add key secret

clusters/cl01tl/applications/linkwarden/templates/external-secret.yaml

@@ -1,5 +1,30 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
+metadata:
+  name: linkwarden-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: linkwarden-key-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/linkwarden/key
+        metadataPolicy: None
+        property: key
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
 metadata:
   name: linkwarden-oidc-secret
   namespace: {{ .Release.Namespace }}

clusters/cl01tl/applications/linkwarden/values.yaml

@@ -12,6 +12,13 @@ linkwarden:
             tag: v2.6.0
             pullPolicy: IfNotPresent
           env:
+            - name: NEXTAUTH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: linkwarden-key-secret
+                  key: key
+            - name: NEXTAUTH_URL
+              value: https://bookmarks.alexlebens.dev/api/v1/auth
             - name: NEXT_PUBLIC_DISABLE_REGISTRATION
               value: false
             - name: NEXT_PUBLIC_CREDENTIALS_ENABLED
@@ -20,8 +27,6 @@ linkwarden:
               value: false
             - name: NEXT_PUBLIC_AUTHENTIK_ENABLED
               value: true
-            - name: NEXTAUTH_URL
-              value: https://bookmarks.alexlebens.dev/api/v1/auth        
             - name: AUTHENTIK_CUSTOM_NAME
               value: "Authentik"
             - name: AUTHENTIK_ISSUER