--- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: postgres-creds spec: target: name: postgres-secret deletionPolicy: Delete template: type: Opaque data: PGADMIN_DEFAULT_EMAIL: |- {{ .username }} PGADMIN_DEFAULT_PASSWORD: |- {{ .password }} PGADMIN_CONFIG_OAUTH2_CONFIG: |- [ { 'OAUTH2_NAME': 'Authentik', 'OAUTH2_DISPLAY_NAME': 'Authentik', 'OAUTH2_CLIENT_ID': '{{ .client_id }}', 'OAUTH2_CLIENT_SECRET': '{{ .client_secret }}', 'OAUTH2_TOKEN_URL': '{{ .pgadmin_url }}/application/o/token/', 'OAUTH2_AUTHORIZATION_URL': '{{ .pgadmin_url }}/application/o/authorize/', 'OAUTH2_SERVER_METADATA_URL': '{{ .pgadmin_url }}/application/o/pgadmin/.well-known/openid-configuration', 'OAUTH2_API_BASE_URL': '{{ .pgadmin_url }}', 'OAUTH2_USERINFO_ENDPOINT': '{{ .pgadmin_url }}/application/o/userinfo/', 'OAUTH2_SCOPE': 'openid profile email', 'OAUTH2_USERNAME_CLAIM': 'email', 'OAUTH2_BUTTON_COLOR': '#000000', 'OAUTH2_SSL_CERT_VERIFICATION': False, 'OAUTH2_LOGOUT_URL': '{{ .pgadmin_url }}/application/o/pgadmin/end-session/' } ] data: - secretKey: username sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 832042b9-7edb-4f4c-9254-3c8884ba9733 property: login.username - secretKey: password sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 832042b9-7edb-4f4c-9254-3c8884ba9733 property: login.password - secretKey: client_id sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 832042b9-7edb-4f4c-9254-3c8884ba9733 property: fields[0].value - secretKey: client_secret sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 832042b9-7edb-4f4c-9254-3c8884ba9733 property: fields[1].value - secretKey: pgadmin_url sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 832042b9-7edb-4f4c-9254-3c8884ba9733 property: fields[2].value --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: postgres-users spec: target: name: postgres-users deletionPolicy: Delete template: type: Opaque data: USER_authentik: |- {{ .authentik }} USER_paperless: |- {{ .paperless }} USER_nextcloud: |- {{ .nextcloud }} USER_outfleet: |- {{ .outfleet }} USER_grafana: |- {{ .grafana }} USER_khm: |- {{ .khm }} data: - secretKey: authentik sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 2a9deb39-ef22-433e-a1be-df1555625e22 property: fields[0].value - secretKey: outfleet sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 2a9deb39-ef22-433e-a1be-df1555625e22 property: fields[1].value - secretKey: grafana sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 2a9deb39-ef22-433e-a1be-df1555625e22 property: fields[2].value - secretKey: khm sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 2a9deb39-ef22-433e-a1be-df1555625e22 property: fields[3].value - secretKey: nextcloud sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 2a9deb39-ef22-433e-a1be-df1555625e22 property: fields[4].value - secretKey: paperless sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 2a9deb39-ef22-433e-a1be-df1555625e22 property: fields[5].value