apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: kyoo-key-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: kyoo-key-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: rsa-private
      remoteRef:
        key: /cl01tl/kyoo/key
        property: rsa-private
    - secretKey: scanner-apikey
      remoteRef:
        key: /cl01tl/kyoo/key
        property: scanner
    - secretKey: tmdb-apikey
      remoteRef:
        key: /tmdb/alexlebens
        property: api-key
    - secretKey: tvdb-apikey
      remoteRef:
        key: /tvdb/alexlebens
        property: api-key

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: kyoo-db-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: kyoo-db-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: postgres_user
      remoteRef:
        key: /cl01tl/kyoo/db
        property: user
    - secretKey: postgres_password
      remoteRef:
        key: /cl01tl/kyoo/db
        property: password

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: kyoo-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: kyoo-oidc-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: client
      remoteRef:
        key: /authentik/oidc/kyoo
        property: client
    - secretKey: secret
      remoteRef:
        key: /authentik/oidc/kyoo
        property: secret