IolU=(^NL-U*$xM`MV}R)&UO
zUsQZv!}I3&u2r{WWQTE?P5M?wac)CsRO=XpX(ts8Hb%<;#`sQ*f^p`J=b3!HTqzTY
z-{hs^oY3xhqi-e{=I!pD!H4&G17EiD5*xR(_W>I-aqm?TGFl31zmE!6cgdI|HRm}>
zI-a62)<`^4HsvG=h&0in)DEkeqj8YH&i~v>=vnrOx$tyzvFH1lcD@q=g3~_T(V+CK
zeRE0$bES?I<EekmrL(t`$VYe)Y$5KV9?p)(yI@hN(52B&WCW~eS$f(-McN2ywv%HL
zTer0Ogo1poF_8cxj|>>k8D~;C%9N@jib#8poGG+Wbn8ln${U<1uh`lu-Ly^tff7C8
zt5dpSo;LJ{MF~O8<XE#LmCUcU6nNF>@+s!njbXr=?tJXhd1pQsZhgTuo>OHf%Lk+(
zsJY}{T)@GSW_ghf<CG?z_@_`JdhYv|A@aRFRL1-L;oxO>XE!x7v(7&w<-2gkX3D$`
zO$T#KOi1Vjv-L3rRjwy1d|QmFpA{2-pqgNmdJuDlmZ9T#L#&p`v#Txy06Nu?d^sT%
z4N)fku>576<yl3^<l#dM_Qq$WwphL=Z~g<34rbEdY5l1cPP>oP)Ohv&-1p>Zi!!o2
zZ>SmGAwO?y&CpGvy|u<B?YyaL_c(;ladob}T)I6@<ZP{@-pv!-wTK_<;_!hLZucAq
zj>jLLWyyjsl|~b<2Z9Lm22#RQrQf6#S7G-iWl>)IJv`3aKD`aNi@!OP?jHK{Uni9z
z`jK4y5KDVlp?f4_D+5MCeUm`f*MVgmcQkA&u33(-=uV3)ojwOW;~#DkSES#3*UG^&
zlp9A6VmAUoYp5l1uj@#9mi%Q0Hqo{mhj28$4d%BwwJ}EE6W=9r|3>m+gWa>`?)qg2
z(#Y)to;@LCHz`&IzO72_%}}By+%8tUzMT(6Q$G7YUq7Jy>$5YxpTt<(4reWdu~DLC
z3p#st!J&=#8l?a_OfY*B5)s|Om&k}0`pF%)H0Jrj*Vz#s`Qt+nL7`2zF~WhGNPQH+
zFZp!pkHBUGAGc3cu$}R%?6grg`;N+JK?iQnoH=#MFln&+raxUxh1uS-R@SYL!*hIn
zn`FIKan@2vYuc0cllQdsJ&A~rdwRh7?$W#96K}2Nh5mJav}d;V=Ned(tgW}L<Z`9x
z%l85@$eV?bWY`<!lX};A{sR4y_vpr=B;y+^;wKr=%LImVk<dB+$4Gt*C*eIszMnp(
z-SnzMkEsVe2U_uaVkhWG3B4a9{%R)+aU5;`X~rctW^z}6rWAPKUN3RbRG2mjtQy00
zDtna0o0_KAig7NTcPV=6vQzGh$aZI|%0Rb)8Bu`7d;i_}(V_7US0f$(N>9*gU0wJa
zK%hFppt)}=kjt_f{l2g3WvL4R245HGVjZ!->!e5_8KDft@IZ{3qR4Q?ymZW;@ks=g
zS2PZ15ZCL&$8mGS%WaQ6DT31*OZ?DkvmrxMr%5j7m`>$Zz3ZvU!<!h!LpM#AM0|H~
zrDD+wBu1|!fTRog^mxVLe&(zk3g5RysXGnTdU(Zz0gM=uWEy9MuA*k>F9fH}$baxY
zTt4btG224NJJHv+yJL<>=|>0J2{myt)cNEHlP$V^Y?_}FQSF|RAS)g1^{n8J?mAzu
z7YC@4>CoA>fo-`<A*(tM_Fpbg!>3KZSHx<zWoCo?H`VfP4D}<_m6apg-ed8=-&`Jk
z*a~pZ4TQ?%!21_#;|wRE+s5)yu^in|YLa?$&pTRUyl*c#D*Bfz<9D@pGBrrWYj=Zu
z>rz4LpEh$vD$%QEzEA$?tIJDEl1V2lTxyn6gUr^`EP~PWg7#>X|7wTqc{A#T?e*|!
zN31RQoh69ryi|VUV6GO*oanV3ZdqL{)<~I_Vz=@nH#e}dntua&Iy>Hn9Qo&o`1;*H
zFBzbt=Zkti4j%fqsCXPU;Pf#a3pa#`|4kZlKM+&4i%JV(Oce;lxhk87w{eRUFzkLN
zMB%^wSBz1-Xm;VXQ+&Zst~&6cd{>X#HNC<VwV2J%QmE;N3h>vbf&0E$_Y=c5UG#M7
zfH$Lh-nu0~bVsvv-)}*qY%|{qnq{0Ap<lgBy@G%ne~BJs*O1|s=xrZEAXeSu&|(7|
z01>vG4ZVcnk>#5QL0yfW&=-$Mb(|{6hL>~E;UD;gon}bndbj`fn_DM(-FNUzkhWxd
z(&R9r-i3$`!SLLY!K=EPF*!ed1;hMBrB6kD0w$o~Z?27BTrjT^i!yF5uk`V0z4Az6
zzTX(*R{|KzD+o1zvd%5>P!{{*_paY9J^$-W_%ariO%PhWlmk=Npig>oF?OGu+~D2c
ztoSXe=M;ql!8HVYz?|herj&(P(O216)fsgEOQhViN%sJF>q89YUjXCMXg99BUvabj
z#PMgASLCHL6&#;XPTU#?&h?}-Hn9r0f&Jc0Fdlxp=QtLabc7+7k}oZh2{FrZ98*Q_
z2g{>GPsK`S=4umX0qjw6W-beY_$RxbFQelVhA0d=u%yUaHr<N!;UyU*vL_?6S3B%K
z?uiEUt$l<XZi-p5C?niMohFcJ8zq#=^xkO@M@YJavD$i6q@;Q^4?~28w%``1HddN(
znD|y~CWoUxd6}XfJ$-biGnS3*3pm84;*kab+IB66r%ph(Gm#h}%CAeCZgVm5mC}?1
z?!>7hP=RV5D79u~(^A1XnDo!>KcWQQ`X`;6!+lMz_^!eH9H|PQHgOSN$rLCvjFsK;
z7GahzKJF;u7hA@c5_@D1G0QGIAOK>&xc0TwD!Z$D@dF+D{xvh;_fgnLw(wJrn{G5E
zl4JH>;77D|!kOnR<6RAtf^i0Px68MkAFiExpKm>k&2iUr><N~krhMZ*%dcrH9E=Et
z+TU{AAZXmt`@-IW2~RFs6bfX$eas=XB2}opDTsQM)M^HXA0T+62`d7iRV4KCHvc6!
z&VJ~6tRIvCQH!GM7rHzzYQ)iVFze|3D4nC#5x?#HCIe5mT7j%Ec=s#0b%gSLKOlv&
z^LQ#+4~q^A_|@8$*2?DKj-bJ$bXsKzKo@B=Q~?LUpMxhEc1-&2_vS&O9qOWUHgQ~!
zGBF7h{ex0<`nK)<s($)nS!PM!-Z-h2Awzj@I@b9#<p_ySqcVnL(bShQRj{+47)XNH
zyjD=%J~m3FFPf9}ZE*2@Y~FON<a1+oG#;BU&X=EvNnpxaoC#BtD3A!=7NrGkHrTR|
ziZhZPfvg{g^;~Y-Zs*Un6k!KwCpt-57h#tuHWjzTYjZw3VPlj8y9AT4A;Wr^^YLzi
zBhSVTGS=z)854bpS24f$33-~Z2}p%?A6r6Z@fRIGSk_kso1jXJS0Gvu1Br`PG3{9$
zE(615Qy?tgbtAkflX6E){1OJF)4UP^3a_u`T>PWkf137h>ZPO7bHy5V`d6&}Y?6YQ
zW4>C$^o%xZh3+MIC@)+vsSCM~<a8m+6}qWqHU-Am;#0*K>B<{2q8R|xLr{GUyD$i+
zk{d|1N7Qtcq{9*K69({{szYijotGH*12t^W)GAOt`tG($%OjBn>x|M6jG`je6w;Y;
zHiF*T9SH`5MLeG&a?qlDn|4q{_b?%3V`l3j{68N<I{R@WhZtm=Yp*Ev!;fwIB(za8
z_N+T-_EpV=;7!uVdDq8>G9)VK8pIMAdZUwGX*Yz|d$HRc=;M#Mo6_sJ--$I*ZPs=(
z+CF376<m=x(ptIOIlGa}7<=F(8kGRnEPROTOx`)W74G_nujdvzll5y7w2_(k2p@5f
z|L7m!=vo_i8%Pqr+i)xJOzJQ30u$sC&a=$KsS%?ci@c!-;ibK4IwnYlX(C4rOe}#R
zgsV-Kp1HyApq5SB=KgY+ib7$uEL&EsDIY>@qX40_!WRDBZ-B7~@Y_~<8Y~Z!aac;X
zRYz#Ilnh{AG?BK#nw~xmlZHa>2I#~~z1@Ug6Fhc*bUx@Iy);;={TVbaYB;UmI7Jls
zE1#wSp0DtaH1-QC?_JSKoxQox)zdw!SX&j^gk9jxQ@K(F)l&+GO+J*MKl10{(zSbW
z+ngWG0&|ZWSKhC0+huR*V`#yOZDH-N5>W^3!};@Ar<^ld93x#5pMxz*A|!%xuv7Ym
zBLm<vRfImWw4{21diz2|OeSc)q>4ce<~aLYaPE!?SM$@{Iy&o!;$5)}RHi60d)VV!
z%?YnU<PvED{bT}4q9pJJk7U|VUmV@s+a+ocMmP}$&q{HFeSKpo`p>AJ(K3h&q6jFR
z;bqZ|@PUk`!He;OPdy5i<IPwNRa4fZgCCg?(MjrXDWP$_pf+Gj!pQX=jkVgoUGV=E
z0#GHMbG|%T5dW!&k%!Xu=xa;>a^fT-W~iL_8jklg!9xYHn5UpDu~`mV!LKHODa~&I
zS_C|oGG_Jg@PJ5n?!6jvBQ&_{4Elh3J^R;?S-7LPI}digngnx4Fv28$a2Bg?MzU~t
zbmBI!e>usF;RYo<PN_~i6D3-1`e9n+IK!u#;tFY_FCC;F(GGHH${YicI>ER0!%1eK
zI^wl|_Ig8kZ}~&hp_NaOOz%k_4pk%2`Tz<fL>9~X#?`17fLq*^MR-<;U-Sb|q=GXQ
z&iZ*?>hO^2lGB$#ER<Q@yxCYW$W|vc$jr(TVT1-OgN@4pgxfj$(8ii1Z5!~HH88TN
z#9UuT!72i<$D@Ir&B~e0SgAnQu8_JbrRN4FI*O(4X{_PQvoMUxmc)}GJJ#kkZQ7no
zvS*Vk9HSZIzc$_5;zA9{nBETy>5YMz$ojR!Dfc40El)^0Y&x6&cjM*LQ!FAXB5VyG
z<_}Zq5uuXmxU}ExeAFw5{doiE9EO`AtS&-3R2PcQ;7{uCP=@5%eW)6^Xl+P3>MFJm
z*}00Dtf<4)H(`d;@Vg7qcj=VSUs<ar-iu>UGjM*YnZRhdJV97u12UIGjY!TSmE7}X
z&<}Snvr*FRz7Miear_w|eA-$do0F?3-CR>Ry_B=wXvQ7r&l2{uuiZ~t%uT5Lji0an
zP*V~Flb0bZqm)mZ-r|t6i|pbWS86}psUNyUp|D3_&+A9|Q=-6XvDg;-$tSpxlgn)`
zLo+MV&z7x=;^n$P`(od5P~HVg^U7ZBX=S3o5)uLmoj<ZLkNkR`_$5$!bS01ik#CEr
zL54R(=DR>W5}P+1#?)P%ehIHX=I=8JzcSympxO3jJd7H5$KbQCLP<bHNd&!7zN2A+
zNsRsWy%*y3CW2uiTQ6JrE(*gWs*S<7r=B+qM%gsbw{*8;#C)qxB=oMbyGF84##_3_
zgGr>a)YKxydZZixH)_-kSqblD@_?I4Jz7gbcd@fg;#+`9hl>fg%1!mFh^@sk#Z>=x
z$mOYF`xUgJR>b`H?I0Z<=I3jjZGVn-@4$_rd}0C6A?@&0*-X`*H%oQcRVuN4>|JR@
zsm7`UO%RhyFAva>c;_PGB!U^lfWqudnTCd}Q#Hi=Cn)W5VlI>gZ^5o!Fgp8?<Fm#b
zPh_trP0Fg`*Ff$I@4Vu6`tmOY=;zM&t5kBbrw}$9K4F4#S2YE#`P8(QX!qo!A5m&m
zGoBY=0<~J=D}q0@>PU3%QgbC}m=eujjZ^GpFy^L#>1-`xu=CSD1un!iyx1Rk>SHVB
zLL0@99~-iI2N_RyH0*ag-7h8-I_HEtAuOG;qMF4+#&bOC7IR}@gc~B^-OjR@NtNle
zNC0(g<~>6_&-j6oB`)k(2ADI!6Re(4*6J)*)O98g)9U$<!mRg42V^=ZB6SQFYg8hK
za{z5627^*%<7GLTD00xYYGnC0_}1jn+@oz@H4n|j?}_{Qo*0zw@xR2qA6@mBY~FI^
zwc{3Ibmt^o$ox_~j}rw<n||hldH8~M!PraCu|Ip;tv@BtF@&r3zdk8w>2Ktw{HdZ)
I${0}p1t(C-`~Uy|

literal 0
HcmV?d00001

diff --git a/golang-external-secrets/values.yaml b/golang-external-secrets/values.yaml
index 6ecd32f2d..04b65029d 100644
--- a/golang-external-secrets/values.yaml
+++ b/golang-external-secrets/values.yaml
@@ -37,10 +37,10 @@ clusterGroup:
 
