From 114ec054a40ed3b1b1cce39c9b6b0edc454fdc47 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Fri, 3 Oct 2025 21:36:56 -0500
Subject: [PATCH] add cred

---
 .../immich/templates/external-secrets.yaml    | 30 +++++++++++++++++++
 .../cl01tl/applications/immich/values.yaml    |  1 -
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml
index f9525bf6e..1770c0e99 100644
--- a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml
+++ b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml
@@ -49,3 +49,33 @@ spec:
         key: /digital-ocean/home-infra/postgres-backups
         metadataPolicy: None
         property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-postgresql-17-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: secret
diff --git a/clusters/cl01tl/applications/immich/values.yaml b/clusters/cl01tl/applications/immich/values.yaml
index 54933bcf3..b9d1db6f0 100644
--- a/clusters/cl01tl/applications/immich/values.yaml
+++ b/clusters/cl01tl/applications/immich/values.yaml
@@ -262,7 +262,6 @@ postgres-17-cluster:
       destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster
       clusterName: immich-postgresql-16-cluster
       index: 2
-      endpointCredentials: immich-postgresql-16-cluster-backup-secret
   # backup:
   #   objectStore:
   #     - name: external