--- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: matrix-postgres-creds spec: target: name: matrix-postgres-creds deletionPolicy: Delete template: type: Opaque data: synapse_db_password: |- {{ .synapse_db_password }} mas_db_password: |- {{ .mas_db_password }} data: - secretKey: synapse_db_password sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: CHANGE_ME property: CHANGE_ME - secretKey: mas_db_password sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: CHANGE_ME property: CHANGE_ME --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: matrix-oidc-config spec: target: name: matrix-oidc-config deletionPolicy: Delete template: type: Opaque data: mas-oidc.yaml: | upstream_oauth2: providers: - id: authentik human_name: Authentik issuer: https://idm.hexor.cy/application/o/matrix/ client_id: {{ .oauth_client_id }} client_secret: {{ .oauth_client_secret }} scope: "openid profile email" claims_imports: localpart: action: require template: "{{ `{{ user.preferred_username }}` }}" displayname: action: suggest template: "{{ `{{ user.name }}` }}" email: action: suggest template: "{{ `{{ user.email }}` }}" set_email_verification: always data: - secretKey: oauth_client_id sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: CHANGE_ME property: CHANGE_ME - secretKey: oauth_client_secret sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: CHANGE_ME property: CHANGE_ME