 external-secrets:
   image:
-    tag: v0.9.11-ubi
+    tag: v0.9.12-ubi
   webhook:
     image:
-      tag: v0.9.11-ubi
+      tag: v0.9.12-ubi
   certController:
     image:
-      tag: v0.9.11-ubi
+      tag: v0.9.12-ubi
diff --git a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
index e6b3d6fbc..24dd79ae7 100644
--- a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -85,18 +85,39 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md"
+          description: |-
+            ACRAccessToken returns a Azure Container Registry token
+            that can be used for pushing/pulling images.
+            Note: by default it will return an ACR Refresh Token with full access
+            (depending on the identity).
+            This can be scoped down to the repository level using .spec.scope.
+            In case scope is defined it will return an ACR Access Token.
+
+
+            See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
-              description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview'
+              description: |-
+                ACRAccessTokenSpec defines how to generate the access token
+                e.g. how to authenticate and which registry to use.
+                see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview
               properties:
                 auth:
                   properties:
@@ -111,32 +132,42 @@ spec:
                       description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.
                       properties:
                         secretRef:
-                          description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret.
+                          description: |-
+                            Configuration used to authenticate with Azure using static
+                            credentials stored in a Kind=Secret.
                           properties:
                             clientId:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -147,10 +178,15 @@ spec:
                       description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.
                       properties:
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -158,7 +194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -167,7 +205,11 @@ spec:
                   type: object
                 environmentType:
                   default: PublicCloud
-                  description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                  description: |-
+                    EnvironmentType specifies the Azure cloud environment endpoints to use for
+                    connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                    The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                    PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                   enum:
                     - PublicCloud
                     - USGovernmentCloud
@@ -175,10 +217,23 @@ spec:
                     - GermanCloud
                   type: string
                 registry:
-                  description: the domain name of the ACR registry e.g. foobarexample.azurecr.io
+                  description: |-
+                    the domain name of the ACR registry
+                    e.g. foobarexample.azurecr.io
                   type: string
                 scope:
-                  description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/"
+                  description: |-
+                    Define the scope for the access token, e.g. pull/push access for a repository.
+                    if not provided it will return a refresh token that has full scope.
+                    Note: you need to pin it down to the repository level, there is no wildcard available.
+
+
+                    examples:
+                    repository:my-repository:pull,push
+                    repository:my-repository:pull
+
+
+                    see docs for details: https://docs.docker.com/registry/spec/auth/scope/
                   type: string
                 tenantId:
                   description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
@@ -208,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -239,10 +294,19 @@ spec:
           description: ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -273,7 +337,9 @@ spec:
                         description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                         properties:
                           remoteRef:
-                            description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                            description: |-
+                              RemoteRef points to the remote secret and defines
+                              which secret (version/property/..) to fetch.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -311,14 +377,23 @@ spec:
                               - key
                             type: object
                           secretKey:
-                            description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                            description: |-
+                              SecretKey defines the key in which the controller stores
+                              the value. This is the key in the Kind=Secret
                             type: string
                           sourceRef:
-                            description: SourceRef allows you to override the source from which the value will pulled from.
+                            description: |-
+                              SourceRef allows you to override the source
+                              from which the value will pulled from.
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                                description: |-
+                                  GeneratorRef points to a generator custom resource.
+
+
+                                  Deprecated: The generatorRef is not implemented in .data[].
+                                  this will be removed with v1.
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -338,7 +413,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -353,11 +430,15 @@ spec:
                         type: object
                       type: array
                     dataFrom:
-                      description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                      description: |-
+                        DataFrom is used to fetch all properties from a specific Provider data
+                        If multiple entries are specified, the Secret keys are merged in the specified order
                       items:
                         properties:
                           extract:
-                            description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to extract multiple key/value pairs from one secret
+                              Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -395,7 +476,9 @@ spec:
                               - key
                             type: object
                           find:
-                            description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to find secrets based on tags or regular expressions
+                              Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -430,11 +513,15 @@ spec:
                                 type: object
                             type: object
                           rewrite:
-                            description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                            description: |-
+                              Used to rewrite secret Keys after getting them from the secret Provider
+                              Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                             items:
                               properties:
                                 regexp:
-                                  description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                                  description: |-
+                                    Used to rewrite with regular expressions.
+                                    The resulting key will be the output of a regexp.ReplaceAll operation.
                                   properties:
                                     source:
                                       description: Used to define the regular expression of a re.Compiler.
@@ -447,10 +534,14 @@ spec:
                                     - target
                                   type: object
                                 transform:
-                                  description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                                  description: |-
+                                    Used to apply string transformation on the secrets.
+                                    The resulting key will be the output of the template applied by the operation.
                                   properties:
                                     template:
-                                      description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                      description: |-
+                                        Used to define the template to apply on the secret name.
+                                        `.value ` will specify the secret name in the template.
                                       type: string
                                   required:
                                     - template
@@ -458,7 +549,13 @@ spec:
                               type: object
                             type: array
                           sourceRef:
-                            description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                            description: |-
+                              SourceRef points to a store or generator
+                              which contains secret values ready to use.
+                              Use this in combination with Extract or Find pull values out of
+                              a specific SecretStore.
+                              When sourceRef points to a generator Extract or Find is not supported.
+                              The generator returns a static map of values
                             maxProperties: 1
                             properties:
                               generatorRef:
@@ -482,7 +579,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -495,13 +594,18 @@ spec:
                       type: array
                     refreshInterval:
                       default: 1h
-                      description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                      description: |-
+                        RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                        Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                        May be set to zero to fetch and create it once. Defaults to 1h.
                       type: string
                     secretStoreRef:
                       description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                       properties:
                         kind:
-                          description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                          description: |-
+                            Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                            Defaults to `SecretStore`
                           type: string
                         name:
                           description: Name of the SecretStore resource
@@ -513,11 +617,15 @@ spec:
                       default:
                         creationPolicy: Owner
                         deletionPolicy: Retain
-                      description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                      description: |-
+                        ExternalSecretTarget defines the Kubernetes Secret to be created
+                        There can be only one target per ExternalSecret.
                       properties:
                         creationPolicy:
                           default: Owner
-                          description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                          description: |-
+                            CreationPolicy defines rules on how to create the resulting Secret
+                            Defaults to 'Owner'
                           enum:
                             - Owner
                             - Orphan
@@ -526,7 +634,9 @@ spec:
                           type: string
                         deletionPolicy:
                           default: Retain
-                          description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                          description: |-
+                            DeletionPolicy defines rules on how to delete the resulting Secret
+                            Defaults to 'Retain'
                           enum:
                             - Delete
                             - Merge
@@ -536,7 +646,10 @@ spec:
                           description: Immutable defines if the final secret will be immutable
                           type: boolean
                         name:
-                          description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                          description: |-
+                            Name defines the name of the Secret resource to be managed
+                            This field is immutable
+                            Defaults to the .metadata.name of the ExternalSecret resource
                           type: string
                         template:
                           description: Template defines a blueprint for the created Secret resource.
@@ -547,7 +660,10 @@ spec:
                               type: object
                             engineVersion:
                               default: v2
-                              description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                              description: |-
+                                EngineVersion specifies the template engine version
+                                that should be used to compile/execute the
+                                template specified in .data and .templateFrom[].
                               enum:
                                 - v1
                                 - v2
@@ -641,16 +757,24 @@ spec:
                     matchExpressions:
                       description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                       items:
-                        description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
                         properties:
                           key:
                             description: key is the label key that the selector applies to.
                             type: string
                           operator:
-                            description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
                             type: string
                           values:
-                            description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
                             items:
                               type: string
                             type: array
@@ -662,7 +786,10 @@ spec:
                     matchLabels:
                       additionalProperties:
                         type: string
-                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
                       type: object
                   type: object
                   x-kubernetes-map-type: atomic
@@ -739,7 +866,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -768,10 +895,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -779,7 +915,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -796,7 +934,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -805,23 +945,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -829,7 +984,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -839,51 +996,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -942,26 +1120,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -980,7 +1166,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -989,7 +1178,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -997,39 +1189,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1060,32 +1264,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -1095,10 +1311,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1106,7 +1327,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1155,13 +1378,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1177,7 +1404,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1185,7 +1415,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1212,13 +1444,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1246,13 +1482,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1277,29 +1517,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1310,7 +1562,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1318,7 +1573,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1328,16 +1585,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1387,7 +1650,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -1396,26 +1662,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1434,13 +1708,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -1451,10 +1732,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1462,7 +1748,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1481,26 +1769,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1509,55 +1811,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -1565,7 +1895,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -1575,55 +1907,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1631,7 +1994,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1641,27 +2006,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -1671,18 +2049,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1708,23 +2094,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -1740,7 +2143,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1781,7 +2188,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -1791,13 +2200,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -1828,13 +2241,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1842,16 +2259,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1918,10 +2341,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -1931,7 +2363,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -1939,16 +2373,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -1960,7 +2402,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -1972,7 +2417,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -1989,7 +2436,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -1998,23 +2447,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2022,7 +2486,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2032,51 +2498,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -2089,7 +2576,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2135,26 +2624,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2178,7 +2675,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -2187,7 +2687,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2195,52 +2698,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2258,10 +2780,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -2303,32 +2835,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -2336,7 +2880,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -2347,10 +2895,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -2358,7 +2911,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -2382,29 +2937,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2417,23 +2984,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2441,7 +3019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2457,7 +3037,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -2466,7 +3049,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2485,7 +3070,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -2494,13 +3081,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2514,13 +3105,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2531,10 +3126,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -2550,16 +3149,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2632,13 +3238,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2654,7 +3264,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2662,7 +3275,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2689,13 +3304,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2750,13 +3369,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2771,16 +3394,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -2801,29 +3430,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2831,7 +3472,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -2839,7 +3483,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -2848,16 +3494,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2883,7 +3535,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2916,13 +3570,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2948,7 +3606,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -2957,26 +3617,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2995,13 +3663,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -3012,10 +3687,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3023,7 +3703,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -3045,13 +3727,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3074,13 +3760,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3102,16 +3792,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -3140,39 +3836,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -3180,37 +3898,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -3222,7 +3956,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3230,7 +3967,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3252,39 +3991,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -3298,25 +4052,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3324,7 +4094,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3334,55 +4106,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -3390,7 +4193,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -3400,27 +4205,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3430,13 +4248,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -3444,23 +4266,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3468,7 +4301,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3481,7 +4318,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -3494,23 +4333,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -3526,7 +4431,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3567,7 +4476,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -3577,13 +4488,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -3614,13 +4529,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3628,16 +4547,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3657,13 +4582,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3671,16 +4600,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3750,7 +4685,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -3768,13 +4703,28 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
+          description: |-
+            ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
+            authorization token.
+            The authorization token is valid for 12 hours.
+            The authorizationToken returned is a base64 encoded string that can be decoded
+            and used in a docker login command to authenticate to a registry.
+            For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3790,7 +4740,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3798,52 +4751,71 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
                           type: object
                       type: object
                     secretRef:
-                      description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                      description: |-
+                        AWSAuthSecretRef holds secret references for AWS credentials
+                        both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                       properties:
                         accessKeyIDSecretRef:
                           description: The AccessKeyID is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         secretAccessKeySecretRef:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         sessionTokenSecretRef:
-                          description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                          description: |-
+                            The SessionToken used for authentication
+                            This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                            see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -3852,7 +4824,9 @@ spec:
                   description: Region specifies the region to operate in.
                   type: string
                 role:
-                  description: You can assume a role before making calls to the desired AWS service.
+                  description: |-
+                    You can assume a role before making calls to the
+                    desired AWS service.
                   type: string
               required:
                 - region
@@ -3878,7 +4852,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -3910,10 +4884,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3955,7 +4938,9 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     description: ExternalSecretDataRemoteRef defines Provider data location.
                     properties:
@@ -3981,13 +4966,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -3996,11 +4986,15 @@ spec:
                     - name
                   type: object
                 target:
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Merge
@@ -4010,7 +5004,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4021,7 +5018,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v1
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4093,7 +5093,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4117,7 +5120,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4149,10 +5154,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4165,7 +5179,9 @@ spec:
                     description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                     properties:
                       remoteRef:
-                        description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                        description: |-
+                          RemoteRef points to the remote secret and defines
+                          which secret (version/property/..) to fetch.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4203,14 +5219,23 @@ spec:
                           - key
                         type: object
                       secretKey:
-                        description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                        description: |-
+                          SecretKey defines the key in which the controller stores
+                          the value. This is the key in the Kind=Secret
                         type: string
                       sourceRef:
-                        description: SourceRef allows you to override the source from which the value will pulled from.
+                        description: |-
+                          SourceRef allows you to override the source
+                          from which the value will pulled from.
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                            description: |-
+                              GeneratorRef points to a generator custom resource.
+
+
+                              Deprecated: The generatorRef is not implemented in .data[].
+                              this will be removed with v1.
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1
@@ -4230,7 +5255,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4245,11 +5272,15 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     properties:
                       extract:
-                        description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to extract multiple key/value pairs from one secret
+                          Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4287,7 +5318,9 @@ spec:
                           - key
                         type: object
                       find:
-                        description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to find secrets based on tags or regular expressions
+                          Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4322,11 +5355,15 @@ spec:
                             type: object
                         type: object
                       rewrite:
-                        description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                        description: |-
+                          Used to rewrite secret Keys after getting them from the secret Provider
+                          Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                         items:
                           properties:
                             regexp:
-                              description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                              description: |-
+                                Used to rewrite with regular expressions.
+                                The resulting key will be the output of a regexp.ReplaceAll operation.
                               properties:
                                 source:
                                   description: Used to define the regular expression of a re.Compiler.
@@ -4339,10 +5376,14 @@ spec:
                                 - target
                               type: object
                             transform:
-                              description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                              description: |-
+                                Used to apply string transformation on the secrets.
+                                The resulting key will be the output of the template applied by the operation.
                               properties:
                                 template:
-                                  description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                  description: |-
+                                    Used to define the template to apply on the secret name.
+                                    `.value ` will specify the secret name in the template.
                                   type: string
                               required:
                                 - template
@@ -4350,7 +5391,13 @@ spec:
                           type: object
                         type: array
                       sourceRef:
-                        description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                        description: |-
+                          SourceRef points to a store or generator
+                          which contains secret values ready to use.
+                          Use this in combination with Extract or Find pull values out of
+                          a specific SecretStore.
+                          When sourceRef points to a generator Extract or Find is not supported.
+                          The generator returns a static map of values
                         maxProperties: 1
                         properties:
                           generatorRef:
@@ -4374,7 +5421,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4387,13 +5436,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -4405,11 +5459,15 @@ spec:
                   default:
                     creationPolicy: Owner
                     deletionPolicy: Retain
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Orphan
@@ -4418,7 +5476,9 @@ spec:
                       type: string
                     deletionPolicy:
                       default: Retain
-                      description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                      description: |-
+                        DeletionPolicy defines rules on how to delete the resulting Secret
+                        Defaults to 'Retain'
                       enum:
                         - Delete
                         - Merge
@@ -4428,7 +5488,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4439,7 +5502,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v2
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4533,7 +5599,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4557,7 +5626,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4586,7 +5657,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4604,13 +5675,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned.
+          description: |-
+            Fake generator is used for testing. It lets you define
+            a static set of credentials that is always returned.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4618,12 +5700,16 @@ spec:
               description: FakeSpec contains the static data.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 data:
                   additionalProperties:
                     type: string
-                  description: Data defines the static data returned by this generator.
+                  description: |-
+                    Data defines the static data returned
+                    by this generator.
                   type: object
               type: object
           type: object
@@ -4647,7 +5733,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4665,13 +5751,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR.
+          description: |-
+            GCRAccessToken generates an GCP access token
+            that can be used to authenticate with GCR.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4686,13 +5783,17 @@ spec:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -4708,7 +5809,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -4716,7 +5820,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -4755,7 +5861,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4773,13 +5879,25 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes.
+          description: |-
+            Password generates a random password based on the
+            configuration parameters in spec.
+            You can specify the length, characterset and other attributes.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4791,21 +5909,29 @@ spec:
                   description: set AllowRepeat to true to allow repeating characters.
                   type: boolean
                 digits:
-                  description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Digits specifies the number of digits in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
                 length:
                   default: 24
-                  description: Length of the password to be generated. Defaults to 24
+                  description: |-
+                    Length of the password to be generated.
+                    Defaults to 24
                   type: integer
                 noUpper:
                   default: false
                   description: Set NoUpper to disable uppercase characters
                   type: boolean
                 symbolCharacters:
-                  description: SymbolCharacters specifies the special characters that should be used in the generated password.
+                  description: |-
+                    SymbolCharacters specifies the special characters that should be used
+                    in the generated password.
                   type: string
                 symbols:
-                  description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Symbols specifies the number of symbol characters in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
               required:
                 - allowRepeat
@@ -4833,7 +5959,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -4858,10 +5984,19 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4894,7 +6029,9 @@ spec:
                           - remoteRef
                         type: object
                       metadata:
-                        description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                        description: |-
+                          Metadata is metadata attached to the secret.
+                          The structure of metadata is provider specific, please look it up in the provider documentation.
                         x-kubernetes-preserve-unknown-fields: true
                     required:
                       - match
@@ -4915,7 +6052,9 @@ spec:
                     properties:
                       kind:
                         default: SecretStore
-                        description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                        description: |-
+                          Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                          Defaults to `SecretStore`
                         type: string
                       labelSelector:
                         description: Optionally, sync to secret stores with label selector
@@ -4923,16 +6062,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -4944,7 +6091,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -4977,7 +6127,10 @@ spec:
                       type: object
                     engineVersion:
                       default: v2
-                      description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                      description: |-
+                        EngineVersion specifies the template engine version
+                        that should be used to compile/execute the
+                        template specified in .data and .templateFrom[].
                       enum:
                         - v1
                         - v2
@@ -5092,7 +6245,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -5122,7 +6277,9 @@ spec:
                             - remoteRef
                           type: object
                         metadata:
-                          description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                          description: |-
+                            Metadata is metadata attached to the secret.
+                            The structure of metadata is provider specific, please look it up in the provider documentation.
                           x-kubernetes-preserve-unknown-fields: true
                       required:
                         - match
@@ -5155,7 +6312,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -5184,10 +6341,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -5195,7 +6361,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -5212,7 +6380,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -5221,23 +6391,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5245,7 +6430,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5255,51 +6442,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -5358,26 +6566,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5396,7 +6612,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -5405,7 +6624,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5413,39 +6635,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5476,32 +6710,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -5511,10 +6757,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5522,7 +6773,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5571,13 +6824,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5593,7 +6850,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5601,7 +6861,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5628,13 +6890,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5662,13 +6928,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5693,29 +6963,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5726,7 +7008,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5734,7 +7019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5744,16 +7031,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5803,7 +7096,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -5812,26 +7108,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5850,13 +7154,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -5867,10 +7178,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5878,7 +7194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5897,26 +7215,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5925,55 +7257,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -5981,7 +7341,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -5991,55 +7353,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6047,7 +7440,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6057,27 +7452,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -6087,18 +7495,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6124,23 +7540,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -6156,7 +7589,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6197,7 +7634,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -6207,13 +7646,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -6244,13 +7687,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6258,16 +7705,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6334,10 +7787,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -6347,7 +7809,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -6355,16 +7819,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -6376,7 +7848,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -6388,7 +7863,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -6405,7 +7882,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -6414,23 +7893,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6438,7 +7932,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6448,51 +7944,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6505,7 +8022,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6551,26 +8070,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6594,7 +8121,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -6603,7 +8133,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6611,52 +8144,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -6674,10 +8226,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -6719,32 +8281,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -6752,7 +8326,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -6763,10 +8341,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -6774,7 +8357,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -6798,29 +8383,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6833,23 +8430,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6857,7 +8465,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6873,7 +8483,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -6882,7 +8495,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6901,7 +8516,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -6910,13 +8527,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6930,13 +8551,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6947,10 +8572,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -6966,16 +8595,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7048,13 +8684,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7070,7 +8710,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7078,7 +8721,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7105,13 +8750,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7166,13 +8815,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7187,16 +8840,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -7217,29 +8876,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7247,7 +8918,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -7255,7 +8929,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -7264,16 +8940,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7299,7 +8981,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7332,13 +9016,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7364,7 +9052,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -7373,26 +9063,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7411,13 +9109,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -7428,10 +9133,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -7439,7 +9149,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -7461,13 +9173,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7490,13 +9206,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7518,16 +9238,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -7556,39 +9282,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7596,37 +9344,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -7638,7 +9402,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7646,7 +9413,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7668,39 +9437,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -7714,25 +9498,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7740,7 +9540,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7750,55 +9552,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7806,7 +9639,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7816,27 +9651,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7846,13 +9694,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -7860,23 +9712,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7884,7 +9747,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7897,7 +9764,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7910,23 +9779,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -7942,7 +9877,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7983,7 +9922,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -7993,13 +9934,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -8030,13 +9975,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8044,16 +9993,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8073,13 +10028,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8087,16 +10046,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8166,7 +10131,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -8186,17 +10151,28 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 method:
                   description: Vault API method to use (GET/POST/other)
@@ -8214,39 +10190,61 @@ spec:
                       description: Auth configures how secret-manager authenticates with the Vault server.
                       properties:
                         appRole:
-                          description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                          description: |-
+                            AppRole authenticates with Vault using the App Role auth mechanism,
+                            with the role and secret stored in a Kubernetes Secret resource.
                           properties:
                             path:
                               default: approle
-                              description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                              description: |-
+                                Path where the App Role authentication backend is mounted
+                                in Vault, e.g: "approle"
                               type: string
                             roleId:
-                              description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                              description: |-
+                                RoleID configured in the App Role authentication backend when setting
+                                up the authentication backend in Vault.
                               type: string
                             roleRef:
-                              description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role ID used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role id.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role secret used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role secret.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -8254,37 +10252,53 @@ spec:
                             - secretRef
                           type: object
                         cert:
-                          description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                          description: |-
+                            Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                            Cert authentication method
                           properties:
                             clientCert:
-                              description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                              description: |-
+                                ClientCert is a certificate to authenticate using the Cert Vault
+                                authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing client private key to
+                                authenticate with Vault using the Cert authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         iam:
-                          description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                          description: |-
+                            Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                            AWS IAM authentication method
                           properties:
                             externalID:
                               description: AWS External ID set on assumed IAM roles
@@ -8296,7 +10310,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8304,7 +10321,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8326,39 +10345,54 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -8372,25 +10406,41 @@ spec:
                             - vaultRole
                           type: object
                         jwt:
-                          description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                          description: |-
+                            Jwt authenticates with Vault by passing role and JWT token using the
+                            JWT/OIDC authentication method
                           properties:
                             kubernetesServiceAccountToken:
-                              description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                              description: |-
+                                Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                a token for with the `TokenRequest` API.
                               properties:
                                 audiences:
-                                  description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                  description: |-
+                                    Optional audiences field that will be used to request a temporary Kubernetes service
+                                    account token for the service account referenced by `serviceAccountRef`.
+                                    Defaults to a single audience `vault` it not specified.
+                                    Deprecated: use serviceAccountRef.Audiences instead
                                   items:
                                     type: string
                                   type: array
                                 expirationSeconds:
-                                  description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                  description: |-
+                                    Optional expiration time in seconds that will be used to request a temporary
+                                    Kubernetes service account token for the service account referenced by
+                                    `serviceAccountRef`.
+                                    Deprecated: this will be removed in the future.
+                                    Defaults to 10 minutes.
                                   format: int64
                                   type: integer
                                 serviceAccountRef:
                                   description: Service account field containing the name of a kubernetes ServiceAccount.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8398,7 +10448,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8408,55 +10460,86 @@ spec:
                               type: object
                             path:
                               default: jwt
-                              description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                              description: |-
+                                Path where the JWT authentication backend is mounted
+                                in Vault, e.g: "jwt"
                               type: string
                             role:
-                              description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                              description: |-
+                                Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                authentication method
                               type: string
                             secretRef:
-                              description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                              description: |-
+                                Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                authenticate with Vault using the JWT/OIDC authentication method.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
                             - path
                           type: object
                         kubernetes:
-                          description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                          description: |-
+                            Kubernetes authenticates with Vault by passing the ServiceAccount
+                            token stored in the named Secret resource to the Vault server.
                           properties:
                             mountPath:
                               default: kubernetes
-                              description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                              description: |-
+                                Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                "kubernetes"
                               type: string
                             role:
-                              description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                              description: |-
+                                A required field containing the Vault Role to assume. A Role binds a
+                                Kubernetes ServiceAccount with a set of Vault policies.
                               type: string
                             secretRef:
-                              description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                              description: |-
+                                Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                for authenticating with Vault. If a name is specified without a key,
+                                `token` is the default. If one is not specified, the one bound to
+                                the controller will be used.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             serviceAccountRef:
-                              description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                              description: |-
+                                Optional service account field containing the name of a kubernetes ServiceAccount.
+                                If the service account is specified, the service account secret token JWT will be used
+                                for authenticating with Vault. If the service account selector is not supplied,
+                                the secretRef will be used instead.
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -8464,7 +10547,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -8474,27 +10559,40 @@ spec:
                             - role
                           type: object
                         ldap:
-                          description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                          description: |-
+                            Ldap authenticates with Vault by passing username/password pair using
+                            the LDAP authentication method
                           properties:
                             path:
                               default: ldap
-                              description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                              description: |-
+                                Path where the LDAP authentication backend is mounted
+                                in Vault, e.g: "ldap"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the LDAP
+                                user used to authenticate with Vault using the LDAP authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                              description: |-
+                                Username is a LDAP user name used to authenticate using the LDAP Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8504,13 +10602,17 @@ spec:
                           description: TokenSecretRef authenticates with Vault by presenting a token.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         userPass:
@@ -8518,23 +10620,34 @@ spec:
                           properties:
                             path:
                               default: user
-                              description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                              description: |-
+                                Path where the UserPassword authentication backend is mounted
+                                in Vault, e.g: "user"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the
+                                user used to authenticate with Vault using the UserPass authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                              description: |-
+                                Username is a user name used to authenticate using the UserPass Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8542,7 +10655,11 @@ spec:
                           type: object
                       type: object
                     caBundle:
-                      description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                      description: |-
+                        PEM encoded CA bundle used to validate Vault server certificate. Only used
+                        if the Server URL is using HTTPS protocol. This parameter is ignored for
+                        plain HTTP protocol connection. If not set the system root certificates
+                        are used to validate the TLS connection.
                       format: byte
                       type: string
                     caProvider:
@@ -8555,7 +10672,9 @@ spec:
                           description: The name of the object located at the provider type.
                           type: string
                         namespace:
-                          description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                          description: |-
+                            The namespace the Provider type is in.
+                            Can only be defined when used in a ClusterSecretStore.
                           type: string
                         type:
                           description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -8568,23 +10687,89 @@ spec:
                         - type
                       type: object
                     forwardInconsistent:
-                      description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                      description: |-
+                        ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                        leader instead of simply retrying within a loop. This can increase performance if
+                        the option is enabled serverside.
+                        https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                       type: boolean
                     namespace:
-                      description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                      description: |-
+                        Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                        Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                        More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                       type: string
                     path:
-                      description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                      description: |-
+                        Path is the mount path of the Vault KV backend endpoint, e.g:
+                        "secret". The v2 KV secret engine version specific "/data" path suffix
+                        for fetching secrets from Vault is optional and will be appended
+                        if not present in specified path.
                       type: string
                     readYourWrites:
-                      description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                      description: |-
+                        ReadYourWrites ensures isolated read-after-write semantics by
+                        providing discovered cluster replication states in each request.
+                        More information about eventual consistency in Vault can be found here
+                        https://www.vaultproject.io/docs/enterprise/consistency
                       type: boolean
                     server:
                       description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                       type: string
+                    tls:
+                      description: |-
+                        The configuration used for client side related TLS communication, when the Vault server
+                        requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                        This parameter is ignored for plain HTTP protocol connection.
+                        It's worth noting this configuration is different from the "TLS certificates auth method",
+                        which is available under the `auth.cert` section.
+                      properties:
+                        certSecretRef:
+                          description: |-
+                            CertSecretRef is a certificate added to the transport layer
+                            when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                        keySecretRef:
+                          description: |-
+                            KeySecretRef to a key in a Secret resource containing client private key
+                            added to the transport layer when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                      type: object
                     version:
                       default: v2
-                      description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                      description: |-
+                        Version is the Vault KV secret engine version. This can be either "v1" or
+                        "v2". Version defaults to "v2".
                       enum:
                         - v1
                         - v2
@@ -8595,7 +10780,12 @@ spec:
                   type: object
                 resultType:
                   default: Data
-                  description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure.
+                  description: |-
+                    Result type defines which data is returned from the generator.
+                    By default it is the "data" section of the Vault API response.
+                    When using e.g. /auth/token/create the "data" section is empty but
+                    the "auth" section contains the generated token.
+                    Please refer to the vault docs regarding the result data structure.
                   enum:
                     - Data
                     - Auth
@@ -8626,10 +10816,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8693,10 +10883,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8802,10 +10992,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -8842,10 +11032,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -8886,10 +11076,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8907,10 +11097,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8927,10 +11117,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8963,10 +11153,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -9002,10 +11192,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -9023,10 +11213,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -9047,10 +11237,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9062,10 +11252,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -9080,7 +11270,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -9110,10 +11300,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9125,10 +11315,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -9143,7 +11333,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -9160,10 +11350,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9175,10 +11365,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -9193,7 +11383,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
index 3fca7728d..ffcf6cb6e 100644
--- a/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -85,18 +85,39 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md"
+          description: |-
+            ACRAccessToken returns a Azure Container Registry token
+            that can be used for pushing/pulling images.
+            Note: by default it will return an ACR Refresh Token with full access
+            (depending on the identity).
+            This can be scoped down to the repository level using .spec.scope.
+            In case scope is defined it will return an ACR Access Token.
+
+
+            See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
-              description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview'
+              description: |-
+                ACRAccessTokenSpec defines how to generate the access token
+                e.g. how to authenticate and which registry to use.
+                see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview
               properties:
                 auth:
                   properties:
@@ -111,32 +132,42 @@ spec:
                       description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.
                       properties:
                         secretRef:
-                          description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret.
+                          description: |-
+                            Configuration used to authenticate with Azure using static
+                            credentials stored in a Kind=Secret.
                           properties:
                             clientId:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -147,10 +178,15 @@ spec:
                       description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.
                       properties:
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -158,7 +194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -167,7 +205,11 @@ spec:
                   type: object
                 environmentType:
                   default: PublicCloud
-                  description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                  description: |-
+                    EnvironmentType specifies the Azure cloud environment endpoints to use for
+                    connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                    The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                    PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                   enum:
                     - PublicCloud
                     - USGovernmentCloud
@@ -175,10 +217,23 @@ spec:
                     - GermanCloud
                   type: string
                 registry:
-                  description: the domain name of the ACR registry e.g. foobarexample.azurecr.io
+                  description: |-
+                    the domain name of the ACR registry
+                    e.g. foobarexample.azurecr.io
                   type: string
                 scope:
-                  description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/"
+                  description: |-
+                    Define the scope for the access token, e.g. pull/push access for a repository.
+                    if not provided it will return a refresh token that has full scope.
+                    Note: you need to pin it down to the repository level, there is no wildcard available.
+
+
+                    examples:
+                    repository:my-repository:pull,push
+                    repository:my-repository:pull
+
+
+                    see docs for details: https://docs.docker.com/registry/spec/auth/scope/
                   type: string
                 tenantId:
                   description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
@@ -208,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -239,10 +294,19 @@ spec:
           description: ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -273,7 +337,9 @@ spec:
                         description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                         properties:
                           remoteRef:
-                            description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                            description: |-
+                              RemoteRef points to the remote secret and defines
+                              which secret (version/property/..) to fetch.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -311,14 +377,23 @@ spec:
                               - key
                             type: object
                           secretKey:
-                            description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                            description: |-
+                              SecretKey defines the key in which the controller stores
+                              the value. This is the key in the Kind=Secret
                             type: string
                           sourceRef:
-                            description: SourceRef allows you to override the source from which the value will pulled from.
+                            description: |-
+                              SourceRef allows you to override the source
+                              from which the value will pulled from.
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                                description: |-
+                                  GeneratorRef points to a generator custom resource.
+
+
+                                  Deprecated: The generatorRef is not implemented in .data[].
+                                  this will be removed with v1.
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -338,7 +413,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -353,11 +430,15 @@ spec:
                         type: object
                       type: array
                     dataFrom:
-                      description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                      description: |-
+                        DataFrom is used to fetch all properties from a specific Provider data
+                        If multiple entries are specified, the Secret keys are merged in the specified order
                       items:
                         properties:
                           extract:
-                            description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to extract multiple key/value pairs from one secret
+                              Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -395,7 +476,9 @@ spec:
                               - key
                             type: object
                           find:
-                            description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to find secrets based on tags or regular expressions
+                              Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -430,11 +513,15 @@ spec:
                                 type: object
                             type: object
                           rewrite:
-                            description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                            description: |-
+                              Used to rewrite secret Keys after getting them from the secret Provider
+                              Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                             items:
                               properties:
                                 regexp:
-                                  description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                                  description: |-
+                                    Used to rewrite with regular expressions.
+                                    The resulting key will be the output of a regexp.ReplaceAll operation.
                                   properties:
                                     source:
                                       description: Used to define the regular expression of a re.Compiler.
@@ -447,10 +534,14 @@ spec:
                                     - target
                                   type: object
                                 transform:
-                                  description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                                  description: |-
+                                    Used to apply string transformation on the secrets.
+                                    The resulting key will be the output of the template applied by the operation.
                                   properties:
                                     template:
-                                      description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                      description: |-
+                                        Used to define the template to apply on the secret name.
+                                        `.value ` will specify the secret name in the template.
                                       type: string
                                   required:
                                     - template
@@ -458,7 +549,13 @@ spec:
                               type: object
                             type: array
                           sourceRef:
-                            description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                            description: |-
+                              SourceRef points to a store or generator
+                              which contains secret values ready to use.
+                              Use this in combination with Extract or Find pull values out of
+                              a specific SecretStore.
+                              When sourceRef points to a generator Extract or Find is not supported.
+                              The generator returns a static map of values
                             maxProperties: 1
                             properties:
                               generatorRef:
@@ -482,7 +579,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -495,13 +594,18 @@ spec:
                       type: array
                     refreshInterval:
                       default: 1h
-                      description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                      description: |-
+                        RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                        Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                        May be set to zero to fetch and create it once. Defaults to 1h.
                       type: string
                     secretStoreRef:
                       description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                       properties:
                         kind:
