homelab/k8s/core/authentik/external-secrets.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: authentik-creds
  namespace: authentik
spec:
  target:
    name: authentik-creds
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        AUTHENTIK_HOST: "https://idm.hexor.cy"
        AUTHENTIK_COOKIE_DOMAIN: "hexor.cy"
        AUTHENTIK_POSTGRESQL__USER: |-
          {{ .username }}
        AUTHENTIK_POSTGRESQL__PASSWORD: |-
          {{ .password }}
        AUTHENTIK_SECRET_KEY: |-
          {{ .secret_key }}
  data:
    - secretKey: password
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 279c2c1f-c147-4b6b-a511-36c3cd764f9d
        property: login.password
    - secretKey: username
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 279c2c1f-c147-4b6b-a511-36c3cd764f9d
        property: login.username
    - secretKey: secret_key
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 279c2c1f-c147-4b6b-a511-36c3cd764f9d
        property: fields[0].value