apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: argocd-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: argocd-oidc-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: secret
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/argocd
        metadataPolicy: None
        property: secret
    - secretKey: client
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/argocd
        metadataPolicy: None
        property: client

# ---
# apiVersion: external-secrets.io/v1
# kind: ExternalSecret
# metadata:
#   name: argocd-gitea-repo-infrastructure-secret
#   namespace: {{ .Release.Namespace }}
#   labels:
#     app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
#     app.kubernetes.io/instance: {{ .Release.Name }}
#     app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
#   secretStoreRef:
#     kind: ClusterSecretStore
#     name: vault
#   data:
#     - secretKey: type
#       remoteRef:
#         conversionStrategy: Default
#         decodingStrategy: None
#         key: /cl01tl/argocd/credentials/repo/infrastructure
#         metadataPolicy: None
#         property: type
#     - secretKey: url
#       remoteRef:
#         conversionStrategy: Default
#         decodingStrategy: None
#         key: /cl01tl/argocd/credentials/repo/infrastructure
#         metadataPolicy: None
#         property: url
#     - secretKey: sshPrivateKey
#       remoteRef:
#         conversionStrategy: Default
#         decodingStrategy: None
#         key: /cl01tl/argocd/credentials/repo/infrastructure
#         metadataPolicy: None
#         property: sshPrivateKey