-                          description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                          description: |-
+                            Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                            Defaults to `SecretStore`
                           type: string
                         name:
                           description: Name of the SecretStore resource
@@ -513,11 +617,15 @@ spec:
                       default:
                         creationPolicy: Owner
                         deletionPolicy: Retain
-                      description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                      description: |-
+                        ExternalSecretTarget defines the Kubernetes Secret to be created
+                        There can be only one target per ExternalSecret.
                       properties:
                         creationPolicy:
                           default: Owner
-                          description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                          description: |-
+                            CreationPolicy defines rules on how to create the resulting Secret
+                            Defaults to 'Owner'
                           enum:
                             - Owner
                             - Orphan
@@ -526,7 +634,9 @@ spec:
                           type: string
                         deletionPolicy:
                           default: Retain
-                          description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                          description: |-
+                            DeletionPolicy defines rules on how to delete the resulting Secret
+                            Defaults to 'Retain'
                           enum:
                             - Delete
                             - Merge
@@ -536,7 +646,10 @@ spec:
                           description: Immutable defines if the final secret will be immutable
                           type: boolean
                         name:
-                          description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                          description: |-
+                            Name defines the name of the Secret resource to be managed
+                            This field is immutable
+                            Defaults to the .metadata.name of the ExternalSecret resource
                           type: string
                         template:
                           description: Template defines a blueprint for the created Secret resource.
@@ -547,7 +660,10 @@ spec:
                               type: object
                             engineVersion:
                               default: v2
-                              description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                              description: |-
+                                EngineVersion specifies the template engine version
+                                that should be used to compile/execute the
+                                template specified in .data and .templateFrom[].
                               enum:
                                 - v1
                                 - v2
@@ -641,16 +757,24 @@ spec:
                     matchExpressions:
                       description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                       items:
-                        description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
                         properties:
                           key:
                             description: key is the label key that the selector applies to.
                             type: string
                           operator:
-                            description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
                             type: string
                           values:
-                            description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
                             items:
                               type: string
                             type: array
@@ -662,7 +786,10 @@ spec:
                     matchLabels:
                       additionalProperties:
                         type: string
-                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
                       type: object
                   type: object
                   x-kubernetes-map-type: atomic
@@ -739,7 +866,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -768,10 +895,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -779,7 +915,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -796,7 +934,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -805,23 +945,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -829,7 +984,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -839,51 +996,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -942,26 +1120,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -980,7 +1166,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -989,7 +1178,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -997,39 +1189,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1060,32 +1264,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -1095,10 +1311,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1106,7 +1327,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1155,13 +1378,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1177,7 +1404,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1185,7 +1415,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1212,13 +1444,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1246,13 +1482,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1277,29 +1517,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1310,7 +1562,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1318,7 +1573,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1328,16 +1585,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1387,7 +1650,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -1396,26 +1662,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1434,13 +1708,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -1451,10 +1732,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1462,7 +1748,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1481,26 +1769,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1509,55 +1811,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -1565,7 +1895,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -1575,55 +1907,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1631,7 +1994,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1641,27 +2006,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -1671,18 +2049,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1708,23 +2094,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -1740,7 +2143,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1781,7 +2188,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -1791,13 +2200,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -1828,13 +2241,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1842,16 +2259,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1918,10 +2341,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -1931,7 +2363,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -1939,16 +2373,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -1960,7 +2402,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -1972,7 +2417,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -1989,7 +2436,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -1998,23 +2447,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2022,7 +2486,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2032,51 +2498,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -2089,7 +2576,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2135,26 +2624,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2178,7 +2675,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -2187,7 +2687,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2195,52 +2698,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2258,10 +2780,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -2303,32 +2835,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -2336,7 +2880,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -2347,10 +2895,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -2358,7 +2911,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -2382,29 +2937,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2417,23 +2984,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2441,7 +3019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2457,7 +3037,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -2466,7 +3049,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2485,7 +3070,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -2494,13 +3081,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2514,13 +3105,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2531,10 +3126,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -2550,16 +3149,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2632,13 +3238,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2654,7 +3264,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2662,7 +3275,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2689,13 +3304,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2750,13 +3369,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2771,16 +3394,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -2801,29 +3430,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2831,7 +3472,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -2839,7 +3483,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -2848,16 +3494,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2883,7 +3535,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2916,13 +3570,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2948,7 +3606,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -2957,26 +3617,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2995,13 +3663,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -3012,10 +3687,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3023,7 +3703,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -3045,13 +3727,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3074,13 +3760,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3102,16 +3792,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -3140,39 +3836,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -3180,37 +3898,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -3222,7 +3956,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3230,7 +3967,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3252,39 +3991,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -3298,25 +4052,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3324,7 +4094,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3334,55 +4106,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -3390,7 +4193,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -3400,27 +4205,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3430,13 +4248,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -3444,23 +4266,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3468,7 +4301,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3481,7 +4318,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -3494,23 +4333,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -3526,7 +4431,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3567,7 +4476,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -3577,13 +4488,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -3614,13 +4529,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3628,16 +4547,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3657,13 +4582,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3671,16 +4600,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3750,7 +4685,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -3768,13 +4703,28 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
+          description: |-
+            ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
+            authorization token.
+            The authorization token is valid for 12 hours.
+            The authorizationToken returned is a base64 encoded string that can be decoded
+            and used in a docker login command to authenticate to a registry.
+            For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3790,7 +4740,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3798,52 +4751,71 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
                           type: object
                       type: object
                     secretRef:
-                      description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                      description: |-
+                        AWSAuthSecretRef holds secret references for AWS credentials
+                        both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                       properties:
                         accessKeyIDSecretRef:
                           description: The AccessKeyID is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         secretAccessKeySecretRef:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         sessionTokenSecretRef:
-                          description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                          description: |-
+                            The SessionToken used for authentication
+                            This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                            see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -3852,7 +4824,9 @@ spec:
                   description: Region specifies the region to operate in.
                   type: string
                 role:
-                  description: You can assume a role before making calls to the desired AWS service.
+                  description: |-
+                    You can assume a role before making calls to the
+                    desired AWS service.
                   type: string
               required:
                 - region
@@ -3878,7 +4852,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -3910,10 +4884,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3955,7 +4938,9 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     description: ExternalSecretDataRemoteRef defines Provider data location.
                     properties:
@@ -3981,13 +4966,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -3996,11 +4986,15 @@ spec:
                     - name
                   type: object
                 target:
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Merge
@@ -4010,7 +5004,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4021,7 +5018,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v1
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4093,7 +5093,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4117,7 +5120,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4149,10 +5154,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4165,7 +5179,9 @@ spec:
                     description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                     properties:
                       remoteRef:
-                        description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                        description: |-
+                          RemoteRef points to the remote secret and defines
+                          which secret (version/property/..) to fetch.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4203,14 +5219,23 @@ spec:
                           - key
                         type: object
                       secretKey:
-                        description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                        description: |-
+                          SecretKey defines the key in which the controller stores
+                          the value. This is the key in the Kind=Secret
                         type: string
                       sourceRef:
-                        description: SourceRef allows you to override the source from which the value will pulled from.
+                        description: |-
+                          SourceRef allows you to override the source
+                          from which the value will pulled from.
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                            description: |-
+                              GeneratorRef points to a generator custom resource.
+
+
+                              Deprecated: The generatorRef is not implemented in .data[].
+                              this will be removed with v1.
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1
@@ -4230,7 +5255,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4245,11 +5272,15 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     properties:
                       extract:
-                        description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to extract multiple key/value pairs from one secret
+                          Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4287,7 +5318,9 @@ spec:
                           - key
                         type: object
                       find:
-                        description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to find secrets based on tags or regular expressions
+                          Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4322,11 +5355,15 @@ spec:
                             type: object
                         type: object
                       rewrite:
-                        description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                        description: |-
+                          Used to rewrite secret Keys after getting them from the secret Provider
+                          Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                         items:
                           properties:
                             regexp:
-                              description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                              description: |-
+                                Used to rewrite with regular expressions.
+                                The resulting key will be the output of a regexp.ReplaceAll operation.
                               properties:
                                 source:
                                   description: Used to define the regular expression of a re.Compiler.
@@ -4339,10 +5376,14 @@ spec:
                                 - target
                               type: object
                             transform:
-                              description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                              description: |-
+                                Used to apply string transformation on the secrets.
+                                The resulting key will be the output of the template applied by the operation.
                               properties:
                                 template:
-                                  description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                  description: |-
+                                    Used to define the template to apply on the secret name.
+                                    `.value ` will specify the secret name in the template.
                                   type: string
                               required:
                                 - template
@@ -4350,7 +5391,13 @@ spec:
                           type: object
                         type: array
                       sourceRef:
-                        description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                        description: |-
+                          SourceRef points to a store or generator
+                          which contains secret values ready to use.
+                          Use this in combination with Extract or Find pull values out of
+                          a specific SecretStore.
+                          When sourceRef points to a generator Extract or Find is not supported.
+                          The generator returns a static map of values
                         maxProperties: 1
                         properties:
                           generatorRef:
@@ -4374,7 +5421,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4387,13 +5436,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -4405,11 +5459,15 @@ spec:
                   default:
                     creationPolicy: Owner
                     deletionPolicy: Retain
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Orphan
@@ -4418,7 +5476,9 @@ spec:
                       type: string
                     deletionPolicy:
                       default: Retain
-                      description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                      description: |-
+                        DeletionPolicy defines rules on how to delete the resulting Secret
+                        Defaults to 'Retain'
                       enum:
                         - Delete
                         - Merge
@@ -4428,7 +5488,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4439,7 +5502,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v2
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4533,7 +5599,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4557,7 +5626,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4586,7 +5657,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4604,13 +5675,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned.
+          description: |-
+            Fake generator is used for testing. It lets you define
+            a static set of credentials that is always returned.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4618,12 +5700,16 @@ spec:
               description: FakeSpec contains the static data.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 data:
                   additionalProperties:
                     type: string
-                  description: Data defines the static data returned by this generator.
+                  description: |-
+                    Data defines the static data returned
+                    by this generator.
                   type: object
               type: object
           type: object
@@ -4647,7 +5733,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4665,13 +5751,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR.
+          description: |-
+            GCRAccessToken generates an GCP access token
+            that can be used to authenticate with GCR.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4686,13 +5783,17 @@ spec:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -4708,7 +5809,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -4716,7 +5820,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -4755,7 +5861,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4773,13 +5879,25 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes.
+          description: |-
+            Password generates a random password based on the
+            configuration parameters in spec.
+            You can specify the length, characterset and other attributes.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4791,21 +5909,29 @@ spec:
                   description: set AllowRepeat to true to allow repeating characters.
                   type: boolean
                 digits:
-                  description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Digits specifies the number of digits in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
                 length:
                   default: 24
-                  description: Length of the password to be generated. Defaults to 24
+                  description: |-
+                    Length of the password to be generated.
+                    Defaults to 24
                   type: integer
                 noUpper:
                   default: false
                   description: Set NoUpper to disable uppercase characters
                   type: boolean
                 symbolCharacters:
-                  description: SymbolCharacters specifies the special characters that should be used in the generated password.
+                  description: |-
+                    SymbolCharacters specifies the special characters that should be used
+                    in the generated password.
                   type: string
                 symbols:
-                  description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Symbols specifies the number of symbol characters in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
               required:
                 - allowRepeat
@@ -4833,7 +5959,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -4858,10 +5984,19 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4894,7 +6029,9 @@ spec:
                           - remoteRef
                         type: object
                       metadata:
-                        description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                        description: |-
+                          Metadata is metadata attached to the secret.
+                          The structure of metadata is provider specific, please look it up in the provider documentation.
                         x-kubernetes-preserve-unknown-fields: true
                     required:
                       - match
@@ -4915,7 +6052,9 @@ spec:
                     properties:
                       kind:
                         default: SecretStore
-                        description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                        description: |-
+                          Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                          Defaults to `SecretStore`
                         type: string
                       labelSelector:
                         description: Optionally, sync to secret stores with label selector
@@ -4923,16 +6062,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -4944,7 +6091,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -4977,7 +6127,10 @@ spec:
                       type: object
                     engineVersion:
                       default: v2
-                      description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                      description: |-
+                        EngineVersion specifies the template engine version
+                        that should be used to compile/execute the
+                        template specified in .data and .templateFrom[].
                       enum:
                         - v1
                         - v2
@@ -5092,7 +6245,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -5122,7 +6277,9 @@ spec:
                             - remoteRef
                           type: object
                         metadata:
-                          description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                          description: |-
+                            Metadata is metadata attached to the secret.
+                            The structure of metadata is provider specific, please look it up in the provider documentation.
                           x-kubernetes-preserve-unknown-fields: true
                       required:
                         - match
@@ -5155,7 +6312,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -5184,10 +6341,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -5195,7 +6361,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -5212,7 +6380,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -5221,23 +6391,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5245,7 +6430,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5255,51 +6442,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -5358,26 +6566,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5396,7 +6612,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -5405,7 +6624,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5413,39 +6635,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5476,32 +6710,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -5511,10 +6757,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5522,7 +6773,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5571,13 +6824,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5593,7 +6850,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5601,7 +6861,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5628,13 +6890,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5662,13 +6928,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5693,29 +6963,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5726,7 +7008,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5734,7 +7019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5744,16 +7031,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5803,7 +7096,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -5812,26 +7108,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5850,13 +7154,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -5867,10 +7178,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5878,7 +7194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5897,26 +7215,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5925,55 +7257,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -5981,7 +7341,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -5991,55 +7353,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6047,7 +7440,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6057,27 +7452,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -6087,18 +7495,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6124,23 +7540,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -6156,7 +7589,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6197,7 +7634,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -6207,13 +7646,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -6244,13 +7687,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6258,16 +7705,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6334,10 +7787,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -6347,7 +7809,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -6355,16 +7819,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -6376,7 +7848,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -6388,7 +7863,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -6405,7 +7882,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -6414,23 +7893,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6438,7 +7932,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6448,51 +7944,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6505,7 +8022,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6551,26 +8070,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6594,7 +8121,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -6603,7 +8133,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6611,52 +8144,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -6674,10 +8226,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -6719,32 +8281,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -6752,7 +8326,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -6763,10 +8341,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -6774,7 +8357,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -6798,29 +8383,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6833,23 +8430,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6857,7 +8465,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6873,7 +8483,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -6882,7 +8495,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6901,7 +8516,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -6910,13 +8527,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6930,13 +8551,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6947,10 +8572,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -6966,16 +8595,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7048,13 +8684,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7070,7 +8710,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7078,7 +8721,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7105,13 +8750,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7166,13 +8815,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7187,16 +8840,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -7217,29 +8876,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7247,7 +8918,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -7255,7 +8929,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -7264,16 +8940,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7299,7 +8981,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7332,13 +9016,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7364,7 +9052,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -7373,26 +9063,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7411,13 +9109,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -7428,10 +9133,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -7439,7 +9149,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -7461,13 +9173,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7490,13 +9206,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7518,16 +9238,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -7556,39 +9282,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7596,37 +9344,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -7638,7 +9402,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7646,7 +9413,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7668,39 +9437,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -7714,25 +9498,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7740,7 +9540,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7750,55 +9552,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7806,7 +9639,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7816,27 +9651,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7846,13 +9694,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -7860,23 +9712,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7884,7 +9747,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7897,7 +9764,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7910,23 +9779,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -7942,7 +9877,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7983,7 +9922,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -7993,13 +9934,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -8030,13 +9975,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8044,16 +9993,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8073,13 +10028,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8087,16 +10046,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8166,7 +10131,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -8186,17 +10151,28 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 method:
                   description: Vault API method to use (GET/POST/other)
@@ -8214,39 +10190,61 @@ spec:
                       description: Auth configures how secret-manager authenticates with the Vault server.
                       properties:
                         appRole:
-                          description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                          description: |-
+                            AppRole authenticates with Vault using the App Role auth mechanism,
+                            with the role and secret stored in a Kubernetes Secret resource.
                           properties:
                             path:
                               default: approle
-                              description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                              description: |-
+                                Path where the App Role authentication backend is mounted
+                                in Vault, e.g: "approle"
                               type: string
                             roleId:
-                              description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                              description: |-
+                                RoleID configured in the App Role authentication backend when setting
+                                up the authentication backend in Vault.
                               type: string
                             roleRef:
-                              description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role ID used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role id.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role secret used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role secret.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -8254,37 +10252,53 @@ spec:
                             - secretRef
                           type: object
                         cert:
-                          description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                          description: |-
+                            Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                            Cert authentication method
                           properties:
                             clientCert:
-                              description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                              description: |-
+                                ClientCert is a certificate to authenticate using the Cert Vault
+                                authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing client private key to
+                                authenticate with Vault using the Cert authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         iam:
-                          description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                          description: |-
+                            Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                            AWS IAM authentication method
                           properties:
                             externalID:
                               description: AWS External ID set on assumed IAM roles
@@ -8296,7 +10310,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8304,7 +10321,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8326,39 +10345,54 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -8372,25 +10406,41 @@ spec:
                             - vaultRole
                           type: object
                         jwt:
-                          description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                          description: |-
+                            Jwt authenticates with Vault by passing role and JWT token using the
+                            JWT/OIDC authentication method
                           properties:
                             kubernetesServiceAccountToken:
-                              description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                              description: |-
+                                Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                a token for with the `TokenRequest` API.
                               properties:
                                 audiences:
-                                  description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                  description: |-
+                                    Optional audiences field that will be used to request a temporary Kubernetes service
+                                    account token for the service account referenced by `serviceAccountRef`.
+                                    Defaults to a single audience `vault` it not specified.
+                                    Deprecated: use serviceAccountRef.Audiences instead
                                   items:
                                     type: string
                                   type: array
                                 expirationSeconds:
-                                  description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                  description: |-
+                                    Optional expiration time in seconds that will be used to request a temporary
+                                    Kubernetes service account token for the service account referenced by
+                                    `serviceAccountRef`.
+                                    Deprecated: this will be removed in the future.
+                                    Defaults to 10 minutes.
                                   format: int64
                                   type: integer
                                 serviceAccountRef:
                                   description: Service account field containing the name of a kubernetes ServiceAccount.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8398,7 +10448,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8408,55 +10460,86 @@ spec:
                               type: object
                             path:
                               default: jwt
-                              description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                              description: |-
+                                Path where the JWT authentication backend is mounted
+                                in Vault, e.g: "jwt"
                               type: string
                             role:
-                              description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                              description: |-
+                                Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                authentication method
                               type: string
                             secretRef:
-                              description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                              description: |-
+                                Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                authenticate with Vault using the JWT/OIDC authentication method.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
                             - path
                           type: object
                         kubernetes:
-                          description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                          description: |-
+                            Kubernetes authenticates with Vault by passing the ServiceAccount
+                            token stored in the named Secret resource to the Vault server.
                           properties:
                             mountPath:
                               default: kubernetes
-                              description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                              description: |-
+                                Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                "kubernetes"
                               type: string
                             role:
-                              description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                              description: |-
+                                A required field containing the Vault Role to assume. A Role binds a
+                                Kubernetes ServiceAccount with a set of Vault policies.
                               type: string
                             secretRef:
-                              description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                              description: |-
+                                Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                for authenticating with Vault. If a name is specified without a key,
+                                `token` is the default. If one is not specified, the one bound to
+                                the controller will be used.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             serviceAccountRef:
-                              description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                              description: |-
+                                Optional service account field containing the name of a kubernetes ServiceAccount.
+                                If the service account is specified, the service account secret token JWT will be used
+                                for authenticating with Vault. If the service account selector is not supplied,
+                                the secretRef will be used instead.
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -8464,7 +10547,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -8474,27 +10559,40 @@ spec:
                             - role
                           type: object
                         ldap:
-                          description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                          description: |-
+                            Ldap authenticates with Vault by passing username/password pair using
+                            the LDAP authentication method
                           properties:
                             path:
                               default: ldap
-                              description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                              description: |-
+                                Path where the LDAP authentication backend is mounted
+                                in Vault, e.g: "ldap"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the LDAP
+                                user used to authenticate with Vault using the LDAP authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                              description: |-
+                                Username is a LDAP user name used to authenticate using the LDAP Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8504,13 +10602,17 @@ spec:
                           description: TokenSecretRef authenticates with Vault by presenting a token.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         userPass:
@@ -8518,23 +10620,34 @@ spec:
                           properties:
                             path:
                               default: user
-                              description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                              description: |-
+                                Path where the UserPassword authentication backend is mounted
+                                in Vault, e.g: "user"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the
+                                user used to authenticate with Vault using the UserPass authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                              description: |-
+                                Username is a user name used to authenticate using the UserPass Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8542,7 +10655,11 @@ spec:
                           type: object
                       type: object
                     caBundle:
-                      description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                      description: |-
+                        PEM encoded CA bundle used to validate Vault server certificate. Only used
+                        if the Server URL is using HTTPS protocol. This parameter is ignored for
+                        plain HTTP protocol connection. If not set the system root certificates
+                        are used to validate the TLS connection.
                       format: byte
                       type: string
                     caProvider:
@@ -8555,7 +10672,9 @@ spec:
                           description: The name of the object located at the provider type.
                           type: string
                         namespace:
-                          description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                          description: |-
+                            The namespace the Provider type is in.
+                            Can only be defined when used in a ClusterSecretStore.
                           type: string
                         type:
                           description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -8568,23 +10687,89 @@ spec:
                         - type
                       type: object
                     forwardInconsistent:
-                      description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                      description: |-
+                        ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                        leader instead of simply retrying within a loop. This can increase performance if
+                        the option is enabled serverside.
+                        https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                       type: boolean
                     namespace:
-                      description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                      description: |-
+                        Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                        Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                        More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                       type: string
                     path:
-                      description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                      description: |-
+                        Path is the mount path of the Vault KV backend endpoint, e.g:
+                        "secret". The v2 KV secret engine version specific "/data" path suffix
+                        for fetching secrets from Vault is optional and will be appended
+                        if not present in specified path.
                       type: string
                     readYourWrites:
-                      description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                      description: |-
+                        ReadYourWrites ensures isolated read-after-write semantics by
+                        providing discovered cluster replication states in each request.
+                        More information about eventual consistency in Vault can be found here
+                        https://www.vaultproject.io/docs/enterprise/consistency
                       type: boolean
                     server:
                       description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                       type: string
+                    tls:
+                      description: |-
+                        The configuration used for client side related TLS communication, when the Vault server
+                        requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                        This parameter is ignored for plain HTTP protocol connection.
+                        It's worth noting this configuration is different from the "TLS certificates auth method",
+                        which is available under the `auth.cert` section.
+                      properties:
+                        certSecretRef:
+                          description: |-
+                            CertSecretRef is a certificate added to the transport layer
+                            when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                        keySecretRef:
+                          description: |-
+                            KeySecretRef to a key in a Secret resource containing client private key
+                            added to the transport layer when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                      type: object
                     version:
                       default: v2
-                      description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                      description: |-
+                        Version is the Vault KV secret engine version. This can be either "v1" or
+                        "v2". Version defaults to "v2".
                       enum:
                         - v1
                         - v2
@@ -8595,7 +10780,12 @@ spec:
                   type: object
                 resultType:
                   default: Data
-                  description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure.
+                  description: |-
+                    Result type defines which data is returned from the generator.
+                    By default it is the "data" section of the Vault API response.
+                    When using e.g. /auth/token/create the "data" section is empty but
+                    the "auth" section contains the generated token.
+                    Please refer to the vault docs regarding the result data structure.
                   enum:
                     - Data
                     - Auth
@@ -8626,10 +10816,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8693,10 +10883,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8802,10 +10992,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -8842,10 +11032,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -8886,10 +11076,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8907,10 +11097,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8927,10 +11117,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8963,10 +11153,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -9002,10 +11192,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -9023,10 +11213,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -9047,10 +11237,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9062,10 +11252,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -9080,7 +11270,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -9110,10 +11300,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9125,10 +11315,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -9143,7 +11333,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -9160,10 +11350,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9175,10 +11365,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -9193,7 +11383,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
index 3fca7728d..ffcf6cb6e 100644
--- a/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
+++ b/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -85,18 +85,39 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md"
+          description: |-
+            ACRAccessToken returns a Azure Container Registry token
+            that can be used for pushing/pulling images.
+            Note: by default it will return an ACR Refresh Token with full access
+            (depending on the identity).
+            This can be scoped down to the repository level using .spec.scope.
+            In case scope is defined it will return an ACR Access Token.
+
+
+            See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
-              description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview'
+              description: |-
+                ACRAccessTokenSpec defines how to generate the access token
+                e.g. how to authenticate and which registry to use.
+                see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview
               properties:
                 auth:
                   properties:
@@ -111,32 +132,42 @@ spec:
                       description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.
                       properties:
                         secretRef:
-                          description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret.
+                          description: |-
+                            Configuration used to authenticate with Azure using static
+                            credentials stored in a Kind=Secret.
                           properties:
                             clientId:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -147,10 +178,15 @@ spec:
                       description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.
                       properties:
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -158,7 +194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -167,7 +205,11 @@ spec:
                   type: object
                 environmentType:
                   default: PublicCloud
-                  description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                  description: |-
+                    EnvironmentType specifies the Azure cloud environment endpoints to use for
+                    connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                    The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                    PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                   enum:
                     - PublicCloud
                     - USGovernmentCloud
@@ -175,10 +217,23 @@ spec:
                     - GermanCloud
                   type: string
                 registry:
-                  description: the domain name of the ACR registry e.g. foobarexample.azurecr.io
+                  description: |-
+                    the domain name of the ACR registry
+                    e.g. foobarexample.azurecr.io
                   type: string
                 scope:
-                  description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/"
+                  description: |-
+                    Define the scope for the access token, e.g. pull/push access for a repository.
+                    if not provided it will return a refresh token that has full scope.
+                    Note: you need to pin it down to the repository level, there is no wildcard available.
+
+
+                    examples:
+                    repository:my-repository:pull,push
+                    repository:my-repository:pull
+
+
+                    see docs for details: https://docs.docker.com/registry/spec/auth/scope/
                   type: string
                 tenantId:
                   description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
@@ -208,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -239,10 +294,19 @@ spec:
           description: ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -273,7 +337,9 @@ spec:
                         description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                         properties:
                           remoteRef:
-                            description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                            description: |-
+                              RemoteRef points to the remote secret and defines
+                              which secret (version/property/..) to fetch.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -311,14 +377,23 @@ spec:
                               - key
                             type: object
                           secretKey:
-                            description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                            description: |-
+                              SecretKey defines the key in which the controller stores
+                              the value. This is the key in the Kind=Secret
                             type: string
                           sourceRef:
-                            description: SourceRef allows you to override the source from which the value will pulled from.
+                            description: |-
+                              SourceRef allows you to override the source
+                              from which the value will pulled from.
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                                description: |-
+                                  GeneratorRef points to a generator custom resource.
+
+
+                                  Deprecated: The generatorRef is not implemented in .data[].
+                                  this will be removed with v1.
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -338,7 +413,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -353,11 +430,15 @@ spec:
                         type: object
                       type: array
                     dataFrom:
-                      description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                      description: |-
+                        DataFrom is used to fetch all properties from a specific Provider data
+                        If multiple entries are specified, the Secret keys are merged in the specified order
                       items:
                         properties:
                           extract:
-                            description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to extract multiple key/value pairs from one secret
+                              Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -395,7 +476,9 @@ spec:
                               - key
                             type: object
                           find:
-                            description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to find secrets based on tags or regular expressions
+                              Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -430,11 +513,15 @@ spec:
                                 type: object
                             type: object
                           rewrite:
-                            description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                            description: |-
+                              Used to rewrite secret Keys after getting them from the secret Provider
+                              Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                             items:
                               properties:
                                 regexp:
-                                  description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                                  description: |-
+                                    Used to rewrite with regular expressions.
+                                    The resulting key will be the output of a regexp.ReplaceAll operation.
                                   properties:
                                     source:
                                       description: Used to define the regular expression of a re.Compiler.
@@ -447,10 +534,14 @@ spec:
                                     - target
                                   type: object
                                 transform:
-                                  description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                                  description: |-
+                                    Used to apply string transformation on the secrets.
+                                    The resulting key will be the output of the template applied by the operation.
                                   properties:
                                     template:
-                                      description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                      description: |-
+                                        Used to define the template to apply on the secret name.
+                                        `.value ` will specify the secret name in the template.
                                       type: string
                                   required:
                                     - template
@@ -458,7 +549,13 @@ spec:
                               type: object
                             type: array
                           sourceRef:
-                            description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                            description: |-
+                              SourceRef points to a store or generator
+                              which contains secret values ready to use.
+                              Use this in combination with Extract or Find pull values out of
+                              a specific SecretStore.
+                              When sourceRef points to a generator Extract or Find is not supported.
+                              The generator returns a static map of values
                             maxProperties: 1
                             properties:
                               generatorRef:
@@ -482,7 +579,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -495,13 +594,18 @@ spec:
                       type: array
                     refreshInterval:
                       default: 1h
-                      description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                      description: |-
+                        RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                        Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                        May be set to zero to fetch and create it once. Defaults to 1h.
                       type: string
                     secretStoreRef:
                       description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                       properties:
                         kind:
-                          description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                          description: |-
+                            Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                            Defaults to `SecretStore`
                           type: string
                         name:
                           description: Name of the SecretStore resource
@@ -513,11 +617,15 @@ spec:
                       default:
                         creationPolicy: Owner
                         deletionPolicy: Retain
-                      description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                      description: |-
+                        ExternalSecretTarget defines the Kubernetes Secret to be created
+                        There can be only one target per ExternalSecret.
                       properties:
                         creationPolicy:
                           default: Owner
-                          description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                          description: |-
+                            CreationPolicy defines rules on how to create the resulting Secret
+                            Defaults to 'Owner'
                           enum:
                             - Owner
                             - Orphan
@@ -526,7 +634,9 @@ spec:
                           type: string
                         deletionPolicy:
                           default: Retain
-                          description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                          description: |-
+                            DeletionPolicy defines rules on how to delete the resulting Secret
+                            Defaults to 'Retain'
                           enum:
                             - Delete
                             - Merge
@@ -536,7 +646,10 @@ spec:
                           description: Immutable defines if the final secret will be immutable
                           type: boolean
                         name:
-                          description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                          description: |-
+                            Name defines the name of the Secret resource to be managed
+                            This field is immutable
+                            Defaults to the .metadata.name of the ExternalSecret resource
                           type: string
                         template:
                           description: Template defines a blueprint for the created Secret resource.
@@ -547,7 +660,10 @@ spec:
                               type: object
                             engineVersion:
                               default: v2
-                              description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                              description: |-
+                                EngineVersion specifies the template engine version
+                                that should be used to compile/execute the
+                                template specified in .data and .templateFrom[].
                               enum:
                                 - v1
                                 - v2
@@ -641,16 +757,24 @@ spec:
                     matchExpressions:
                       description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                       items:
-                        description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
                         properties:
                           key:
                             description: key is the label key that the selector applies to.
                             type: string
                           operator:
-                            description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
                             type: string
                           values:
-                            description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
                             items:
                               type: string
                             type: array
@@ -662,7 +786,10 @@ spec:
                     matchLabels:
                       additionalProperties:
                         type: string
-                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
                       type: object
                   type: object
                   x-kubernetes-map-type: atomic
@@ -739,7 +866,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -768,10 +895,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -779,7 +915,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -796,7 +934,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -805,23 +945,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -829,7 +984,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -839,51 +996,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -942,26 +1120,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -980,7 +1166,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -989,7 +1178,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -997,39 +1189,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1060,32 +1264,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -1095,10 +1311,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1106,7 +1327,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1155,13 +1378,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1177,7 +1404,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1185,7 +1415,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1212,13 +1444,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1246,13 +1482,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1277,29 +1517,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1310,7 +1562,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1318,7 +1573,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1328,16 +1585,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1387,7 +1650,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -1396,26 +1662,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1434,13 +1708,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -1451,10 +1732,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1462,7 +1748,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1481,26 +1769,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1509,55 +1811,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -1565,7 +1895,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -1575,55 +1907,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1631,7 +1994,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1641,27 +2006,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -1671,18 +2049,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1708,23 +2094,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -1740,7 +2143,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1781,7 +2188,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -1791,13 +2200,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -1828,13 +2241,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1842,16 +2259,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1918,10 +2341,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -1931,7 +2363,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -1939,16 +2373,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -1960,7 +2402,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -1972,7 +2417,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -1989,7 +2436,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -1998,23 +2447,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2022,7 +2486,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2032,51 +2498,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -2089,7 +2576,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2135,26 +2624,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2178,7 +2675,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -2187,7 +2687,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2195,52 +2698,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2258,10 +2780,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -2303,32 +2835,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -2336,7 +2880,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -2347,10 +2895,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -2358,7 +2911,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -2382,29 +2937,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2417,23 +2984,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2441,7 +3019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2457,7 +3037,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -2466,7 +3049,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2485,7 +3070,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -2494,13 +3081,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2514,13 +3105,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2531,10 +3126,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -2550,16 +3149,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2632,13 +3238,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2654,7 +3264,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2662,7 +3275,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2689,13 +3304,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2750,13 +3369,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2771,16 +3394,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -2801,29 +3430,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2831,7 +3472,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -2839,7 +3483,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -2848,16 +3494,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2883,7 +3535,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2916,13 +3570,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2948,7 +3606,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -2957,26 +3617,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2995,13 +3663,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -3012,10 +3687,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3023,7 +3703,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -3045,13 +3727,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3074,13 +3760,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3102,16 +3792,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -3140,39 +3836,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -3180,37 +3898,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -3222,7 +3956,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3230,7 +3967,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3252,39 +3991,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -3298,25 +4052,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3324,7 +4094,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3334,55 +4106,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -3390,7 +4193,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -3400,27 +4205,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3430,13 +4248,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -3444,23 +4266,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3468,7 +4301,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3481,7 +4318,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -3494,23 +4333,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -3526,7 +4431,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3567,7 +4476,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -3577,13 +4488,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -3614,13 +4529,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3628,16 +4547,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3657,13 +4582,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3671,16 +4600,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3750,7 +4685,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -3768,13 +4703,28 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
