titan-iac/services/nextcloud/secretproviderclass.yaml

# services/nextcloud/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: nextcloud-vault
  namespace: nextcloud
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "nextcloud"
    objects: |
      - objectName: "nextcloud-db__database"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-db"
        secretKey: "database"
      - objectName: "nextcloud-db__db-username"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-db"
        secretKey: "db-username"
      - objectName: "nextcloud-db__db-password"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-db"
        secretKey: "db-password"
      - objectName: "nextcloud-admin__admin-user"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-admin"
        secretKey: "admin-user"
      - objectName: "nextcloud-admin__admin-password"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-admin"
        secretKey: "admin-password"
      - objectName: "nextcloud-oidc__client-id"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-oidc"
        secretKey: "client-id"
      - objectName: "nextcloud-oidc__client-secret"
        secretPath: "kv/data/atlas/nextcloud/nextcloud-oidc"
        secretKey: "client-secret"
      - objectName: "nextcloud-smtp__smtp-username"
        secretPath: "kv/data/atlas/shared/postmark-relay"
        secretKey: "relay-username"
      - objectName: "nextcloud-smtp__smtp-password"
        secretPath: "kv/data/atlas/shared/postmark-relay"
        secretKey: "relay-password"
      - objectName: "keycloak-admin__username"
        secretPath: "kv/data/atlas/shared/keycloak-admin"
        secretKey: "username"
      - objectName: "keycloak-admin__password"
        secretPath: "kv/data/atlas/shared/keycloak-admin"
        secretKey: "password"
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`# services/nextcloud/secretproviderclass.yaml`
			`apiVersion: secrets-store.csi.x-k8s.io/v1`
			`kind: SecretProviderClass`
			`metadata:`
			`name: nextcloud-vault`
			`namespace: nextcloud`
			`spec:`
			`provider: vault`
			`parameters:`
			`vaultAddress: "http://vault.vault.svc.cluster.local:8200"`
			`roleName: "nextcloud"`
			`objects: \|`
			`- objectName: "nextcloud-db__database"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-db"`
			`secretKey: "database"`
			`- objectName: "nextcloud-db__db-username"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-db"`
			`secretKey: "db-username"`
			`- objectName: "nextcloud-db__db-password"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-db"`
			`secretKey: "db-password"`
			`- objectName: "nextcloud-admin__admin-user"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-admin"`
			`secretKey: "admin-user"`
			`- objectName: "nextcloud-admin__admin-password"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-admin"`
			`secretKey: "admin-password"`
			`- objectName: "nextcloud-oidc__client-id"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-oidc"`
			`secretKey: "client-id"`
			`- objectName: "nextcloud-oidc__client-secret"`
			`secretPath: "kv/data/atlas/nextcloud/nextcloud-oidc"`
			`secretKey: "client-secret"`
			`- objectName: "nextcloud-smtp__smtp-username"`
vault: sync harbor pulls 2026-01-14 10:07:31 -03:00			`secretPath: "kv/data/atlas/shared/postmark-relay"`
			`secretKey: "relay-username"`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`- objectName: "nextcloud-smtp__smtp-password"`
vault: sync harbor pulls 2026-01-14 10:07:31 -03:00			`secretPath: "kv/data/atlas/shared/postmark-relay"`
			`secretKey: "relay-password"`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`- objectName: "keycloak-admin__username"`
			`secretPath: "kv/data/atlas/shared/keycloak-admin"`
			`secretKey: "username"`
			`- objectName: "keycloak-admin__password"`
			`secretPath: "kv/data/atlas/shared/keycloak-admin"`
			`secretKey: "password"`