k8s/apps/remnawave/external-secrets.yaml

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: remnawave-secrets
spec:
  target:
    name: remnawave-secrets
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        METRICS_USER: admin
        FRONT_END_DOMAIN: rw.hexor.cy
        SUB_PUBLIC_DOMAIN: rw.hexor.cy/api/sub
        REDIS_HOST: remnawave-redis
        REDIS_PORT: "6379"

        DATABASE_URL: |-
          postgresql://remnawave:{{ .pg_pass }}@psql.psql.svc:5432/remnawave
        JWT_AUTH_SECRET: |-
          {{ .jwt_auth_secret }}
        JWT_API_TOKENS_SECRET: |-
          {{ .jwt_api_tokens_secret }}
        METRICS_PASS: |-
          {{ .metrics_pass }}
        WEBHOOK_SECRET_HEADER: |-
          {{ .webhook_secret }}

  data:
    - secretKey: pg_pass
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[10].value
    - secretKey: jwt_auth_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 0d090436-5e82-453a-914c-19cec2abded1
        property: fields[0].value
    - secretKey: jwt_api_tokens_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 0d090436-5e82-453a-914c-19cec2abded1
        property: fields[1].value
    - secretKey: metrics_pass
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 0d090436-5e82-453a-914c-19cec2abded1
        property: fields[2].value
    - secretKey: webhook_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 0d090436-5e82-453a-914c-19cec2abded1
        property: fields[3].value
Added Remnawave 2025-11-24 16:32:00 +02:00			`---`
			`apiVersion: external-secrets.io/v1`
			`kind: ExternalSecret`
			`metadata:`
			`name: remnawave-secrets`
			`spec:`
			`target:`
			`name: remnawave-secrets`
			`deletionPolicy: Delete`
			`template:`
			`type: Opaque`
			`data:`
Added secrets 2025-11-24 16:57:02 +02:00			`METRICS_USER: admin`
			`FRONT_END_DOMAIN: rw.hexor.cy`
			`SUB_PUBLIC_DOMAIN: rw.hexor.cy/api/sub`
			`REDIS_HOST: remnawave-redis`
Added secrets 2025-11-24 16:57:39 +02:00			`REDIS_PORT: "6379"`
Added secrets 2025-11-24 16:57:02 +02:00
Added Remnawave 2025-11-24 16:32:00 +02:00			`DATABASE_URL: \|-`
			`postgresql://remnawave:{{ .pg_pass }}@psql.psql.svc:5432/remnawave`
Added secrets 2025-11-24 16:54:04 +02:00			`JWT_AUTH_SECRET: \|-`
			`{{ .jwt_auth_secret }}`
			`JWT_API_TOKENS_SECRET: \|-`
			`{{ .jwt_api_tokens_secret }}`
			`METRICS_PASS: \|-`
			`{{ .metrics_pass }}`
			`WEBHOOK_SECRET_HEADER: \|-`
			`{{ .webhook_secret }}`
Added Remnawave 2025-11-24 16:32:00 +02:00
			`data:`
			`- secretKey: pg_pass`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[10].value`
Added secrets 2025-11-24 16:54:04 +02:00			`- secretKey: jwt_auth_secret`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 0d090436-5e82-453a-914c-19cec2abded1`
			`property: fields[0].value`
			`- secretKey: jwt_api_tokens_secret`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 0d090436-5e82-453a-914c-19cec2abded1`
			`property: fields[1].value`
			`- secretKey: metrics_pass`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 0d090436-5e82-453a-914c-19cec2abded1`
			`property: fields[2].value`
			`- secretKey: webhook_secret`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 0d090436-5e82-453a-914c-19cec2abded1`
			`property: fields[3].value`