+          description: |-
+            ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
+            authorization token.
+            The authorization token is valid for 12 hours.
+            The authorizationToken returned is a base64 encoded string that can be decoded
+            and used in a docker login command to authenticate to a registry.
+            For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3790,7 +4740,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3798,52 +4751,71 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
                           type: object
                       type: object
                     secretRef:
-                      description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                      description: |-
+                        AWSAuthSecretRef holds secret references for AWS credentials
+                        both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                       properties:
                         accessKeyIDSecretRef:
                           description: The AccessKeyID is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         secretAccessKeySecretRef:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         sessionTokenSecretRef:
-                          description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                          description: |-
+                            The SessionToken used for authentication
+                            This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                            see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -3852,7 +4824,9 @@ spec:
                   description: Region specifies the region to operate in.
                   type: string
                 role:
-                  description: You can assume a role before making calls to the desired AWS service.
+                  description: |-
+                    You can assume a role before making calls to the
+                    desired AWS service.
                   type: string
               required:
                 - region
@@ -3878,7 +4852,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -3910,10 +4884,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3955,7 +4938,9 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     description: ExternalSecretDataRemoteRef defines Provider data location.
                     properties:
@@ -3981,13 +4966,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -3996,11 +4986,15 @@ spec:
                     - name
                   type: object
                 target:
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Merge
@@ -4010,7 +5004,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4021,7 +5018,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v1
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4093,7 +5093,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4117,7 +5120,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4149,10 +5154,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4165,7 +5179,9 @@ spec:
                     description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                     properties:
                       remoteRef:
-                        description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                        description: |-
+                          RemoteRef points to the remote secret and defines
+                          which secret (version/property/..) to fetch.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4203,14 +5219,23 @@ spec:
                           - key
                         type: object
                       secretKey:
-                        description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                        description: |-
+                          SecretKey defines the key in which the controller stores
+                          the value. This is the key in the Kind=Secret
                         type: string
                       sourceRef:
-                        description: SourceRef allows you to override the source from which the value will pulled from.
+                        description: |-
+                          SourceRef allows you to override the source
+                          from which the value will pulled from.
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                            description: |-
+                              GeneratorRef points to a generator custom resource.
+
+
+                              Deprecated: The generatorRef is not implemented in .data[].
+                              this will be removed with v1.
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1
@@ -4230,7 +5255,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4245,11 +5272,15 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     properties:
                       extract:
-                        description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to extract multiple key/value pairs from one secret
+                          Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4287,7 +5318,9 @@ spec:
                           - key
                         type: object
                       find:
-                        description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to find secrets based on tags or regular expressions
+                          Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4322,11 +5355,15 @@ spec:
                             type: object
                         type: object
                       rewrite:
-                        description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                        description: |-
+                          Used to rewrite secret Keys after getting them from the secret Provider
+                          Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                         items:
                           properties:
                             regexp:
-                              description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                              description: |-
+                                Used to rewrite with regular expressions.
+                                The resulting key will be the output of a regexp.ReplaceAll operation.
                               properties:
                                 source:
                                   description: Used to define the regular expression of a re.Compiler.
@@ -4339,10 +5376,14 @@ spec:
                                 - target
                               type: object
                             transform:
-                              description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                              description: |-
+                                Used to apply string transformation on the secrets.
+                                The resulting key will be the output of the template applied by the operation.
                               properties:
                                 template:
-                                  description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                  description: |-
+                                    Used to define the template to apply on the secret name.
+                                    `.value ` will specify the secret name in the template.
                                   type: string
                               required:
                                 - template
@@ -4350,7 +5391,13 @@ spec:
                           type: object
                         type: array
                       sourceRef:
-                        description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                        description: |-
+                          SourceRef points to a store or generator
+                          which contains secret values ready to use.
+                          Use this in combination with Extract or Find pull values out of
+                          a specific SecretStore.
+                          When sourceRef points to a generator Extract or Find is not supported.
+                          The generator returns a static map of values
                         maxProperties: 1
                         properties:
                           generatorRef:
@@ -4374,7 +5421,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4387,13 +5436,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -4405,11 +5459,15 @@ spec:
                   default:
                     creationPolicy: Owner
                     deletionPolicy: Retain
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Orphan
@@ -4418,7 +5476,9 @@ spec:
                       type: string
                     deletionPolicy:
                       default: Retain
-                      description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                      description: |-
+                        DeletionPolicy defines rules on how to delete the resulting Secret
+                        Defaults to 'Retain'
                       enum:
                         - Delete
                         - Merge
@@ -4428,7 +5488,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4439,7 +5502,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v2
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4533,7 +5599,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4557,7 +5626,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4586,7 +5657,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4604,13 +5675,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned.
+          description: |-
+            Fake generator is used for testing. It lets you define
+            a static set of credentials that is always returned.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4618,12 +5700,16 @@ spec:
               description: FakeSpec contains the static data.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 data:
                   additionalProperties:
                     type: string
-                  description: Data defines the static data returned by this generator.
+                  description: |-
+                    Data defines the static data returned
+                    by this generator.
                   type: object
               type: object
           type: object
@@ -4647,7 +5733,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4665,13 +5751,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR.
+          description: |-
+            GCRAccessToken generates an GCP access token
+            that can be used to authenticate with GCR.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4686,13 +5783,17 @@ spec:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -4708,7 +5809,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -4716,7 +5820,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -4755,7 +5861,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4773,13 +5879,25 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes.
+          description: |-
+            Password generates a random password based on the
+            configuration parameters in spec.
+            You can specify the length, characterset and other attributes.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4791,21 +5909,29 @@ spec:
                   description: set AllowRepeat to true to allow repeating characters.
                   type: boolean
                 digits:
-                  description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Digits specifies the number of digits in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
                 length:
                   default: 24
-                  description: Length of the password to be generated. Defaults to 24
+                  description: |-
+                    Length of the password to be generated.
+                    Defaults to 24
                   type: integer
                 noUpper:
                   default: false
                   description: Set NoUpper to disable uppercase characters
                   type: boolean
                 symbolCharacters:
-                  description: SymbolCharacters specifies the special characters that should be used in the generated password.
+                  description: |-
+                    SymbolCharacters specifies the special characters that should be used
+                    in the generated password.
                   type: string
                 symbols:
-                  description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Symbols specifies the number of symbol characters in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
               required:
                 - allowRepeat
@@ -4833,7 +5959,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -4858,10 +5984,19 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4894,7 +6029,9 @@ spec:
                           - remoteRef
                         type: object
                       metadata:
-                        description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                        description: |-
+                          Metadata is metadata attached to the secret.
+                          The structure of metadata is provider specific, please look it up in the provider documentation.
                         x-kubernetes-preserve-unknown-fields: true
                     required:
                       - match
@@ -4915,7 +6052,9 @@ spec:
                     properties:
                       kind:
                         default: SecretStore
-                        description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                        description: |-
+                          Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                          Defaults to `SecretStore`
                         type: string
                       labelSelector:
                         description: Optionally, sync to secret stores with label selector
@@ -4923,16 +6062,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -4944,7 +6091,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -4977,7 +6127,10 @@ spec:
                       type: object
                     engineVersion:
                       default: v2
-                      description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                      description: |-
+                        EngineVersion specifies the template engine version
+                        that should be used to compile/execute the
+                        template specified in .data and .templateFrom[].
                       enum:
                         - v1
                         - v2
@@ -5092,7 +6245,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -5122,7 +6277,9 @@ spec:
                             - remoteRef
                           type: object
                         metadata:
-                          description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                          description: |-
+                            Metadata is metadata attached to the secret.
+                            The structure of metadata is provider specific, please look it up in the provider documentation.
                           x-kubernetes-preserve-unknown-fields: true
                       required:
                         - match
@@ -5155,7 +6312,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -5184,10 +6341,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -5195,7 +6361,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -5212,7 +6380,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -5221,23 +6391,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5245,7 +6430,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5255,51 +6442,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -5358,26 +6566,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5396,7 +6612,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -5405,7 +6624,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5413,39 +6635,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5476,32 +6710,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -5511,10 +6757,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5522,7 +6773,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5571,13 +6824,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5593,7 +6850,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5601,7 +6861,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5628,13 +6890,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5662,13 +6928,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5693,29 +6963,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5726,7 +7008,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5734,7 +7019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5744,16 +7031,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5803,7 +7096,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -5812,26 +7108,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5850,13 +7154,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -5867,10 +7178,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5878,7 +7194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5897,26 +7215,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5925,55 +7257,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -5981,7 +7341,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -5991,55 +7353,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6047,7 +7440,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6057,27 +7452,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -6087,18 +7495,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6124,23 +7540,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -6156,7 +7589,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6197,7 +7634,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -6207,13 +7646,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -6244,13 +7687,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6258,16 +7705,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6334,10 +7787,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -6347,7 +7809,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -6355,16 +7819,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -6376,7 +7848,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -6388,7 +7863,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -6405,7 +7882,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -6414,23 +7893,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6438,7 +7932,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6448,51 +7944,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6505,7 +8022,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6551,26 +8070,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6594,7 +8121,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -6603,7 +8133,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6611,52 +8144,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -6674,10 +8226,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -6719,32 +8281,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -6752,7 +8326,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -6763,10 +8341,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -6774,7 +8357,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -6798,29 +8383,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6833,23 +8430,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6857,7 +8465,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6873,7 +8483,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -6882,7 +8495,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6901,7 +8516,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -6910,13 +8527,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6930,13 +8551,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6947,10 +8572,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -6966,16 +8595,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7048,13 +8684,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7070,7 +8710,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7078,7 +8721,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7105,13 +8750,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7166,13 +8815,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7187,16 +8840,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -7217,29 +8876,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7247,7 +8918,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -7255,7 +8929,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -7264,16 +8940,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7299,7 +8981,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7332,13 +9016,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7364,7 +9052,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -7373,26 +9063,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7411,13 +9109,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -7428,10 +9133,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -7439,7 +9149,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -7461,13 +9173,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7490,13 +9206,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7518,16 +9238,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -7556,39 +9282,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7596,37 +9344,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -7638,7 +9402,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7646,7 +9413,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7668,39 +9437,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -7714,25 +9498,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7740,7 +9540,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7750,55 +9552,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7806,7 +9639,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7816,27 +9651,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7846,13 +9694,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -7860,23 +9712,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7884,7 +9747,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7897,7 +9764,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7910,23 +9779,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -7942,7 +9877,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7983,7 +9922,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -7993,13 +9934,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -8030,13 +9975,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8044,16 +9993,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8073,13 +10028,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8087,16 +10046,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8166,7 +10131,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -8186,17 +10151,28 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 method:
                   description: Vault API method to use (GET/POST/other)
@@ -8214,39 +10190,61 @@ spec:
                       description: Auth configures how secret-manager authenticates with the Vault server.
                       properties:
                         appRole:
-                          description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                          description: |-
+                            AppRole authenticates with Vault using the App Role auth mechanism,
+                            with the role and secret stored in a Kubernetes Secret resource.
                           properties:
                             path:
                               default: approle
-                              description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                              description: |-
+                                Path where the App Role authentication backend is mounted
+                                in Vault, e.g: "approle"
                               type: string
                             roleId:
-                              description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                              description: |-
+                                RoleID configured in the App Role authentication backend when setting
+                                up the authentication backend in Vault.
                               type: string
                             roleRef:
-                              description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role ID used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role id.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role secret used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role secret.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -8254,37 +10252,53 @@ spec:
                             - secretRef
                           type: object
                         cert:
-                          description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                          description: |-
+                            Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                            Cert authentication method
                           properties:
                             clientCert:
-                              description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                              description: |-
+                                ClientCert is a certificate to authenticate using the Cert Vault
+                                authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing client private key to
+                                authenticate with Vault using the Cert authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         iam:
-                          description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                          description: |-
+                            Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                            AWS IAM authentication method
                           properties:
                             externalID:
                               description: AWS External ID set on assumed IAM roles
@@ -8296,7 +10310,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8304,7 +10321,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8326,39 +10345,54 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -8372,25 +10406,41 @@ spec:
                             - vaultRole
                           type: object
                         jwt:
-                          description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                          description: |-
+                            Jwt authenticates with Vault by passing role and JWT token using the
+                            JWT/OIDC authentication method
                           properties:
                             kubernetesServiceAccountToken:
-                              description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                              description: |-
+                                Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                a token for with the `TokenRequest` API.
                               properties:
                                 audiences:
-                                  description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                  description: |-
+                                    Optional audiences field that will be used to request a temporary Kubernetes service
+                                    account token for the service account referenced by `serviceAccountRef`.
+                                    Defaults to a single audience `vault` it not specified.
+                                    Deprecated: use serviceAccountRef.Audiences instead
                                   items:
                                     type: string
                                   type: array
                                 expirationSeconds:
-                                  description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                  description: |-
+                                    Optional expiration time in seconds that will be used to request a temporary
+                                    Kubernetes service account token for the service account referenced by
+                                    `serviceAccountRef`.
+                                    Deprecated: this will be removed in the future.
+                                    Defaults to 10 minutes.
                                   format: int64
                                   type: integer
                                 serviceAccountRef:
                                   description: Service account field containing the name of a kubernetes ServiceAccount.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8398,7 +10448,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8408,55 +10460,86 @@ spec:
                               type: object
                             path:
                               default: jwt
-                              description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                              description: |-
+                                Path where the JWT authentication backend is mounted
+                                in Vault, e.g: "jwt"
                               type: string
                             role:
-                              description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                              description: |-
+                                Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                authentication method
                               type: string
                             secretRef:
-                              description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                              description: |-
+                                Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                authenticate with Vault using the JWT/OIDC authentication method.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
                             - path
                           type: object
                         kubernetes:
-                          description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                          description: |-
+                            Kubernetes authenticates with Vault by passing the ServiceAccount
+                            token stored in the named Secret resource to the Vault server.
                           properties:
                             mountPath:
                               default: kubernetes
-                              description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                              description: |-
+                                Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                "kubernetes"
                               type: string
                             role:
-                              description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                              description: |-
+                                A required field containing the Vault Role to assume. A Role binds a
+                                Kubernetes ServiceAccount with a set of Vault policies.
                               type: string
                             secretRef:
-                              description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                              description: |-
+                                Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                for authenticating with Vault. If a name is specified without a key,
+                                `token` is the default. If one is not specified, the one bound to
+                                the controller will be used.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             serviceAccountRef:
-                              description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                              description: |-
+                                Optional service account field containing the name of a kubernetes ServiceAccount.
+                                If the service account is specified, the service account secret token JWT will be used
+                                for authenticating with Vault. If the service account selector is not supplied,
+                                the secretRef will be used instead.
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -8464,7 +10547,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -8474,27 +10559,40 @@ spec:
                             - role
                           type: object
                         ldap:
-                          description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                          description: |-
+                            Ldap authenticates with Vault by passing username/password pair using
+                            the LDAP authentication method
                           properties:
                             path:
                               default: ldap
-                              description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                              description: |-
+                                Path where the LDAP authentication backend is mounted
+                                in Vault, e.g: "ldap"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the LDAP
+                                user used to authenticate with Vault using the LDAP authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                              description: |-
+                                Username is a LDAP user name used to authenticate using the LDAP Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8504,13 +10602,17 @@ spec:
                           description: TokenSecretRef authenticates with Vault by presenting a token.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         userPass:
@@ -8518,23 +10620,34 @@ spec:
                           properties:
                             path:
                               default: user
-                              description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                              description: |-
+                                Path where the UserPassword authentication backend is mounted
+                                in Vault, e.g: "user"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the
+                                user used to authenticate with Vault using the UserPass authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                              description: |-
+                                Username is a user name used to authenticate using the UserPass Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8542,7 +10655,11 @@ spec:
                           type: object
                       type: object
                     caBundle:
-                      description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                      description: |-
+                        PEM encoded CA bundle used to validate Vault server certificate. Only used
+                        if the Server URL is using HTTPS protocol. This parameter is ignored for
+                        plain HTTP protocol connection. If not set the system root certificates
+                        are used to validate the TLS connection.
                       format: byte
                       type: string
                     caProvider:
@@ -8555,7 +10672,9 @@ spec:
                           description: The name of the object located at the provider type.
                           type: string
                         namespace:
-                          description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                          description: |-
+                            The namespace the Provider type is in.
+                            Can only be defined when used in a ClusterSecretStore.
                           type: string
                         type:
                           description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -8568,23 +10687,89 @@ spec:
                         - type
                       type: object
                     forwardInconsistent:
-                      description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                      description: |-
+                        ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                        leader instead of simply retrying within a loop. This can increase performance if
+                        the option is enabled serverside.
+                        https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                       type: boolean
                     namespace:
-                      description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                      description: |-
+                        Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                        Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                        More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                       type: string
                     path:
-                      description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                      description: |-
+                        Path is the mount path of the Vault KV backend endpoint, e.g:
+                        "secret". The v2 KV secret engine version specific "/data" path suffix
+                        for fetching secrets from Vault is optional and will be appended
+                        if not present in specified path.
                       type: string
                     readYourWrites:
-                      description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                      description: |-
+                        ReadYourWrites ensures isolated read-after-write semantics by
+                        providing discovered cluster replication states in each request.
+                        More information about eventual consistency in Vault can be found here
+                        https://www.vaultproject.io/docs/enterprise/consistency
                       type: boolean
                     server:
                       description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                       type: string
+                    tls:
+                      description: |-
+                        The configuration used for client side related TLS communication, when the Vault server
+                        requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                        This parameter is ignored for plain HTTP protocol connection.
+                        It's worth noting this configuration is different from the "TLS certificates auth method",
+                        which is available under the `auth.cert` section.
+                      properties:
+                        certSecretRef:
+                          description: |-
+                            CertSecretRef is a certificate added to the transport layer
+                            when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                        keySecretRef:
+                          description: |-
+                            KeySecretRef to a key in a Secret resource containing client private key
+                            added to the transport layer when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                      type: object
                     version:
                       default: v2
-                      description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                      description: |-
+                        Version is the Vault KV secret engine version. This can be either "v1" or
+                        "v2". Version defaults to "v2".
                       enum:
                         - v1
                         - v2
@@ -8595,7 +10780,12 @@ spec:
                   type: object
                 resultType:
                   default: Data
-                  description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure.
+                  description: |-
+                    Result type defines which data is returned from the generator.
+                    By default it is the "data" section of the Vault API response.
+                    When using e.g. /auth/token/create the "data" section is empty but
+                    the "auth" section contains the generated token.
+                    Please refer to the vault docs regarding the result data structure.
                   enum:
                     - Data
                     - Auth
@@ -8626,10 +10816,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8693,10 +10883,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8802,10 +10992,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -8842,10 +11032,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -8886,10 +11076,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8907,10 +11097,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8927,10 +11117,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8963,10 +11153,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -9002,10 +11192,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -9023,10 +11213,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -9047,10 +11237,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9062,10 +11252,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -9080,7 +11270,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -9110,10 +11300,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9125,10 +11315,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -9143,7 +11333,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -9160,10 +11350,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9175,10 +11365,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -9193,7 +11383,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-naked.expected.yaml b/tests/golang-external-secrets-naked.expected.yaml
index fda091752..312ed5fac 100644
--- a/tests/golang-external-secrets-naked.expected.yaml
+++ b/tests/golang-external-secrets-naked.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -85,18 +85,39 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md"
+          description: |-
+            ACRAccessToken returns a Azure Container Registry token
+            that can be used for pushing/pulling images.
+            Note: by default it will return an ACR Refresh Token with full access
+            (depending on the identity).
+            This can be scoped down to the repository level using .spec.scope.
+            In case scope is defined it will return an ACR Access Token.
+
+
+            See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
-              description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview'
+              description: |-
+                ACRAccessTokenSpec defines how to generate the access token
+                e.g. how to authenticate and which registry to use.
+                see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview
               properties:
                 auth:
                   properties:
@@ -111,32 +132,42 @@ spec:
                       description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.
                       properties:
                         secretRef:
-                          description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret.
+                          description: |-
+                            Configuration used to authenticate with Azure using static
+                            credentials stored in a Kind=Secret.
                           properties:
                             clientId:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -147,10 +178,15 @@ spec:
                       description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.
                       properties:
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -158,7 +194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -167,7 +205,11 @@ spec:
                   type: object
                 environmentType:
                   default: PublicCloud
-                  description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                  description: |-
+                    EnvironmentType specifies the Azure cloud environment endpoints to use for
+                    connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                    The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                    PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                   enum:
                     - PublicCloud
                     - USGovernmentCloud
@@ -175,10 +217,23 @@ spec:
                     - GermanCloud
                   type: string
                 registry:
-                  description: the domain name of the ACR registry e.g. foobarexample.azurecr.io
+                  description: |-
+                    the domain name of the ACR registry
+                    e.g. foobarexample.azurecr.io
                   type: string
                 scope:
-                  description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/"
+                  description: |-
+                    Define the scope for the access token, e.g. pull/push access for a repository.
+                    if not provided it will return a refresh token that has full scope.
+                    Note: you need to pin it down to the repository level, there is no wildcard available.
+
+
+                    examples:
+                    repository:my-repository:pull,push
+                    repository:my-repository:pull
+
+
+                    see docs for details: https://docs.docker.com/registry/spec/auth/scope/
                   type: string
                 tenantId:
                   description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
@@ -208,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -239,10 +294,19 @@ spec:
           description: ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -273,7 +337,9 @@ spec:
                         description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                         properties:
                           remoteRef:
-                            description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                            description: |-
+                              RemoteRef points to the remote secret and defines
+                              which secret (version/property/..) to fetch.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -311,14 +377,23 @@ spec:
                               - key
                             type: object
                           secretKey:
-                            description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                            description: |-
+                              SecretKey defines the key in which the controller stores
+                              the value. This is the key in the Kind=Secret
                             type: string
                           sourceRef:
-                            description: SourceRef allows you to override the source from which the value will pulled from.
+                            description: |-
+                              SourceRef allows you to override the source
+                              from which the value will pulled from.
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                                description: |-
+                                  GeneratorRef points to a generator custom resource.
+
+
+                                  Deprecated: The generatorRef is not implemented in .data[].
+                                  this will be removed with v1.
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -338,7 +413,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -353,11 +430,15 @@ spec:
                         type: object
                       type: array
                     dataFrom:
-                      description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                      description: |-
+                        DataFrom is used to fetch all properties from a specific Provider data
+                        If multiple entries are specified, the Secret keys are merged in the specified order
                       items:
                         properties:
                           extract:
-                            description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to extract multiple key/value pairs from one secret
+                              Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -395,7 +476,9 @@ spec:
                               - key
                             type: object
                           find:
-                            description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to find secrets based on tags or regular expressions
+                              Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -430,11 +513,15 @@ spec:
                                 type: object
                             type: object
                           rewrite:
-                            description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                            description: |-
+                              Used to rewrite secret Keys after getting them from the secret Provider
+                              Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                             items:
                               properties:
                                 regexp:
-                                  description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                                  description: |-
+                                    Used to rewrite with regular expressions.
+                                    The resulting key will be the output of a regexp.ReplaceAll operation.
                                   properties:
                                     source:
                                       description: Used to define the regular expression of a re.Compiler.
@@ -447,10 +534,14 @@ spec:
                                     - target
                                   type: object
                                 transform:
-                                  description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                                  description: |-
+                                    Used to apply string transformation on the secrets.
+                                    The resulting key will be the output of the template applied by the operation.
                                   properties:
                                     template:
-                                      description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                      description: |-
+                                        Used to define the template to apply on the secret name.
+                                        `.value ` will specify the secret name in the template.
                                       type: string
                                   required:
                                     - template
@@ -458,7 +549,13 @@ spec:
                               type: object
                             type: array
                           sourceRef:
-                            description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                            description: |-
+                              SourceRef points to a store or generator
+                              which contains secret values ready to use.
+                              Use this in combination with Extract or Find pull values out of
+                              a specific SecretStore.
+                              When sourceRef points to a generator Extract or Find is not supported.
+                              The generator returns a static map of values
                             maxProperties: 1
                             properties:
                               generatorRef:
@@ -482,7 +579,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -495,13 +594,18 @@ spec:
                       type: array
                     refreshInterval:
                       default: 1h
-                      description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                      description: |-
+                        RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                        Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                        May be set to zero to fetch and create it once. Defaults to 1h.
                       type: string
                     secretStoreRef:
                       description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                       properties:
                         kind:
-                          description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                          description: |-
+                            Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                            Defaults to `SecretStore`
                           type: string
                         name:
                           description: Name of the SecretStore resource
@@ -513,11 +617,15 @@ spec:
                       default:
                         creationPolicy: Owner
                         deletionPolicy: Retain
-                      description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                      description: |-
+                        ExternalSecretTarget defines the Kubernetes Secret to be created
+                        There can be only one target per ExternalSecret.
                       properties:
                         creationPolicy:
                           default: Owner
-                          description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                          description: |-
+                            CreationPolicy defines rules on how to create the resulting Secret
+                            Defaults to 'Owner'
                           enum:
                             - Owner
                             - Orphan
@@ -526,7 +634,9 @@ spec:
                           type: string
                         deletionPolicy:
                           default: Retain
-                          description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                          description: |-
+                            DeletionPolicy defines rules on how to delete the resulting Secret
+                            Defaults to 'Retain'
                           enum:
                             - Delete
                             - Merge
@@ -536,7 +646,10 @@ spec:
                           description: Immutable defines if the final secret will be immutable
                           type: boolean
                         name:
-                          description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                          description: |-
+                            Name defines the name of the Secret resource to be managed
+                            This field is immutable
+                            Defaults to the .metadata.name of the ExternalSecret resource
                           type: string
                         template:
                           description: Template defines a blueprint for the created Secret resource.
@@ -547,7 +660,10 @@ spec:
                               type: object
                             engineVersion:
                               default: v2
-                              description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                              description: |-
+                                EngineVersion specifies the template engine version
+                                that should be used to compile/execute the
+                                template specified in .data and .templateFrom[].
                               enum:
                                 - v1
                                 - v2
@@ -641,16 +757,24 @@ spec:
                     matchExpressions:
                       description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                       items:
-                        description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
                         properties:
                           key:
                             description: key is the label key that the selector applies to.
                             type: string
                           operator:
-                            description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
                             type: string
                           values:
-                            description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
                             items:
                               type: string
                             type: array
@@ -662,7 +786,10 @@ spec:
                     matchLabels:
                       additionalProperties:
                         type: string
-                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
                       type: object
                   type: object
                   x-kubernetes-map-type: atomic
@@ -739,7 +866,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -768,10 +895,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -779,7 +915,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -796,7 +934,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -805,23 +945,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -829,7 +984,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -839,51 +996,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -942,26 +1120,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -980,7 +1166,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -989,7 +1178,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -997,39 +1189,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1060,32 +1264,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -1095,10 +1311,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1106,7 +1327,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1155,13 +1378,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1177,7 +1404,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1185,7 +1415,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1212,13 +1444,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1246,13 +1482,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1277,29 +1517,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1310,7 +1562,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1318,7 +1573,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1328,16 +1585,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1387,7 +1650,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -1396,26 +1662,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1434,13 +1708,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -1451,10 +1732,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1462,7 +1748,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1481,26 +1769,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1509,55 +1811,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -1565,7 +1895,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -1575,55 +1907,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1631,7 +1994,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1641,27 +2006,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -1671,18 +2049,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1708,23 +2094,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -1740,7 +2143,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1781,7 +2188,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -1791,13 +2200,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -1828,13 +2241,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1842,16 +2259,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1918,10 +2341,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -1931,7 +2363,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -1939,16 +2373,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -1960,7 +2402,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -1972,7 +2417,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -1989,7 +2436,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -1998,23 +2447,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2022,7 +2486,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2032,51 +2498,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -2089,7 +2576,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2135,26 +2624,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2178,7 +2675,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -2187,7 +2687,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2195,52 +2698,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2258,10 +2780,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -2303,32 +2835,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -2336,7 +2880,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -2347,10 +2895,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -2358,7 +2911,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -2382,29 +2937,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2417,23 +2984,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2441,7 +3019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2457,7 +3037,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -2466,7 +3049,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2485,7 +3070,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -2494,13 +3081,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2514,13 +3105,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2531,10 +3126,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -2550,16 +3149,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2632,13 +3238,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2654,7 +3264,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2662,7 +3275,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2689,13 +3304,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2750,13 +3369,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2771,16 +3394,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -2801,29 +3430,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2831,7 +3472,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -2839,7 +3483,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -2848,16 +3494,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2883,7 +3535,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2916,13 +3570,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2948,7 +3606,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -2957,26 +3617,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2995,13 +3663,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -3012,10 +3687,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3023,7 +3703,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -3045,13 +3727,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3074,13 +3760,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3102,16 +3792,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -3140,39 +3836,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -3180,37 +3898,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -3222,7 +3956,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3230,7 +3967,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3252,39 +3991,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -3298,25 +4052,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3324,7 +4094,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3334,55 +4106,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -3390,7 +4193,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -3400,27 +4205,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3430,13 +4248,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -3444,23 +4266,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3468,7 +4301,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3481,7 +4318,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -3494,23 +4333,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -3526,7 +4431,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3567,7 +4476,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -3577,13 +4488,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -3614,13 +4529,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3628,16 +4547,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3657,13 +4582,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3671,16 +4600,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3750,7 +4685,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -3768,13 +4703,28 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
+          description: |-
+            ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
+            authorization token.
+            The authorization token is valid for 12 hours.
+            The authorizationToken returned is a base64 encoded string that can be decoded
+            and used in a docker login command to authenticate to a registry.
+            For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3790,7 +4740,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3798,52 +4751,71 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
                           type: object
                       type: object
                     secretRef:
-                      description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                      description: |-
+                        AWSAuthSecretRef holds secret references for AWS credentials
+                        both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                       properties:
                         accessKeyIDSecretRef:
                           description: The AccessKeyID is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         secretAccessKeySecretRef:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         sessionTokenSecretRef:
-                          description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                          description: |-
+                            The SessionToken used for authentication
+                            This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                            see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -3852,7 +4824,9 @@ spec:
                   description: Region specifies the region to operate in.
                   type: string
                 role:
-                  description: You can assume a role before making calls to the desired AWS service.
+                  description: |-
+                    You can assume a role before making calls to the
+                    desired AWS service.
                   type: string
               required:
                 - region
@@ -3878,7 +4852,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -3910,10 +4884,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3955,7 +4938,9 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     description: ExternalSecretDataRemoteRef defines Provider data location.
                     properties:
@@ -3981,13 +4966,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -3996,11 +4986,15 @@ spec:
                     - name
                   type: object
                 target:
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Merge
@@ -4010,7 +5004,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4021,7 +5018,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v1
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4093,7 +5093,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4117,7 +5120,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4149,10 +5154,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4165,7 +5179,9 @@ spec:
                     description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                     properties:
                       remoteRef:
-                        description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                        description: |-
+                          RemoteRef points to the remote secret and defines
+                          which secret (version/property/..) to fetch.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4203,14 +5219,23 @@ spec:
                           - key
                         type: object
                       secretKey:
-                        description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                        description: |-
+                          SecretKey defines the key in which the controller stores
+                          the value. This is the key in the Kind=Secret
                         type: string
                       sourceRef:
-                        description: SourceRef allows you to override the source from which the value will pulled from.
+                        description: |-
+                          SourceRef allows you to override the source
+                          from which the value will pulled from.
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                            description: |-
+                              GeneratorRef points to a generator custom resource.
+
+
+                              Deprecated: The generatorRef is not implemented in .data[].
+                              this will be removed with v1.
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1
@@ -4230,7 +5255,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4245,11 +5272,15 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     properties:
                       extract:
-                        description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to extract multiple key/value pairs from one secret
+                          Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4287,7 +5318,9 @@ spec:
                           - key
                         type: object
                       find:
-                        description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to find secrets based on tags or regular expressions
+                          Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4322,11 +5355,15 @@ spec:
                             type: object
                         type: object
                       rewrite:
-                        description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                        description: |-
+                          Used to rewrite secret Keys after getting them from the secret Provider
+                          Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                         items:
                           properties:
                             regexp:
-                              description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                              description: |-
+                                Used to rewrite with regular expressions.
+                                The resulting key will be the output of a regexp.ReplaceAll operation.
                               properties:
                                 source:
                                   description: Used to define the regular expression of a re.Compiler.
@@ -4339,10 +5376,14 @@ spec:
                                 - target
                               type: object
                             transform:
-                              description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                              description: |-
+                                Used to apply string transformation on the secrets.
+                                The resulting key will be the output of the template applied by the operation.
                               properties:
                                 template:
-                                  description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                  description: |-
+                                    Used to define the template to apply on the secret name.
+                                    `.value ` will specify the secret name in the template.
                                   type: string
                               required:
                                 - template
@@ -4350,7 +5391,13 @@ spec:
                           type: object
                         type: array
                       sourceRef:
-                        description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                        description: |-
+                          SourceRef points to a store or generator
+                          which contains secret values ready to use.
+                          Use this in combination with Extract or Find pull values out of
+                          a specific SecretStore.
+                          When sourceRef points to a generator Extract or Find is not supported.
+                          The generator returns a static map of values
                         maxProperties: 1
                         properties:
                           generatorRef:
@@ -4374,7 +5421,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4387,13 +5436,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -4405,11 +5459,15 @@ spec:
                   default:
                     creationPolicy: Owner
                     deletionPolicy: Retain
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Orphan
@@ -4418,7 +5476,9 @@ spec:
                       type: string
                     deletionPolicy:
                       default: Retain
-                      description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                      description: |-
+                        DeletionPolicy defines rules on how to delete the resulting Secret
+                        Defaults to 'Retain'
                       enum:
                         - Delete
                         - Merge
@@ -4428,7 +5488,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4439,7 +5502,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v2
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4533,7 +5599,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4557,7 +5626,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4586,7 +5657,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4604,13 +5675,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned.
+          description: |-
+            Fake generator is used for testing. It lets you define
+            a static set of credentials that is always returned.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4618,12 +5700,16 @@ spec:
               description: FakeSpec contains the static data.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 data:
