You are using External Secrets Operator to sync secrets from HashiCorp Vault. The operator is deployed but secrets are not being created. Which resource defines the mapping between Vault secrets and Kubernetes secrets?
Correct. The ExternalSecret resource defines the source (Vault path) and the target Kubernetes secret name.
Why this answer
External Secrets Operator uses a custom resource called ExternalSecret (or sometimes SecretStore depending on the version) to define the mapping. The ExternalSecret resource specifies the backend (Vault) and the secret keys to sync.