homelab/k8s/apps/paperless/external-secrets.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: postgres-creds
  namespace: paperless-ngx
spec:
  target:
    name: postgres-creds
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        psql_user: paperless
        psql_pass: |-
          {{ .psql_pass }}
        oauth_config: |-
          {
            "openid_connect": {
              "APPS": [
                {
                  "provider_id": "authentik",
                  "name": "Authentik",
                  "client_id": "{{ .oauth_id }}",
                  "secret": "{{ .oauth_secret }}",
                  "settings": {
                    "server_url": "{{ .server_url }}"
                  }
                }
              ],
              "OAUTH_PKCE_ENABLED": "True"
            }
          }
  data:
    - secretKey: psql_pass
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[5].value
    - secretKey: oauth_id
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 07d4efd9-597c-4a4c-a78d-13bfc43e6055
        property: fields[0].value
    - secretKey: oauth_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 07d4efd9-597c-4a4c-a78d-13bfc43e6055
        property: fields[1].value
    - secretKey: server_url
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 07d4efd9-597c-4a4c-a78d-13bfc43e6055
        property: fields[2].value
Added paperless 2025-04-13 15:58:11 +01:00			`---`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: postgres-creds`
			`namespace: paperless-ngx`
			`spec:`
			`target:`
			`name: postgres-creds`
			`deletionPolicy: Delete`
			`template:`
			`type: Opaque`
			`data:`
			`psql_user: paperless`
			`psql_pass: \|-`
			`{{ .psql_pass }}`
			`oauth_config: \|-`
			`{`
			`"openid_connect": {`
			`"APPS": [`
			`{`
			`"provider_id": "authentik",`
			`"name": "Authentik",`
			`"client_id": "{{ .oauth_id }}",`
			`"secret": "{{ .oauth_secret }}",`
			`"settings": {`
			`"server_url": "{{ .server_url }}"`
			`}`
			`}`
			`],`
			`"OAUTH_PKCE_ENABLED": "True"`
			`}`
			`}`
			`data:`
			`- secretKey: psql_pass`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[5].value`
			`- secretKey: oauth_id`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 07d4efd9-597c-4a4c-a78d-13bfc43e6055`
			`property: fields[0].value`
			`- secretKey: oauth_secret`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 07d4efd9-597c-4a4c-a78d-13bfc43e6055`
			`property: fields[1].value`
			`- secretKey: server_url`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 07d4efd9-597c-4a4c-a78d-13bfc43e6055`
			`property: fields[2].value`