                   additionalProperties:
                     type: string
-                  description: Data defines the static data returned by this generator.
+                  description: |-
+                    Data defines the static data returned
+                    by this generator.
                   type: object
               type: object
           type: object
@@ -4647,7 +5733,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4665,13 +5751,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR.
+          description: |-
+            GCRAccessToken generates an GCP access token
+            that can be used to authenticate with GCR.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4686,13 +5783,17 @@ spec:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -4708,7 +5809,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -4716,7 +5820,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -4755,7 +5861,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4773,13 +5879,25 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes.
+          description: |-
+            Password generates a random password based on the
+            configuration parameters in spec.
+            You can specify the length, characterset and other attributes.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4791,21 +5909,29 @@ spec:
                   description: set AllowRepeat to true to allow repeating characters.
                   type: boolean
                 digits:
-                  description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Digits specifies the number of digits in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
                 length:
                   default: 24
-                  description: Length of the password to be generated. Defaults to 24
+                  description: |-
+                    Length of the password to be generated.
+                    Defaults to 24
                   type: integer
                 noUpper:
                   default: false
                   description: Set NoUpper to disable uppercase characters
                   type: boolean
                 symbolCharacters:
-                  description: SymbolCharacters specifies the special characters that should be used in the generated password.
+                  description: |-
+                    SymbolCharacters specifies the special characters that should be used
+                    in the generated password.
                   type: string
                 symbols:
-                  description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Symbols specifies the number of symbol characters in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
               required:
                 - allowRepeat
@@ -4833,7 +5959,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -4858,10 +5984,19 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4894,7 +6029,9 @@ spec:
                           - remoteRef
                         type: object
                       metadata:
-                        description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                        description: |-
+                          Metadata is metadata attached to the secret.
+                          The structure of metadata is provider specific, please look it up in the provider documentation.
                         x-kubernetes-preserve-unknown-fields: true
                     required:
                       - match
@@ -4915,7 +6052,9 @@ spec:
                     properties:
                       kind:
                         default: SecretStore
-                        description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                        description: |-
+                          Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                          Defaults to `SecretStore`
                         type: string
                       labelSelector:
                         description: Optionally, sync to secret stores with label selector
@@ -4923,16 +6062,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -4944,7 +6091,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -4977,7 +6127,10 @@ spec:
                       type: object
                     engineVersion:
                       default: v2
-                      description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                      description: |-
+                        EngineVersion specifies the template engine version
+                        that should be used to compile/execute the
+                        template specified in .data and .templateFrom[].
                       enum:
                         - v1
                         - v2
@@ -5092,7 +6245,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -5122,7 +6277,9 @@ spec:
                             - remoteRef
                           type: object
                         metadata:
-                          description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                          description: |-
+                            Metadata is metadata attached to the secret.
+                            The structure of metadata is provider specific, please look it up in the provider documentation.
                           x-kubernetes-preserve-unknown-fields: true
                       required:
                         - match
@@ -5155,7 +6312,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -5184,10 +6341,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -5195,7 +6361,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -5212,7 +6380,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -5221,23 +6391,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5245,7 +6430,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5255,51 +6442,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -5358,26 +6566,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5396,7 +6612,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -5405,7 +6624,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5413,39 +6635,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5476,32 +6710,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -5511,10 +6757,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5522,7 +6773,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5571,13 +6824,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5593,7 +6850,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5601,7 +6861,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5628,13 +6890,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5662,13 +6928,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5693,29 +6963,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5726,7 +7008,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5734,7 +7019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5744,16 +7031,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5803,7 +7096,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -5812,26 +7108,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5850,13 +7154,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -5867,10 +7178,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5878,7 +7194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5897,26 +7215,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5925,55 +7257,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -5981,7 +7341,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -5991,55 +7353,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6047,7 +7440,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6057,27 +7452,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -6087,18 +7495,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6124,23 +7540,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -6156,7 +7589,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6197,7 +7634,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -6207,13 +7646,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -6244,13 +7687,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6258,16 +7705,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6334,10 +7787,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -6347,7 +7809,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -6355,16 +7819,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -6376,7 +7848,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -6388,7 +7863,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -6405,7 +7882,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -6414,23 +7893,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6438,7 +7932,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6448,51 +7944,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6505,7 +8022,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6551,26 +8070,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6594,7 +8121,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -6603,7 +8133,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6611,52 +8144,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -6674,10 +8226,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -6719,32 +8281,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -6752,7 +8326,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -6763,10 +8341,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -6774,7 +8357,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -6798,29 +8383,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6833,23 +8430,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6857,7 +8465,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6873,7 +8483,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -6882,7 +8495,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6901,7 +8516,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -6910,13 +8527,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6930,13 +8551,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6947,10 +8572,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -6966,16 +8595,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7048,13 +8684,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7070,7 +8710,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7078,7 +8721,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7105,13 +8750,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7166,13 +8815,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7187,16 +8840,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -7217,29 +8876,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7247,7 +8918,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -7255,7 +8929,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -7264,16 +8940,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7299,7 +8981,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7332,13 +9016,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7364,7 +9052,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -7373,26 +9063,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7411,13 +9109,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -7428,10 +9133,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -7439,7 +9149,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -7461,13 +9173,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7490,13 +9206,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7518,16 +9238,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -7556,39 +9282,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7596,37 +9344,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -7638,7 +9402,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7646,7 +9413,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7668,39 +9437,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -7714,25 +9498,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7740,7 +9540,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7750,55 +9552,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7806,7 +9639,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7816,27 +9651,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7846,13 +9694,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -7860,23 +9712,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7884,7 +9747,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7897,7 +9764,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7910,23 +9779,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -7942,7 +9877,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7983,7 +9922,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -7993,13 +9934,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -8030,13 +9975,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8044,16 +9993,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8073,13 +10028,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8087,16 +10046,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8166,7 +10131,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -8186,17 +10151,28 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 method:
                   description: Vault API method to use (GET/POST/other)
@@ -8214,39 +10190,61 @@ spec:
                       description: Auth configures how secret-manager authenticates with the Vault server.
                       properties:
                         appRole:
-                          description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                          description: |-
+                            AppRole authenticates with Vault using the App Role auth mechanism,
+                            with the role and secret stored in a Kubernetes Secret resource.
                           properties:
                             path:
                               default: approle
-                              description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                              description: |-
+                                Path where the App Role authentication backend is mounted
+                                in Vault, e.g: "approle"
                               type: string
                             roleId:
-                              description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                              description: |-
+                                RoleID configured in the App Role authentication backend when setting
+                                up the authentication backend in Vault.
                               type: string
                             roleRef:
-                              description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role ID used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role id.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role secret used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role secret.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -8254,37 +10252,53 @@ spec:
                             - secretRef
                           type: object
                         cert:
-                          description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                          description: |-
+                            Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                            Cert authentication method
                           properties:
                             clientCert:
-                              description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                              description: |-
+                                ClientCert is a certificate to authenticate using the Cert Vault
+                                authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing client private key to
+                                authenticate with Vault using the Cert authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         iam:
-                          description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                          description: |-
+                            Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                            AWS IAM authentication method
                           properties:
                             externalID:
                               description: AWS External ID set on assumed IAM roles
@@ -8296,7 +10310,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8304,7 +10321,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8326,39 +10345,54 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -8372,25 +10406,41 @@ spec:
                             - vaultRole
                           type: object
                         jwt:
-                          description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                          description: |-
+                            Jwt authenticates with Vault by passing role and JWT token using the
+                            JWT/OIDC authentication method
                           properties:
                             kubernetesServiceAccountToken:
-                              description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                              description: |-
+                                Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                a token for with the `TokenRequest` API.
                               properties:
                                 audiences:
-                                  description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                  description: |-
+                                    Optional audiences field that will be used to request a temporary Kubernetes service
+                                    account token for the service account referenced by `serviceAccountRef`.
+                                    Defaults to a single audience `vault` it not specified.
+                                    Deprecated: use serviceAccountRef.Audiences instead
                                   items:
                                     type: string
                                   type: array
                                 expirationSeconds:
-                                  description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                  description: |-
+                                    Optional expiration time in seconds that will be used to request a temporary
+                                    Kubernetes service account token for the service account referenced by
+                                    `serviceAccountRef`.
+                                    Deprecated: this will be removed in the future.
+                                    Defaults to 10 minutes.
                                   format: int64
                                   type: integer
                                 serviceAccountRef:
                                   description: Service account field containing the name of a kubernetes ServiceAccount.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8398,7 +10448,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8408,55 +10460,86 @@ spec:
                               type: object
                             path:
                               default: jwt
-                              description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                              description: |-
+                                Path where the JWT authentication backend is mounted
+                                in Vault, e.g: "jwt"
                               type: string
                             role:
-                              description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                              description: |-
+                                Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                authentication method
                               type: string
                             secretRef:
-                              description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                              description: |-
+                                Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                authenticate with Vault using the JWT/OIDC authentication method.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
                             - path
                           type: object
                         kubernetes:
-                          description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                          description: |-
+                            Kubernetes authenticates with Vault by passing the ServiceAccount
+                            token stored in the named Secret resource to the Vault server.
                           properties:
                             mountPath:
                               default: kubernetes
-                              description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                              description: |-
+                                Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                "kubernetes"
                               type: string
                             role:
-                              description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                              description: |-
+                                A required field containing the Vault Role to assume. A Role binds a
+                                Kubernetes ServiceAccount with a set of Vault policies.
                               type: string
                             secretRef:
-                              description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                              description: |-
+                                Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                for authenticating with Vault. If a name is specified without a key,
+                                `token` is the default. If one is not specified, the one bound to
+                                the controller will be used.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             serviceAccountRef:
-                              description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                              description: |-
+                                Optional service account field containing the name of a kubernetes ServiceAccount.
+                                If the service account is specified, the service account secret token JWT will be used
+                                for authenticating with Vault. If the service account selector is not supplied,
+                                the secretRef will be used instead.
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -8464,7 +10547,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -8474,27 +10559,40 @@ spec:
                             - role
                           type: object
                         ldap:
-                          description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                          description: |-
+                            Ldap authenticates with Vault by passing username/password pair using
+                            the LDAP authentication method
                           properties:
                             path:
                               default: ldap
-                              description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                              description: |-
+                                Path where the LDAP authentication backend is mounted
+                                in Vault, e.g: "ldap"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the LDAP
+                                user used to authenticate with Vault using the LDAP authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                              description: |-
+                                Username is a LDAP user name used to authenticate using the LDAP Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8504,13 +10602,17 @@ spec:
                           description: TokenSecretRef authenticates with Vault by presenting a token.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         userPass:
@@ -8518,23 +10620,34 @@ spec:
                           properties:
                             path:
                               default: user
-                              description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                              description: |-
+                                Path where the UserPassword authentication backend is mounted
+                                in Vault, e.g: "user"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the
+                                user used to authenticate with Vault using the UserPass authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                              description: |-
+                                Username is a user name used to authenticate using the UserPass Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8542,7 +10655,11 @@ spec:
                           type: object
                       type: object
                     caBundle:
-                      description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                      description: |-
+                        PEM encoded CA bundle used to validate Vault server certificate. Only used
+                        if the Server URL is using HTTPS protocol. This parameter is ignored for
+                        plain HTTP protocol connection. If not set the system root certificates
+                        are used to validate the TLS connection.
                       format: byte
                       type: string
                     caProvider:
@@ -8555,7 +10672,9 @@ spec:
                           description: The name of the object located at the provider type.
                           type: string
                         namespace:
-                          description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                          description: |-
+                            The namespace the Provider type is in.
+                            Can only be defined when used in a ClusterSecretStore.
                           type: string
                         type:
                           description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -8568,23 +10687,89 @@ spec:
                         - type
                       type: object
                     forwardInconsistent:
-                      description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                      description: |-
+                        ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                        leader instead of simply retrying within a loop. This can increase performance if
+                        the option is enabled serverside.
+                        https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                       type: boolean
                     namespace:
-                      description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                      description: |-
+                        Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                        Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                        More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                       type: string
                     path:
-                      description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                      description: |-
+                        Path is the mount path of the Vault KV backend endpoint, e.g:
+                        "secret". The v2 KV secret engine version specific "/data" path suffix
+                        for fetching secrets from Vault is optional and will be appended
+                        if not present in specified path.
                       type: string
                     readYourWrites:
-                      description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                      description: |-
+                        ReadYourWrites ensures isolated read-after-write semantics by
+                        providing discovered cluster replication states in each request.
+                        More information about eventual consistency in Vault can be found here
+                        https://www.vaultproject.io/docs/enterprise/consistency
                       type: boolean
                     server:
                       description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                       type: string
+                    tls:
+                      description: |-
+                        The configuration used for client side related TLS communication, when the Vault server
+                        requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                        This parameter is ignored for plain HTTP protocol connection.
+                        It's worth noting this configuration is different from the "TLS certificates auth method",
+                        which is available under the `auth.cert` section.
+                      properties:
+                        certSecretRef:
+                          description: |-
+                            CertSecretRef is a certificate added to the transport layer
+                            when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                        keySecretRef:
+                          description: |-
+                            KeySecretRef to a key in a Secret resource containing client private key
+                            added to the transport layer when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                      type: object
                     version:
                       default: v2
-                      description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                      description: |-
+                        Version is the Vault KV secret engine version. This can be either "v1" or
+                        "v2". Version defaults to "v2".
                       enum:
                         - v1
                         - v2
@@ -8595,7 +10780,12 @@ spec:
                   type: object
                 resultType:
                   default: Data
-                  description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure.
+                  description: |-
+                    Result type defines which data is returned from the generator.
+                    By default it is the "data" section of the Vault API response.
+                    When using e.g. /auth/token/create the "data" section is empty but
+                    the "auth" section contains the generated token.
+                    Please refer to the vault docs regarding the result data structure.
                   enum:
                     - Data
                     - Auth
@@ -8626,10 +10816,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8693,10 +10883,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8802,10 +10992,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -8842,10 +11032,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -8886,10 +11076,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8907,10 +11097,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8927,10 +11117,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8963,10 +11153,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -9002,10 +11192,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -9023,10 +11213,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -9047,10 +11237,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9062,10 +11252,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -9080,7 +11270,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -9110,10 +11300,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9125,10 +11315,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -9143,7 +11333,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -9160,10 +11350,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9175,10 +11365,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -9193,7 +11383,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-normal.expected.yaml b/tests/golang-external-secrets-normal.expected.yaml
index 3fca7728d..ffcf6cb6e 100644
--- a/tests/golang-external-secrets-normal.expected.yaml
+++ b/tests/golang-external-secrets-normal.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -85,18 +85,39 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md"
+          description: |-
+            ACRAccessToken returns a Azure Container Registry token
+            that can be used for pushing/pulling images.
+            Note: by default it will return an ACR Refresh Token with full access
+            (depending on the identity).
+            This can be scoped down to the repository level using .spec.scope.
+            In case scope is defined it will return an ACR Access Token.
+
+
+            See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
-              description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview'
+              description: |-
+                ACRAccessTokenSpec defines how to generate the access token
+                e.g. how to authenticate and which registry to use.
+                see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview
               properties:
                 auth:
                   properties:
@@ -111,32 +132,42 @@ spec:
                       description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.
                       properties:
                         secretRef:
-                          description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret.
+                          description: |-
+                            Configuration used to authenticate with Azure using static
+                            credentials stored in a Kind=Secret.
                           properties:
                             clientId:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -147,10 +178,15 @@ spec:
                       description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.
                       properties:
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -158,7 +194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -167,7 +205,11 @@ spec:
                   type: object
                 environmentType:
                   default: PublicCloud
-                  description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                  description: |-
+                    EnvironmentType specifies the Azure cloud environment endpoints to use for
+                    connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                    The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                    PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                   enum:
                     - PublicCloud
                     - USGovernmentCloud
@@ -175,10 +217,23 @@ spec:
                     - GermanCloud
                   type: string
                 registry:
-                  description: the domain name of the ACR registry e.g. foobarexample.azurecr.io
+                  description: |-
+                    the domain name of the ACR registry
+                    e.g. foobarexample.azurecr.io
                   type: string
                 scope:
-                  description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/"
+                  description: |-
+                    Define the scope for the access token, e.g. pull/push access for a repository.
+                    if not provided it will return a refresh token that has full scope.
+                    Note: you need to pin it down to the repository level, there is no wildcard available.
+
+
+                    examples:
+                    repository:my-repository:pull,push
+                    repository:my-repository:pull
+
+
+                    see docs for details: https://docs.docker.com/registry/spec/auth/scope/
                   type: string
                 tenantId:
                   description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
@@ -208,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -239,10 +294,19 @@ spec:
           description: ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -273,7 +337,9 @@ spec:
                         description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                         properties:
                           remoteRef:
-                            description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                            description: |-
+                              RemoteRef points to the remote secret and defines
+                              which secret (version/property/..) to fetch.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -311,14 +377,23 @@ spec:
                               - key
                             type: object
                           secretKey:
-                            description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                            description: |-
+                              SecretKey defines the key in which the controller stores
+                              the value. This is the key in the Kind=Secret
                             type: string
                           sourceRef:
-                            description: SourceRef allows you to override the source from which the value will pulled from.
+                            description: |-
+                              SourceRef allows you to override the source
+                              from which the value will pulled from.
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                                description: |-
+                                  GeneratorRef points to a generator custom resource.
+
+
+                                  Deprecated: The generatorRef is not implemented in .data[].
+                                  this will be removed with v1.
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -338,7 +413,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -353,11 +430,15 @@ spec:
                         type: object
                       type: array
                     dataFrom:
-                      description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                      description: |-
+                        DataFrom is used to fetch all properties from a specific Provider data
+                        If multiple entries are specified, the Secret keys are merged in the specified order
                       items:
                         properties:
                           extract:
-                            description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to extract multiple key/value pairs from one secret
+                              Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -395,7 +476,9 @@ spec:
                               - key
                             type: object
                           find:
-                            description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                            description: |-
+                              Used to find secrets based on tags or regular expressions
+                              Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                             properties:
                               conversionStrategy:
                                 default: Default
@@ -430,11 +513,15 @@ spec:
                                 type: object
                             type: object
                           rewrite:
-                            description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                            description: |-
+                              Used to rewrite secret Keys after getting them from the secret Provider
+                              Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                             items:
                               properties:
                                 regexp:
-                                  description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                                  description: |-
+                                    Used to rewrite with regular expressions.
+                                    The resulting key will be the output of a regexp.ReplaceAll operation.
                                   properties:
                                     source:
                                       description: Used to define the regular expression of a re.Compiler.
@@ -447,10 +534,14 @@ spec:
                                     - target
                                   type: object
                                 transform:
-                                  description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                                  description: |-
+                                    Used to apply string transformation on the secrets.
+                                    The resulting key will be the output of the template applied by the operation.
                                   properties:
                                     template:
-                                      description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                      description: |-
+                                        Used to define the template to apply on the secret name.
+                                        `.value ` will specify the secret name in the template.
                                       type: string
                                   required:
                                     - template
@@ -458,7 +549,13 @@ spec:
                               type: object
                             type: array
                           sourceRef:
-                            description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                            description: |-
+                              SourceRef points to a store or generator
+                              which contains secret values ready to use.
+                              Use this in combination with Extract or Find pull values out of
+                              a specific SecretStore.
+                              When sourceRef points to a generator Extract or Find is not supported.
+                              The generator returns a static map of values
                             maxProperties: 1
                             properties:
                               generatorRef:
@@ -482,7 +579,9 @@ spec:
                                 description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                                 properties:
                                   kind:
-                                    description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                    description: |-
+                                      Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                      Defaults to `SecretStore`
                                     type: string
                                   name:
                                     description: Name of the SecretStore resource
@@ -495,13 +594,18 @@ spec:
                       type: array
                     refreshInterval:
                       default: 1h
-                      description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                      description: |-
+                        RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                        Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                        May be set to zero to fetch and create it once. Defaults to 1h.
                       type: string
                     secretStoreRef:
                       description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                       properties:
                         kind:
-                          description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                          description: |-
+                            Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                            Defaults to `SecretStore`
                           type: string
                         name:
                           description: Name of the SecretStore resource
@@ -513,11 +617,15 @@ spec:
                       default:
                         creationPolicy: Owner
                         deletionPolicy: Retain
-                      description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                      description: |-
+                        ExternalSecretTarget defines the Kubernetes Secret to be created
+                        There can be only one target per ExternalSecret.
                       properties:
                         creationPolicy:
                           default: Owner
-                          description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                          description: |-
+                            CreationPolicy defines rules on how to create the resulting Secret
+                            Defaults to 'Owner'
                           enum:
                             - Owner
                             - Orphan
@@ -526,7 +634,9 @@ spec:
                           type: string
                         deletionPolicy:
                           default: Retain
-                          description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                          description: |-
+                            DeletionPolicy defines rules on how to delete the resulting Secret
+                            Defaults to 'Retain'
                           enum:
                             - Delete
                             - Merge
@@ -536,7 +646,10 @@ spec:
                           description: Immutable defines if the final secret will be immutable
                           type: boolean
                         name:
-                          description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                          description: |-
+                            Name defines the name of the Secret resource to be managed
+                            This field is immutable
+                            Defaults to the .metadata.name of the ExternalSecret resource
                           type: string
                         template:
                           description: Template defines a blueprint for the created Secret resource.
@@ -547,7 +660,10 @@ spec:
                               type: object
                             engineVersion:
                               default: v2
-                              description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                              description: |-
+                                EngineVersion specifies the template engine version
+                                that should be used to compile/execute the
+                                template specified in .data and .templateFrom[].
                               enum:
                                 - v1
                                 - v2
@@ -641,16 +757,24 @@ spec:
                     matchExpressions:
                       description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                       items:
-                        description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
                         properties:
                           key:
                             description: key is the label key that the selector applies to.
                             type: string
                           operator:
-                            description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
                             type: string
                           values:
-                            description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
                             items:
                               type: string
                             type: array
@@ -662,7 +786,10 @@ spec:
                     matchLabels:
                       additionalProperties:
                         type: string
-                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
                       type: object
                   type: object
                   x-kubernetes-map-type: atomic
@@ -739,7 +866,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -768,10 +895,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -779,7 +915,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -796,7 +934,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -805,23 +945,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -829,7 +984,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -839,51 +996,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -942,26 +1120,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -980,7 +1166,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -989,7 +1178,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -997,39 +1189,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1060,32 +1264,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -1095,10 +1311,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1106,7 +1327,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1155,13 +1378,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1177,7 +1404,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1185,7 +1415,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1212,13 +1444,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1246,13 +1482,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1277,29 +1517,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1310,7 +1562,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1318,7 +1573,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1328,16 +1585,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -1387,7 +1650,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -1396,26 +1662,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1434,13 +1708,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -1451,10 +1732,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -1462,7 +1748,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -1481,26 +1769,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -1509,55 +1811,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -1565,7 +1895,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -1575,55 +1907,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -1631,7 +1994,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -1641,27 +2006,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -1671,18 +2049,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1708,23 +2094,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -1740,7 +2143,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -1781,7 +2188,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -1791,13 +2200,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -1828,13 +2241,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1842,16 +2259,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -1918,10 +2341,19 @@ spec:
           description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -1931,7 +2363,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -1939,16 +2373,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -1960,7 +2402,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -1972,7 +2417,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -1989,7 +2436,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -1998,23 +2447,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2022,7 +2486,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2032,51 +2498,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -2089,7 +2576,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2135,26 +2624,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2178,7 +2675,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -2187,7 +2687,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2195,52 +2698,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2258,10 +2780,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -2303,32 +2835,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -2336,7 +2880,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -2347,10 +2895,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -2358,7 +2911,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -2382,29 +2937,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2417,23 +2984,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2441,7 +3019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2457,7 +3037,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -2466,7 +3049,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2485,7 +3070,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -2494,13 +3081,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2514,13 +3105,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -2531,10 +3126,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -2550,16 +3149,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2632,13 +3238,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2654,7 +3264,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -2662,7 +3275,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -2689,13 +3304,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2750,13 +3369,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2771,16 +3394,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -2801,29 +3430,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2831,7 +3472,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -2839,7 +3483,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -2848,16 +3494,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -2883,7 +3535,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -2916,13 +3570,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2948,7 +3606,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -2957,26 +3617,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -2995,13 +3663,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -3012,10 +3687,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3023,7 +3703,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -3045,13 +3727,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3074,13 +3760,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -3102,16 +3792,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -3140,39 +3836,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -3180,37 +3898,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -3222,7 +3956,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3230,7 +3967,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3252,39 +3991,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -3298,25 +4052,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -3324,7 +4094,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -3334,55 +4106,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -3390,7 +4193,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -3400,27 +4205,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3430,13 +4248,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -3444,23 +4266,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -3468,7 +4301,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3481,7 +4318,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -3494,23 +4333,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -3526,7 +4431,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -3567,7 +4476,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -3577,13 +4488,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -3614,13 +4529,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3628,16 +4547,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3657,13 +4582,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3671,16 +4600,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -3750,7 +4685,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -3768,13 +4703,28 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
+          description: |-
+            ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
+            authorization token.
+            The authorization token is valid for 12 hours.
+            The authorizationToken returned is a base64 encoded string that can be decoded
+            and used in a docker login command to authenticate to a registry.
+            For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3790,7 +4740,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -3798,52 +4751,71 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
                           type: object
                       type: object
                     secretRef:
-                      description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                      description: |-
+                        AWSAuthSecretRef holds secret references for AWS credentials
+                        both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                       properties:
                         accessKeyIDSecretRef:
                           description: The AccessKeyID is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         secretAccessKeySecretRef:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         sessionTokenSecretRef:
-                          description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                          description: |-
+                            The SessionToken used for authentication
+                            This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                            see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -3852,7 +4824,9 @@ spec:
                   description: Region specifies the region to operate in.
                   type: string
                 role:
-                  description: You can assume a role before making calls to the desired AWS service.
+                  description: |-
+                    You can assume a role before making calls to the
+                    desired AWS service.
                   type: string
               required:
                 - region
@@ -3878,7 +4852,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -3910,10 +4884,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -3955,7 +4938,9 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     description: ExternalSecretDataRemoteRef defines Provider data location.
                     properties:
@@ -3981,13 +4966,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -3996,11 +4986,15 @@ spec:
                     - name
                   type: object
                 target:
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Merge
@@ -4010,7 +5004,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4021,7 +5018,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v1
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4093,7 +5093,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4117,7 +5120,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4149,10 +5154,19 @@ spec:
           description: ExternalSecret is the Schema for the external-secrets API.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4165,7 +5179,9 @@ spec:
                     description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
                     properties:
                       remoteRef:
-                        description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch.
+                        description: |-
+                          RemoteRef points to the remote secret and defines
+                          which secret (version/property/..) to fetch.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4203,14 +5219,23 @@ spec:
                           - key
                         type: object
                       secretKey:
-                        description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret
+                        description: |-
+                          SecretKey defines the key in which the controller stores
+                          the value. This is the key in the Kind=Secret
                         type: string
                       sourceRef:
-                        description: SourceRef allows you to override the source from which the value will pulled from.
+                        description: |-
+                          SourceRef allows you to override the source
+                          from which the value will pulled from.
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
+                            description: |-
+                              GeneratorRef points to a generator custom resource.
+
+
+                              Deprecated: The generatorRef is not implemented in .data[].
+                              this will be removed with v1.
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1
@@ -4230,7 +5255,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4245,11 +5272,15 @@ spec:
                     type: object
                   type: array
                 dataFrom:
-                  description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order
+                  description: |-
+                    DataFrom is used to fetch all properties from a specific Provider data
+                    If multiple entries are specified, the Secret keys are merged in the specified order
                   items:
                     properties:
                       extract:
-                        description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to extract multiple key/value pairs from one secret
+                          Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4287,7 +5318,9 @@ spec:
                           - key
                         type: object
                       find:
-                        description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.'
+                        description: |-
+                          Used to find secrets based on tags or regular expressions
+                          Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
                         properties:
                           conversionStrategy:
                             default: Default
@@ -4322,11 +5355,15 @@ spec:
                             type: object
                         type: object
                       rewrite:
-                        description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
+                        description: |-
+                          Used to rewrite secret Keys after getting them from the secret Provider
+                          Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
                         items:
                           properties:
                             regexp:
-                              description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation.
+                              description: |-
+                                Used to rewrite with regular expressions.
+                                The resulting key will be the output of a regexp.ReplaceAll operation.
                               properties:
                                 source:
                                   description: Used to define the regular expression of a re.Compiler.
@@ -4339,10 +5376,14 @@ spec:
                                 - target
                               type: object
                             transform:
-                              description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
+                              description: |-
+                                Used to apply string transformation on the secrets.
+                                The resulting key will be the output of the template applied by the operation.
                               properties:
                                 template:
-                                  description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
+                                  description: |-
+                                    Used to define the template to apply on the secret name.
+                                    `.value ` will specify the secret name in the template.
                                   type: string
                               required:
                                 - template
@@ -4350,7 +5391,13 @@ spec:
                           type: object
                         type: array
                       sourceRef:
-                        description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values
+                        description: |-
+                          SourceRef points to a store or generator
+                          which contains secret values ready to use.
+                          Use this in combination with Extract or Find pull values out of
+                          a specific SecretStore.
+                          When sourceRef points to a generator Extract or Find is not supported.
+                          The generator returns a static map of values
                         maxProperties: 1
                         properties:
                           generatorRef:
@@ -4374,7 +5421,9 @@ spec:
                             description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                             properties:
                               kind:
-                                description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                                description: |-
+                                  Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                                  Defaults to `SecretStore`
                                 type: string
                               name:
                                 description: Name of the SecretStore resource
@@ -4387,13 +5436,18 @@ spec:
                   type: array
                 refreshInterval:
                   default: 1h
-                  description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h.
+                  description: |-
+                    RefreshInterval is the amount of time before the values are read again from the SecretStore provider
+                    Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+                    May be set to zero to fetch and create it once. Defaults to 1h.
                   type: string
                 secretStoreRef:
                   description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
                   properties:
                     kind:
-                      description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                      description: |-
+                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                        Defaults to `SecretStore`
                       type: string
                     name:
                       description: Name of the SecretStore resource
@@ -4405,11 +5459,15 @@ spec:
                   default:
                     creationPolicy: Owner
                     deletionPolicy: Retain
-                  description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
+                  description: |-
+                    ExternalSecretTarget defines the Kubernetes Secret to be created
+                    There can be only one target per ExternalSecret.
                   properties:
                     creationPolicy:
                       default: Owner
-                      description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
+                      description: |-
+                        CreationPolicy defines rules on how to create the resulting Secret
+                        Defaults to 'Owner'
                       enum:
                         - Owner
                         - Orphan
@@ -4418,7 +5476,9 @@ spec:
                       type: string
                     deletionPolicy:
                       default: Retain
-                      description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'
+                      description: |-
+                        DeletionPolicy defines rules on how to delete the resulting Secret
+                        Defaults to 'Retain'
                       enum:
                         - Delete
                         - Merge
@@ -4428,7 +5488,10 @@ spec:
                       description: Immutable defines if the final secret will be immutable
                       type: boolean
                     name:
-                      description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource
+                      description: |-
+                        Name defines the name of the Secret resource to be managed
+                        This field is immutable
+                        Defaults to the .metadata.name of the ExternalSecret resource
                       type: string
                     template:
                       description: Template defines a blueprint for the created Secret resource.
@@ -4439,7 +5502,10 @@ spec:
                           type: object
                         engineVersion:
                           default: v2
-                          description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                          description: |-
+                            EngineVersion specifies the template engine version
+                            that should be used to compile/execute the
+                            template specified in .data and .templateFrom[].
                           enum:
                             - v1
                             - v2
@@ -4533,7 +5599,10 @@ spec:
                   description: Binding represents a servicebinding.io Provisioned Service reference to the secret
                   properties:
                     name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                      description: |-
+                        Name of the referent.
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?
                       type: string
                   type: object
                   x-kubernetes-map-type: atomic
@@ -4557,7 +5626,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -4586,7 +5657,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4604,13 +5675,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned.
+          description: |-
+            Fake generator is used for testing. It lets you define
+            a static set of credentials that is always returned.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4618,12 +5700,16 @@ spec:
               description: FakeSpec contains the static data.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 data:
                   additionalProperties:
                     type: string
-                  description: Data defines the static data returned by this generator.
+                  description: |-
+                    Data defines the static data returned
+                    by this generator.
                   type: object
               type: object
           type: object
@@ -4647,7 +5733,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4665,13 +5751,24 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR.
+          description: |-
+            GCRAccessToken generates an GCP access token
+            that can be used to authenticate with GCR.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4686,13 +5783,17 @@ spec:
                           description: The SecretAccessKey is used for authentication
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                       type: object
@@ -4708,7 +5809,10 @@ spec:
                           description: A reference to a ServiceAccount resource.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -4716,7 +5820,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -4755,7 +5861,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -4773,13 +5879,25 @@ spec:
     - name: v1alpha1
       schema:
         openAPIV3Schema:
-          description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes.
+          description: |-
+            Password generates a random password based on the
+            configuration parameters in spec.
+            You can specify the length, characterset and other attributes.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4791,21 +5909,29 @@ spec:
                   description: set AllowRepeat to true to allow repeating characters.
                   type: boolean
                 digits:
-                  description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Digits specifies the number of digits in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
                 length:
                   default: 24
-                  description: Length of the password to be generated. Defaults to 24
+                  description: |-
+                    Length of the password to be generated.
+                    Defaults to 24
                   type: integer
                 noUpper:
                   default: false
                   description: Set NoUpper to disable uppercase characters
                   type: boolean
                 symbolCharacters:
-                  description: SymbolCharacters specifies the special characters that should be used in the generated password.
+                  description: |-
+                    SymbolCharacters specifies the special characters that should be used
+                    in the generated password.
                   type: string
                 symbols:
-                  description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password
+                  description: |-
+                    Symbols specifies the number of symbol characters in the generated
+                    password. If omitted it defaults to 25% of the length of the password
                   type: integer
               required:
                 - allowRepeat
@@ -4833,7 +5959,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -4858,10 +5984,19 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -4894,7 +6029,9 @@ spec:
                           - remoteRef
                         type: object
                       metadata:
-                        description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                        description: |-
+                          Metadata is metadata attached to the secret.
+                          The structure of metadata is provider specific, please look it up in the provider documentation.
                         x-kubernetes-preserve-unknown-fields: true
                     required:
                       - match
@@ -4915,7 +6052,9 @@ spec:
                     properties:
                       kind:
                         default: SecretStore
-                        description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                        description: |-
+                          Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                          Defaults to `SecretStore`
                         type: string
                       labelSelector:
                         description: Optionally, sync to secret stores with label selector
@@ -4923,16 +6062,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -4944,7 +6091,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -4977,7 +6127,10 @@ spec:
                       type: object
                     engineVersion:
                       default: v2
-                      description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
+                      description: |-
+                        EngineVersion specifies the template engine version
+                        that should be used to compile/execute the
+                        template specified in .data and .templateFrom[].
                       enum:
                         - v1
                         - v2
@@ -5092,7 +6245,9 @@ spec:
                     type: object
                   type: array
                 refreshTime:
-                  description: refreshTime is the time and date the external secret was fetched and the target secret updated
