homelab/k8s/core/argocd/external-secrets.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: oidc-creds
  namespace: argocd
spec:
  target:
    name: oidc-creds
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        dex.authentik.clientID: "{{ .client_id | quote }}"
        dex.authentik.clientSecret: "{{ .client_secret | quote }}"
  data:
    - secretKey: client_id
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 1062e5b4-5380-49f1-97c3-340f26f3487e
        property: fields[0].value
    - secretKey: client_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 1062e5b4-5380-49f1-97c3-340f26f3487e
        property: fields[1].value