+                  description: |-
+                    refreshTime is the time and date the external secret was fetched and
+                    the target secret updated
                   format: date-time
                   nullable: true
                   type: string
@@ -5122,7 +6277,9 @@ spec:
                             - remoteRef
                           type: object
                         metadata:
-                          description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation.
+                          description: |-
+                            Metadata is metadata attached to the secret.
+                            The structure of metadata is provider specific, please look it up in the provider documentation.
                           x-kubernetes-preserve-unknown-fields: true
                       required:
                         - match
@@ -5155,7 +6312,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -5184,10 +6341,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -5195,7 +6361,9 @@ spec:
               description: SecretStoreSpec defines the desired state of SecretStore.
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -5212,7 +6380,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -5221,23 +6391,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5245,7 +6430,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5255,51 +6442,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -5358,26 +6566,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5396,7 +6612,10 @@ spec:
                       description: AWS configures this store to sync secrets using AWS Secret Manager provider
                       properties:
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -5405,7 +6624,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5413,39 +6635,51 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5476,32 +6710,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -5511,10 +6757,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5522,7 +6773,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5571,13 +6824,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5593,7 +6850,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5601,7 +6861,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5628,13 +6890,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5662,13 +6928,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5693,29 +6963,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5726,7 +7008,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -5734,7 +7019,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -5744,16 +7031,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -5803,7 +7096,10 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, instance principal is used. Optionally, the authenticating principal type
+                            and/or user data may be supplied for the use of workload identity and user principal.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -5812,26 +7108,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5850,13 +7154,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -5867,10 +7178,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -5878,7 +7194,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -5897,26 +7215,40 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -5925,55 +7257,83 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -5981,7 +7341,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -5991,55 +7353,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6047,7 +7440,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6057,27 +7452,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -6087,18 +7495,26 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6124,23 +7540,40 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -6156,7 +7589,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6197,7 +7634,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -6207,13 +7646,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -6244,13 +7687,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6258,16 +7705,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -6334,10 +7787,19 @@ spec:
           description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
@@ -6347,7 +7809,9 @@ spec:
                 conditions:
                   description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
                   items:
-                    description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+                    description: |-
+                      ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+                      for a ClusterSecretStore instance.
                     properties:
                       namespaceSelector:
                         description: Choose namespace using a labelSelector
@@ -6355,16 +7819,24 @@ spec:
                           matchExpressions:
                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                             items:
-                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
                               properties:
                                 key:
                                   description: key is the label key that the selector applies to.
                                   type: string
                                 operator:
-                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
                                   type: string
                                 values:
-                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
                                   items:
                                     type: string
                                   type: array
@@ -6376,7 +7848,10 @@ spec:
                           matchLabels:
                             additionalProperties:
                               type: string
-                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
                             type: object
                         type: object
                         x-kubernetes-map-type: atomic
@@ -6388,7 +7863,9 @@ spec:
                     type: object
                   type: array
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters ES based on this property
                   type: string
                 provider:
                   description: Used to configure the provider. Only one provider may be set
@@ -6405,7 +7882,9 @@ spec:
                           description: Auth configures how the operator authenticates with Akeyless.
                           properties:
                             kubernetesAuth:
-                              description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+                              description: |-
+                                Kubernetes authenticates with Akeyless by passing the ServiceAccount
+                                token stored in the named Secret resource.
                               properties:
                                 accessID:
                                   description: the Akeyless Kubernetes auth-method access-id
@@ -6414,23 +7893,38 @@ spec:
                                   description: Kubernetes-auth configuration name in Akeyless-Gateway
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Akeyless. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Akeyless. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6438,7 +7932,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6448,51 +7944,72 @@ spec:
                                 - k8sConfName
                               type: object
                             secretRef:
-                              description: Reference to a Secret that contains the details to authenticate with Akeyless.
+                              description: |-
+                                Reference to a Secret that contains the details
+                                to authenticate with Akeyless.
                               properties:
                                 accessID:
                                   description: The SecretAccessID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessType:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessTypeParam:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                           type: object
                         caBundle:
-                          description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
+                            if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -6505,7 +8022,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6551,26 +8070,34 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 accessKeySecretSecretRef:
                                   description: The AccessKeySecret is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6594,7 +8121,10 @@ spec:
                             type: string
                           type: array
                         auth:
-                          description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+                          description: |-
+                            Auth defines the information necessary to authenticate against AWS
+                            if not set aws sdk will infer credentials from your environment
+                            see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                           properties:
                             jwt:
                               description: Authenticate against AWS using service account tokens.
@@ -6603,7 +8133,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6611,52 +8144,71 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
                                   type: object
                               type: object
                             secretRef:
-                              description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+                              description: |-
+                                AWSAuthSecretRef holds secret references for AWS credentials
+                                both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
                               properties:
                                 accessKeyIDSecretRef:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -6674,10 +8226,20 @@ spec:
                           description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
                           properties:
                             forceDeleteWithoutRecovery:
-                              description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery'
+                              description: |-
+                                Specifies whether to delete the secret without any recovery window. You
+                                can't use both this parameter and RecoveryWindowInDays in the same call.
+                                If you don't use either, then by default Secrets Manager uses a 30 day
+                                recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
                               type: boolean
                             recoveryWindowInDays:
-                              description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays'
+                              description: |-
+                                The number of days from 7 to 30 that Secrets Manager waits before
+                                permanently deleting the secret. You can't use both this parameter and
+                                ForceDeleteWithoutRecovery in the same call. If you don't use either,
+                                then by default Secrets Manager uses a 30 day recovery window.
+                                see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
                               format: int64
                               type: integer
                           type: object
@@ -6719,32 +8281,44 @@ spec:
                               description: The Azure clientId of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             clientSecret:
                               description: The Azure ClientSecret of the service principle used for authentication.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         authType:
                           default: ServicePrincipal
-                          description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+                          description: |-
+                            Auth type defines how to authenticate to the keyvault service.
+                            Valid values are:
+                            - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
+                            - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
                           enum:
                             - ServicePrincipal
                             - ManagedIdentity
@@ -6752,7 +8326,11 @@ spec:
                           type: string
                         environmentType:
                           default: PublicCloud
-                          description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+                          description: |-
+                            EnvironmentType specifies the Azure cloud environment endpoints to use for
+                            connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                            The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
+                            PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                           enum:
                             - PublicCloud
                             - USGovernmentCloud
@@ -6763,10 +8341,15 @@ spec:
                           description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -6774,7 +8357,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -6798,29 +8383,41 @@ spec:
                                 account:
                                   type: string
                                 apiKeyRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 userRef:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -6833,23 +8430,34 @@ spec:
                                 account:
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Conjur using the JWT authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountRef specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -6857,7 +8465,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -6873,7 +8483,10 @@ spec:
                         caBundle:
                           type: string
                         caProvider:
-                          description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
+                          description: |-
+                            Used to provide custom certificate authority (CA) certificates
+                            for a secret store. The CAProvider points to a Secret or ConfigMap resource
+                            that contains a PEM-encoded certificate.
                           properties:
                             key:
                               description: The key where the CA certificate can be found in the Secret or ConfigMap.
@@ -6882,7 +8495,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -6901,7 +8516,9 @@ spec:
                         - url
                       type: object
                     delinea:
-                      description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current
+                      description: |-
+                        Delinea DevOps Secrets Vault
+                        https://docs.delinea.com/online-help/products/devops-secrets-vault/current
                       properties:
                         clientId:
                           description: ClientID is the non-secret part of the credential.
@@ -6910,13 +8527,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6930,13 +8551,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -6947,10 +8572,14 @@ spec:
                           description: Tenant is the chosen hostname / site name.
                           type: string
                         tld:
-                          description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com".
+                          description: |-
+                            TLD is based on the server location that was chosen during provisioning.
+                            If unset, defaults to "com".
                           type: string
                         urlTemplate:
-                          description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
+                          description: |-
+                            URLTemplate
+                            If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
                           type: string
                       required:
                         - clientId
@@ -6966,16 +8595,23 @@ spec:
                             secretRef:
                               properties:
                                 dopplerToken:
-                                  description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+                                  description: |-
+                                    The DopplerToken is used for authentication.
+                                    See https://docs.doppler.com/reference/api#authentication for auth token types.
+                                    The Key attribute defaults to dopplerToken if not specified.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7048,13 +8684,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7070,7 +8710,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7078,7 +8721,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7105,13 +8750,17 @@ spec:
                                   description: AccessToken is used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7166,13 +8815,17 @@ spec:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7187,16 +8840,22 @@ spec:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
                         authRef:
-                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                          description: |-
+                            A reference to a specific 'key' within a Secret resource,
+                            In some instances, `key` is a required field.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         folderID:
@@ -7217,29 +8876,41 @@ spec:
                               description: has both clientCert and clientKey as secretKeySelector
                               properties:
                                 clientCert:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 clientKey:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7247,7 +8918,10 @@ spec:
                               description: points to a service account that should be used for authentication
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -7255,7 +8929,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -7264,16 +8940,22 @@ spec:
                               description: use static token to authenticate with
                               properties:
                                 bearerToken:
-                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  description: |-
+                                    A reference to a specific 'key' within a Secret resource,
+                                    In some instances, `key` is a required field.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -7299,7 +8981,9 @@ spec:
                                   description: The name of the object located at the provider type.
                                   type: string
                                 namespace:
-                                  description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                                  description: |-
+                                    The namespace the Provider type is in.
+                                    Can only be defined when used in a ClusterSecretStore.
                                   type: string
                                 type:
                                   description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7332,13 +9016,17 @@ spec:
                                   description: The ConnectToken is used for authentication to a 1Password Connect Server.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7364,7 +9052,9 @@ spec:
                       description: Oracle configures this store to sync secrets using Oracle Vault provider
                       properties:
                         auth:
-                          description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                          description: |-
+                            Auth configures how secret-manager authenticates with the Oracle Vault.
+                            If empty, use the instance principal, otherwise the user credentials specified in Auth.
                           properties:
                             secretRef:
                               description: SecretRef to pass through sensitive information.
@@ -7373,26 +9063,34 @@ spec:
                                   description: Fingerprint is the fingerprint of the API private key.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 privatekey:
                                   description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7411,13 +9109,20 @@ spec:
                             - user
                           type: object
                         compartment:
-                          description: Compartment is the vault compartment OCID. Required for PushSecret
+                          description: |-
+                            Compartment is the vault compartment OCID.
+                            Required for PushSecret
                           type: string
                         encryptionKey:
-                          description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret
+                          description: |-
+                            EncryptionKey is the OCID of the encryption key within the vault.
+                            Required for PushSecret
                           type: string
                         principalType:
-                          description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                          description: |-
+                            The type of principal to use for authentication. If left blank, the Auth struct will
+                            determine the principal type. This optional field must be specified if using
+                            workload identity.
                           enum:
                             - ""
                             - UserPrincipal
@@ -7428,10 +9133,15 @@ spec:
                           description: Region is the region where vault is located.
                           type: string
                         serviceAccountRef:
-                          description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+                          description: |-
+                            ServiceAccountRef specified the service account
+                            that should be used when authenticating with WorkloadIdentity.
                           properties:
                             audiences:
-                              description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                              description: |-
+                                Audience specifies the `aud` claim for the service account token
+                                If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                then this audiences will be appended to the list
                               items:
                                 type: string
                               type: array
@@ -7439,7 +9149,9 @@ spec:
                               description: The name of the ServiceAccount resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           required:
                             - name
@@ -7461,13 +9173,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7490,13 +9206,17 @@ spec:
                               description: SecretRef references a key in a secret that will be used as value.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             value:
@@ -7518,16 +9238,22 @@ spec:
                             clientId:
                               type: string
                             clientSecretSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -7556,39 +9282,61 @@ spec:
                           description: Auth configures how secret-manager authenticates with the Vault server.
                           properties:
                             appRole:
-                              description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                              description: |-
+                                AppRole authenticates with Vault using the App Role auth mechanism,
+                                with the role and secret stored in a Kubernetes Secret resource.
                               properties:
                                 path:
                                   default: approle
-                                  description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                                  description: |-
+                                    Path where the App Role authentication backend is mounted
+                                    in Vault, e.g: "approle"
                                   type: string
                                 roleId:
-                                  description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                                  description: |-
+                                    RoleID configured in the App Role authentication backend when setting
+                                    up the authentication backend in Vault.
                                   type: string
                                 roleRef:
-                                  description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role ID used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role id.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                                  description: |-
+                                    Reference to a key in a Secret that contains the App Role secret used
+                                    to authenticate with Vault.
+                                    The `key` field must be specified and denotes which entry within the Secret
+                                    resource is used as the app role secret.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
@@ -7596,37 +9344,53 @@ spec:
                                 - secretRef
                               type: object
                             cert:
-                              description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                              description: |-
+                                Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                                Cert authentication method
                               properties:
                                 clientCert:
-                                  description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                                  description: |-
+                                    ClientCert is a certificate to authenticate using the Cert Vault
+                                    authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing client private key to
+                                    authenticate with Vault using the Cert authentication method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
                             iam:
-                              description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                              description: |-
+                                Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                                AWS IAM authentication method
                               properties:
                                 externalID:
                                   description: AWS External ID set on assumed IAM roles
@@ -7638,7 +9402,10 @@ spec:
                                       description: A reference to a ServiceAccount resource.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7646,7 +9413,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7668,39 +9437,54 @@ spec:
                                       description: The AccessKeyID is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     secretAccessKeySecretRef:
                                       description: The SecretAccessKey is used for authentication
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                     sessionTokenSecretRef:
-                                      description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                      description: |-
+                                        The SessionToken used for authentication
+                                        This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                        see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                       properties:
                                         key:
-                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          description: |-
+                                            The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                            defaulted, in others it may be required.
                                           type: string
                                         name:
                                           description: The name of the Secret resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       type: object
                                   type: object
@@ -7714,25 +9498,41 @@ spec:
                                 - vaultRole
                               type: object
                             jwt:
-                              description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                              description: |-
+                                Jwt authenticates with Vault by passing role and JWT token using the
+                                JWT/OIDC authentication method
                               properties:
                                 kubernetesServiceAccountToken:
-                                  description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                                  description: |-
+                                    Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                    a token for with the `TokenRequest` API.
                                   properties:
                                     audiences:
-                                      description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                      description: |-
+                                        Optional audiences field that will be used to request a temporary Kubernetes service
+                                        account token for the service account referenced by `serviceAccountRef`.
+                                        Defaults to a single audience `vault` it not specified.
+                                        Deprecated: use serviceAccountRef.Audiences instead
                                       items:
                                         type: string
                                       type: array
                                     expirationSeconds:
-                                      description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                      description: |-
+                                        Optional expiration time in seconds that will be used to request a temporary
+                                        Kubernetes service account token for the service account referenced by
+                                        `serviceAccountRef`.
+                                        Deprecated: this will be removed in the future.
+                                        Defaults to 10 minutes.
                                       format: int64
                                       type: integer
                                     serviceAccountRef:
                                       description: Service account field containing the name of a kubernetes ServiceAccount.
                                       properties:
                                         audiences:
-                                          description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                          description: |-
+                                            Audience specifies the `aud` claim for the service account token
+                                            If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                            then this audiences will be appended to the list
                                           items:
                                             type: string
                                           type: array
@@ -7740,7 +9540,9 @@ spec:
                                           description: The name of the ServiceAccount resource being referred to.
                                           type: string
                                         namespace:
-                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          description: |-
+                                            Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                            to the namespace of the referent.
                                           type: string
                                       required:
                                         - name
@@ -7750,55 +9552,86 @@ spec:
                                   type: object
                                 path:
                                   default: jwt
-                                  description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                                  description: |-
+                                    Path where the JWT authentication backend is mounted
+                                    in Vault, e.g: "jwt"
                                   type: string
                                 role:
-                                  description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                                  description: |-
+                                    Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                    authentication method
                                   type: string
                                 secretRef:
-                                  description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                                  description: |-
+                                    Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                    authenticate with Vault using the JWT/OIDC authentication method.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               required:
                                 - path
                               type: object
                             kubernetes:
-                              description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                              description: |-
+                                Kubernetes authenticates with Vault by passing the ServiceAccount
+                                token stored in the named Secret resource to the Vault server.
                               properties:
                                 mountPath:
                                   default: kubernetes
-                                  description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                                  description: |-
+                                    Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                    "kubernetes"
                                   type: string
                                 role:
-                                  description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                                  description: |-
+                                    A required field containing the Vault Role to assume. A Role binds a
+                                    Kubernetes ServiceAccount with a set of Vault policies.
                                   type: string
                                 secretRef:
-                                  description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                                  description: |-
+                                    Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                    for authenticating with Vault. If a name is specified without a key,
+                                    `token` is the default. If one is not specified, the one bound to
+                                    the controller will be used.
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 serviceAccountRef:
-                                  description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                                  description: |-
+                                    Optional service account field containing the name of a kubernetes ServiceAccount.
+                                    If the service account is specified, the service account secret token JWT will be used
+                                    for authenticating with Vault. If the service account selector is not supplied,
+                                    the secretRef will be used instead.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -7806,7 +9639,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -7816,27 +9651,40 @@ spec:
                                 - role
                               type: object
                             ldap:
-                              description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                              description: |-
+                                Ldap authenticates with Vault by passing username/password pair using
+                                the LDAP authentication method
                               properties:
                                 path:
                                   default: ldap
-                                  description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                                  description: |-
+                                    Path where the LDAP authentication backend is mounted
+                                    in Vault, e.g: "ldap"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the LDAP
+                                    user used to authenticate with Vault using the LDAP authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                                  description: |-
+                                    Username is a LDAP user name used to authenticate using the LDAP Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7846,13 +9694,17 @@ spec:
                               description: TokenSecretRef authenticates with Vault by presenting a token.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             userPass:
@@ -7860,23 +9712,34 @@ spec:
                               properties:
                                 path:
                                   default: user
-                                  description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                                  description: |-
+                                    Path where the UserPassword authentication backend is mounted
+                                    in Vault, e.g: "user"
                                   type: string
                                 secretRef:
-                                  description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                                  description: |-
+                                    SecretRef to a key in a Secret resource containing password for the
+                                    user used to authenticate with Vault using the UserPass authentication
+                                    method
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 username:
-                                  description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                                  description: |-
+                                    Username is a user name used to authenticate using the UserPass Vault
+                                    authentication method
                                   type: string
                               required:
                                 - path
@@ -7884,7 +9747,11 @@ spec:
                               type: object
                           type: object
                         caBundle:
-                          description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate Vault server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7897,7 +9764,9 @@ spec:
                               description: The name of the object located at the provider type.
                               type: string
                             namespace:
-                              description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                              description: |-
+                                The namespace the Provider type is in.
+                                Can only be defined when used in a ClusterSecretStore.
                               type: string
                             type:
                               description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -7910,23 +9779,89 @@ spec:
                             - type
                           type: object
                         forwardInconsistent:
-                          description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                          description: |-
+                            ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                            leader instead of simply retrying within a loop. This can increase performance if
+                            the option is enabled serverside.
+                            https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                           type: boolean
                         namespace:
-                          description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                          description: |-
+                            Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                            Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                            More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                           type: string
                         path:
-                          description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                          description: |-
+                            Path is the mount path of the Vault KV backend endpoint, e.g:
+                            "secret". The v2 KV secret engine version specific "/data" path suffix
+                            for fetching secrets from Vault is optional and will be appended
+                            if not present in specified path.
                           type: string
                         readYourWrites:
-                          description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                          description: |-
+                            ReadYourWrites ensures isolated read-after-write semantics by
+                            providing discovered cluster replication states in each request.
+                            More information about eventual consistency in Vault can be found here
+                            https://www.vaultproject.io/docs/enterprise/consistency
                           type: boolean
                         server:
                           description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                           type: string
+                        tls:
+                          description: |-
+                            The configuration used for client side related TLS communication, when the Vault server
+                            requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                            This parameter is ignored for plain HTTP protocol connection.
+                            It's worth noting this configuration is different from the "TLS certificates auth method",
+                            which is available under the `auth.cert` section.
+                          properties:
+                            certSecretRef:
+                              description: |-
+                                CertSecretRef is a certificate added to the transport layer
+                                when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                            keySecretRef:
+                              description: |-
+                                KeySecretRef to a key in a Secret resource containing client private key
+                                added to the transport layer when communicating with the Vault server.
+                                If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
+                          type: object
                         version:
                           default: v2
-                          description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                          description: |-
+                            Version is the Vault KV secret engine version. This can be either "v1" or
+                            "v2". Version defaults to "v2".
                           enum:
                             - v1
                             - v2
@@ -7942,7 +9877,11 @@ spec:
                           description: Body
                           type: string
                         caBundle:
-                          description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                          description: |-
+                            PEM encoded CA bundle used to validate webhook server certificate. Only used
+                            if the Server URL is using HTTPS protocol. This parameter is ignored for
+                            plain HTTP protocol connection. If not set the system root certificates
+                            are used to validate the TLS connection.
                           format: byte
                           type: string
                         caProvider:
@@ -7983,7 +9922,9 @@ spec:
                               type: string
                           type: object
                         secrets:
-                          description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+                          description: |-
+                            Secrets to fill in templates
+                            These secrets will be passed to the templating function as key value pairs under the given name
                           items:
                             properties:
                               name:
@@ -7993,13 +9934,17 @@ spec:
                                 description: Secret ref to fill in credentials
                                 properties:
                                   key:
-                                    description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                    description: |-
+                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                      defaulted, in others it may be required.
                                     type: string
                                   name:
                                     description: The name of the Secret resource being referred to.
                                     type: string
                                   namespace:
-                                    description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                    description: |-
+                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                      to the namespace of the referent.
                                     type: string
                                 type: object
                             required:
@@ -8030,13 +9975,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8044,16 +9993,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8073,13 +10028,17 @@ spec:
                               description: The authorized key used for authentication
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8087,16 +10046,22 @@ spec:
                           description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
                           properties:
                             certSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                              description: |-
+                                A reference to a specific 'key' within a Secret resource,
+                                In some instances, `key` is a required field.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
@@ -8166,7 +10131,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -8186,17 +10151,28 @@ spec:
         openAPIV3Schema:
           properties:
             apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
               type: string
             kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
               type: string
             metadata:
               type: object
             spec:
               properties:
                 controller:
-                  description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property'
+                  description: |-
+                    Used to select the correct ESO controller (think: ingress.ingressClassName)
+                    The ESO controller is instantiated with a specific controller name and filters VDS based on this property
                   type: string
                 method:
                   description: Vault API method to use (GET/POST/other)
@@ -8214,39 +10190,61 @@ spec:
                       description: Auth configures how secret-manager authenticates with the Vault server.
                       properties:
                         appRole:
-                          description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+                          description: |-
+                            AppRole authenticates with Vault using the App Role auth mechanism,
+                            with the role and secret stored in a Kubernetes Secret resource.
                           properties:
                             path:
                               default: approle
-                              description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+                              description: |-
+                                Path where the App Role authentication backend is mounted
+                                in Vault, e.g: "approle"
                               type: string
                             roleId:
-                              description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+                              description: |-
+                                RoleID configured in the App Role authentication backend when setting
+                                up the authentication backend in Vault.
                               type: string
                             roleRef:
-                              description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role ID used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role id.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+                              description: |-
+                                Reference to a key in a Secret that contains the App Role secret used
+                                to authenticate with Vault.
+                                The `key` field must be specified and denotes which entry within the Secret
+                                resource is used as the app role secret.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
@@ -8254,37 +10252,53 @@ spec:
                             - secretRef
                           type: object
                         cert:
-                          description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+                          description: |-
+                            Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
+                            Cert authentication method
                           properties:
                             clientCert:
-                              description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+                              description: |-
+                                ClientCert is a certificate to authenticate using the Cert Vault
+                                authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing client private key to
+                                authenticate with Vault using the Cert authentication method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           type: object
                         iam:
-                          description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method
+                          description: |-
+                            Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
+                            AWS IAM authentication method
                           properties:
                             externalID:
                               description: AWS External ID set on assumed IAM roles
@@ -8296,7 +10310,10 @@ spec:
                                   description: A reference to a ServiceAccount resource.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8304,7 +10321,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8326,39 +10345,54 @@ spec:
                                   description: The AccessKeyID is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 secretAccessKeySecretRef:
                                   description: The SecretAccessKey is used for authentication
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                                 sessionTokenSecretRef:
-                                  description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+                                  description: |-
+                                    The SessionToken used for authentication
+                                    This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+                                    see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
                                   properties:
                                     key:
-                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      description: |-
+                                        The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                        defaulted, in others it may be required.
                                       type: string
                                     name:
                                       description: The name of the Secret resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   type: object
                               type: object
@@ -8372,25 +10406,41 @@ spec:
                             - vaultRole
                           type: object
                         jwt:
-                          description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+                          description: |-
+                            Jwt authenticates with Vault by passing role and JWT token using the
+                            JWT/OIDC authentication method
                           properties:
                             kubernetesServiceAccountToken:
-                              description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+                              description: |-
+                                Optional ServiceAccountToken specifies the Kubernetes service account for which to request
+                                a token for with the `TokenRequest` API.
                               properties:
                                 audiences:
-                                  description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+                                  description: |-
+                                    Optional audiences field that will be used to request a temporary Kubernetes service
+                                    account token for the service account referenced by `serviceAccountRef`.
+                                    Defaults to a single audience `vault` it not specified.
+                                    Deprecated: use serviceAccountRef.Audiences instead
                                   items:
                                     type: string
                                   type: array
                                 expirationSeconds:
-                                  description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+                                  description: |-
+                                    Optional expiration time in seconds that will be used to request a temporary
+                                    Kubernetes service account token for the service account referenced by
+                                    `serviceAccountRef`.
+                                    Deprecated: this will be removed in the future.
+                                    Defaults to 10 minutes.
                                   format: int64
                                   type: integer
                                 serviceAccountRef:
                                   description: Service account field containing the name of a kubernetes ServiceAccount.
                                   properties:
                                     audiences:
-                                      description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                      description: |-
+                                        Audience specifies the `aud` claim for the service account token
+                                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                        then this audiences will be appended to the list
                                       items:
                                         type: string
                                       type: array
@@ -8398,7 +10448,9 @@ spec:
                                       description: The name of the ServiceAccount resource being referred to.
                                       type: string
                                     namespace:
-                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      description: |-
+                                        Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                        to the namespace of the referent.
                                       type: string
                                   required:
                                     - name
@@ -8408,55 +10460,86 @@ spec:
                               type: object
                             path:
                               default: jwt
-                              description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+                              description: |-
+                                Path where the JWT authentication backend is mounted
+                                in Vault, e.g: "jwt"
                               type: string
                             role:
-                              description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+                              description: |-
+                                Role is a JWT role to authenticate using the JWT/OIDC Vault
+                                authentication method
                               type: string
                             secretRef:
-                              description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+                              description: |-
+                                Optional SecretRef that refers to a key in a Secret resource containing JWT token to
+                                authenticate with Vault using the JWT/OIDC authentication method.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                           required:
                             - path
                           type: object
                         kubernetes:
-                          description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+                          description: |-
+                            Kubernetes authenticates with Vault by passing the ServiceAccount
+                            token stored in the named Secret resource to the Vault server.
                           properties:
                             mountPath:
                               default: kubernetes
-                              description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+                              description: |-
+                                Path where the Kubernetes authentication backend is mounted in Vault, e.g:
+                                "kubernetes"
                               type: string
                             role:
-                              description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+                              description: |-
+                                A required field containing the Vault Role to assume. A Role binds a
+                                Kubernetes ServiceAccount with a set of Vault policies.
                               type: string
                             secretRef:
-                              description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+                              description: |-
+                                Optional secret field containing a Kubernetes ServiceAccount JWT used
+                                for authenticating with Vault. If a name is specified without a key,
+                                `token` is the default. If one is not specified, the one bound to
+                                the controller will be used.
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             serviceAccountRef:
-                              description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+                              description: |-
+                                Optional service account field containing the name of a kubernetes ServiceAccount.
+                                If the service account is specified, the service account secret token JWT will be used
+                                for authenticating with Vault. If the service account selector is not supplied,
+                                the secretRef will be used instead.
                               properties:
                                 audiences:
-                                  description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+                                  description: |-
+                                    Audience specifies the `aud` claim for the service account token
+                                    If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                                    then this audiences will be appended to the list
                                   items:
                                     type: string
                                   type: array
@@ -8464,7 +10547,9 @@ spec:
                                   description: The name of the ServiceAccount resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               required:
                                 - name
@@ -8474,27 +10559,40 @@ spec:
                             - role
                           type: object
                         ldap:
-                          description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+                          description: |-
+                            Ldap authenticates with Vault by passing username/password pair using
+                            the LDAP authentication method
                           properties:
                             path:
                               default: ldap
-                              description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+                              description: |-
+                                Path where the LDAP authentication backend is mounted
+                                in Vault, e.g: "ldap"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the LDAP
+                                user used to authenticate with Vault using the LDAP authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+                              description: |-
+                                Username is a LDAP user name used to authenticate using the LDAP Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8504,13 +10602,17 @@ spec:
                           description: TokenSecretRef authenticates with Vault by presenting a token.
                           properties:
                             key:
-                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
                               type: string
                             name:
                               description: The name of the Secret resource being referred to.
                               type: string
                             namespace:
-                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
                               type: string
                           type: object
                         userPass:
@@ -8518,23 +10620,34 @@ spec:
                           properties:
                             path:
                               default: user
-                              description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"'
+                              description: |-
+                                Path where the UserPassword authentication backend is mounted
+                                in Vault, e.g: "user"
                               type: string
                             secretRef:
-                              description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method
+                              description: |-
+                                SecretRef to a key in a Secret resource containing password for the
+                                user used to authenticate with Vault using the UserPass authentication
+                                method
                               properties:
                                 key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
                                   type: string
                                 name:
                                   description: The name of the Secret resource being referred to.
                                   type: string
                                 namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
                                   type: string
                               type: object
                             username:
-                              description: Username is a user name used to authenticate using the UserPass Vault authentication method
+                              description: |-
+                                Username is a user name used to authenticate using the UserPass Vault
+                                authentication method
                               type: string
                           required:
                             - path
@@ -8542,7 +10655,11 @@ spec:
                           type: object
                       type: object
                     caBundle:
-                      description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+                      description: |-
+                        PEM encoded CA bundle used to validate Vault server certificate. Only used
+                        if the Server URL is using HTTPS protocol. This parameter is ignored for
+                        plain HTTP protocol connection. If not set the system root certificates
+                        are used to validate the TLS connection.
                       format: byte
                       type: string
                     caProvider:
@@ -8555,7 +10672,9 @@ spec:
                           description: The name of the object located at the provider type.
                           type: string
                         namespace:
-                          description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+                          description: |-
+                            The namespace the Provider type is in.
+                            Can only be defined when used in a ClusterSecretStore.
                           type: string
                         type:
                           description: The type of provider to use such as "Secret", or "ConfigMap".
@@ -8568,23 +10687,89 @@ spec:
                         - type
                       type: object
                     forwardInconsistent:
-                      description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+                      description: |-
+                        ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
+                        leader instead of simply retrying within a loop. This can increase performance if
+                        the option is enabled serverside.
+                        https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
                       type: boolean
                     namespace:
-                      description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+                      description: |-
+                        Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
+                        Vault environments to support Secure Multi-tenancy. e.g: "ns1".
+                        More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                       type: string
                     path:
-                      description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+                      description: |-
+                        Path is the mount path of the Vault KV backend endpoint, e.g:
+                        "secret". The v2 KV secret engine version specific "/data" path suffix
+                        for fetching secrets from Vault is optional and will be appended
+                        if not present in specified path.
                       type: string
                     readYourWrites:
-                      description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+                      description: |-
+                        ReadYourWrites ensures isolated read-after-write semantics by
+                        providing discovered cluster replication states in each request.
+                        More information about eventual consistency in Vault can be found here
+                        https://www.vaultproject.io/docs/enterprise/consistency
                       type: boolean
                     server:
                       description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
                       type: string
+                    tls:
+                      description: |-
+                        The configuration used for client side related TLS communication, when the Vault server
+                        requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
+                        This parameter is ignored for plain HTTP protocol connection.
+                        It's worth noting this configuration is different from the "TLS certificates auth method",
+                        which is available under the `auth.cert` section.
+                      properties:
+                        certSecretRef:
+                          description: |-
+                            CertSecretRef is a certificate added to the transport layer
+                            when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.crt'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                        keySecretRef:
+                          description: |-
+                            KeySecretRef to a key in a Secret resource containing client private key
+                            added to the transport layer when communicating with the Vault server.
+                            If no key for the Secret is specified, external-secret will default to 'tls.key'.
+                          properties:
+                            key:
+                              description: |-
+                                The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: |-
+                                Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                to the namespace of the referent.
+                              type: string
+                          type: object
+                      type: object
                     version:
                       default: v2
-                      description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+                      description: |-
+                        Version is the Vault KV secret engine version. This can be either "v1" or
+                        "v2". Version defaults to "v2".
                       enum:
                         - v1
                         - v2
@@ -8595,7 +10780,12 @@ spec:
                   type: object
                 resultType:
                   default: Data
-                  description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure.
+                  description: |-
+                    Result type defines which data is returned from the generator.
+                    By default it is the "data" section of the Vault API response.
+                    When using e.g. /auth/token/create the "data" section is empty but
+                    the "auth" section contains the generated token.
+                    Please refer to the vault docs regarding the result data structure.
                   enum:
                     - Data
                     - Auth
@@ -8626,10 +10816,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8693,10 +10883,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8802,10 +10992,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -8842,10 +11032,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -8886,10 +11076,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -8907,10 +11097,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8927,10 +11117,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -8963,10 +11153,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -9002,10 +11192,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -9023,10 +11213,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -9047,10 +11237,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9062,10 +11252,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -9080,7 +11270,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -9110,10 +11300,10 @@ metadata:
   name: golang-external-secrets
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9125,10 +11315,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -9143,7 +11333,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -9160,10 +11350,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: "default"
   labels:
-    helm.sh/chart: external-secrets-0.9.11
+    helm.sh/chart: external-secrets-0.9.12
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.11"
+    app.kubernetes.io/version: "v0.9.12"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -9175,10 +11365,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.11
+        helm.sh/chart: external-secrets-0.9.12
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.11"
+        app.kubernetes.io/version: "v0.9.12"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -9193,7 +11383,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "ghcr.io/external-secrets/external-secrets:v0.9.11-ubi"
+          image: ghcr.io/external-secrets/external-secrets:v0.9.12-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook

From 81574849d0c549aa95b396d95f1a0fce695073f4 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Mon, 12 Feb 2024 12:15:45 +0100
Subject: [PATCH 08/10] Update vault image to 1.15.5-ubi

This fixes a few CVEs.

Tested on MCG.
---
 hashicorp-vault/values.yaml                                 | 2 +-
 tests/hashicorp-vault-industrial-edge-factory.expected.yaml | 4 ++--
 tests/hashicorp-vault-industrial-edge-hub.expected.yaml     | 4 ++--
 tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml   | 4 ++--
 tests/hashicorp-vault-naked.expected.yaml                   | 4 ++--
 tests/hashicorp-vault-normal.expected.yaml                  | 4 ++--
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/hashicorp-vault/values.yaml b/hashicorp-vault/values.yaml
index 25740d982..aca2fdba6 100644
--- a/hashicorp-vault/values.yaml
+++ b/hashicorp-vault/values.yaml
@@ -48,4 +48,4 @@ vault:
         termination: "reencrypt"
     image:
       repository: "registry.connect.redhat.com/hashicorp/vault"
-      tag: "1.15.2-ubi"
+      tag: "1.15.5-ubi"
diff --git a/tests/hashicorp-vault-industrial-edge-factory.expected.yaml b/tests/hashicorp-vault-industrial-edge-factory.expected.yaml
index 0c68e8322..76454ee6a 100644
--- a/tests/hashicorp-vault-industrial-edge-factory.expected.yaml
+++ b/tests/hashicorp-vault-industrial-edge-factory.expected.yaml
@@ -204,7 +204,7 @@ spec:
       containers:
         - name: vault
           
-          image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+          image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
           imagePullPolicy: IfNotPresent
           command:
           - "/bin/sh"
@@ -373,7 +373,7 @@ spec:
   
   containers:
     - name: hashicorp-vault-server-test
-      image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+      image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
       imagePullPolicy: IfNotPresent
       env:
         - name: VAULT_ADDR
diff --git a/tests/hashicorp-vault-industrial-edge-hub.expected.yaml b/tests/hashicorp-vault-industrial-edge-hub.expected.yaml
index 0c68e8322..76454ee6a 100644
--- a/tests/hashicorp-vault-industrial-edge-hub.expected.yaml
+++ b/tests/hashicorp-vault-industrial-edge-hub.expected.yaml
@@ -204,7 +204,7 @@ spec:
       containers:
         - name: vault
           
-          image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+          image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
           imagePullPolicy: IfNotPresent
           command:
           - "/bin/sh"
@@ -373,7 +373,7 @@ spec:
   
   containers:
     - name: hashicorp-vault-server-test
-      image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+      image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
       imagePullPolicy: IfNotPresent
       env:
         - name: VAULT_ADDR
diff --git a/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml b/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml
index 0c68e8322..76454ee6a 100644
--- a/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml
+++ b/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml
@@ -204,7 +204,7 @@ spec:
       containers:
         - name: vault
           
-          image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+          image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
           imagePullPolicy: IfNotPresent
           command:
           - "/bin/sh"
@@ -373,7 +373,7 @@ spec:
   
   containers:
     - name: hashicorp-vault-server-test
-      image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+      image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
       imagePullPolicy: IfNotPresent
       env:
         - name: VAULT_ADDR
diff --git a/tests/hashicorp-vault-naked.expected.yaml b/tests/hashicorp-vault-naked.expected.yaml
index e09ac08f0..fc05bc43f 100644
--- a/tests/hashicorp-vault-naked.expected.yaml
+++ b/tests/hashicorp-vault-naked.expected.yaml
@@ -204,7 +204,7 @@ spec:
       containers:
         - name: vault
           
-          image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+          image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
           imagePullPolicy: IfNotPresent
           command:
           - "/bin/sh"
@@ -373,7 +373,7 @@ spec:
   
   containers:
     - name: hashicorp-vault-server-test
-      image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+      image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
       imagePullPolicy: IfNotPresent
       env:
         - name: VAULT_ADDR
diff --git a/tests/hashicorp-vault-normal.expected.yaml b/tests/hashicorp-vault-normal.expected.yaml
index 0c68e8322..76454ee6a 100644
--- a/tests/hashicorp-vault-normal.expected.yaml
+++ b/tests/hashicorp-vault-normal.expected.yaml
@@ -204,7 +204,7 @@ spec:
       containers:
         - name: vault
           
-          image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+          image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
           imagePullPolicy: IfNotPresent
           command:
           - "/bin/sh"
@@ -373,7 +373,7 @@ spec:
   
   containers:
     - name: hashicorp-vault-server-test
-      image: registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+      image: registry.connect.redhat.com/hashicorp/vault:1.15.5-ubi
       imagePullPolicy: IfNotPresent
       env:
         - name: VAULT_ADDR

From dde1055d6f250be6320cd0dae0ead70e2ec12f5c Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Thu, 15 Feb 2024 09:21:36 +0100
Subject: [PATCH 09/10] Use gitops-1.11 in acm as well

This is mainly for consistency reasons as the value is taken from
main.gitops anyways.
---
 acm/templates/policies/ocp-gitops-policy.yaml   | 2 +-
 acm/values.yaml                                 | 2 +-
 tests/acm-industrial-edge-factory.expected.yaml | 2 +-
 tests/acm-industrial-edge-hub.expected.yaml     | 2 +-
 tests/acm-medical-diagnosis-hub.expected.yaml   | 2 +-
 tests/acm-naked.expected.yaml                   | 2 +-
 tests/acm-normal.expected.yaml                  | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/acm/templates/policies/ocp-gitops-policy.yaml b/acm/templates/policies/ocp-gitops-policy.yaml
index 4691c18d5..a0ed611fe 100644
--- a/acm/templates/policies/ocp-gitops-policy.yaml
+++ b/acm/templates/policies/ocp-gitops-policy.yaml
@@ -35,7 +35,7 @@ spec:
                   labels:
                     operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
                 spec:
-                  channel: {{ default "gitops-1.8" .Values.main.gitops.channel }}
+                  channel: {{ default "gitops-1.11" .Values.main.gitops.channel }}
                   installPlanApproval: Automatic
                   name: openshift-gitops-operator
                   source: redhat-operators
diff --git a/acm/values.yaml b/acm/values.yaml
index 1100bafdd..fb7cb03a0 100644
--- a/acm/values.yaml
+++ b/acm/values.yaml
@@ -1,6 +1,6 @@
 main:
   gitops:
-    channel: "gitops-1.8"
+    channel: "gitops-1.11"
 
 global:
   extraValueFiles: []
diff --git a/tests/acm-industrial-edge-factory.expected.yaml b/tests/acm-industrial-edge-factory.expected.yaml
index 2210b4cfc..66c0c0b97 100644
--- a/tests/acm-industrial-edge-factory.expected.yaml
+++ b/tests/acm-industrial-edge-factory.expected.yaml
@@ -100,7 +100,7 @@ spec:
                   labels:
                     operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
                 spec:
-                  channel: gitops-1.8
+                  channel: gitops-1.11
                   installPlanApproval: Automatic
                   name: openshift-gitops-operator
                   source: redhat-operators
diff --git a/tests/acm-industrial-edge-hub.expected.yaml b/tests/acm-industrial-edge-hub.expected.yaml
index f9627771a..afcd6ab30 100644
--- a/tests/acm-industrial-edge-hub.expected.yaml
+++ b/tests/acm-industrial-edge-hub.expected.yaml
@@ -307,7 +307,7 @@ spec:
                   labels:
                     operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
                 spec:
-                  channel: gitops-1.8
+                  channel: gitops-1.11
                   installPlanApproval: Automatic
                   name: openshift-gitops-operator
                   source: redhat-operators
diff --git a/tests/acm-medical-diagnosis-hub.expected.yaml b/tests/acm-medical-diagnosis-hub.expected.yaml
index cea5a1dc8..6e2e98b04 100644
--- a/tests/acm-medical-diagnosis-hub.expected.yaml
+++ b/tests/acm-medical-diagnosis-hub.expected.yaml
@@ -298,7 +298,7 @@ spec:
                   labels:
                     operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
                 spec:
-                  channel: gitops-1.8
+                  channel: gitops-1.11
                   installPlanApproval: Automatic
                   name: openshift-gitops-operator
                   source: redhat-operators
diff --git a/tests/acm-naked.expected.yaml b/tests/acm-naked.expected.yaml
index 5ba9bd607..880ef7478 100644
--- a/tests/acm-naked.expected.yaml
+++ b/tests/acm-naked.expected.yaml
@@ -101,7 +101,7 @@ spec:
                   labels:
                     operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
                 spec:
-                  channel: gitops-1.8
+                  channel: gitops-1.11
                   installPlanApproval: Automatic
                   name: openshift-gitops-operator
                   source: redhat-operators
diff --git a/tests/acm-normal.expected.yaml b/tests/acm-normal.expected.yaml
index 55553a798..03b0eae51 100644
--- a/tests/acm-normal.expected.yaml
+++ b/tests/acm-normal.expected.yaml
@@ -797,7 +797,7 @@ spec:
                   labels:
                     operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
                 spec:
-                  channel: gitops-1.8
+                  channel: gitops-1.11
                   installPlanApproval: Automatic
                   name: openshift-gitops-operator
                   source: redhat-operators

From 947dd22d9878964a9e11d67ebe4b1b76186f345d Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 20 Feb 2024 17:46:27 +0100
Subject: [PATCH 10/10] Small gitops channel cleanups

Mainly for consistency reasons. gitops-1.11 is already the default
---
 operator-install/templates/pattern.yaml | 2 +-
 reference-output.yaml                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/operator-install/templates/pattern.yaml b/operator-install/templates/pattern.yaml
index 3dc1948ad..3615d18d3 100644
--- a/operator-install/templates/pattern.yaml
+++ b/operator-install/templates/pattern.yaml
@@ -13,7 +13,7 @@ spec:
     tokenSecretNamespace: {{ .Values.main.tokenSecretNamespace }}
 {{- end }} {{/* if and .Values.main.tokenSecret .Values.main.tokenSecretNamespace */}}
   gitOpsSpec:
-    operatorChannel: {{ default "gitops-1.8" .Values.main.gitops.channel }}
+    operatorChannel: {{ default "gitops-1.11" .Values.main.gitops.channel }}
     operatorSource: {{ default "redhat-operators" .Values.main.gitops.operatorSource }}
   multiSourceConfig:
     enabled: {{ .Values.main.multiSourceConfig.enabled }}
diff --git a/reference-output.yaml b/reference-output.yaml
index dbb4c6dc4..cdc1a3034 100644
--- a/reference-output.yaml
+++ b/reference-output.yaml
@@ -112,7 +112,7 @@ metadata:
   labels:
     operators.coreos.com/openshift-gitops-operator.openshift-operators: ""
 spec:
-  channel: gitops-1.8
+  channel: gitops-1.11
   installPlanApproval: Automatic
   name: openshift-gitops-operator
   source: redhat-operators