ariadne: split portal and ariadne db secrets

services/maintenance/ariadne-deployment.yaml

@@ -24,7 +24,9 @@ spec:
         vault.hashicorp.com/agent-inject-template-ariadne-env.sh: |
           {{ with secret "kv/data/atlas/maintenance/ariadne-db" }}
           export ARIADNE_DATABASE_URL="{{ .Data.data.database_url }}"
-          export PORTAL_DATABASE_URL="{{ .Data.data.database_url }}"
+          {{ end }}
+          {{ with secret "kv/data/atlas/portal/atlas-portal-db" }}
+          export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"
           {{ end }}
           {{ with secret "kv/data/atlas/portal/bstein-dev-home-keycloak-admin" }}
           export KEYCLOAK_ADMIN_CLIENT_SECRET="{{ .Data.data.client_secret }}"

services/vault/scripts/vault_k8s_auth_configure.sh

@@ -231,7 +231,7 @@ write_policy_and_role "crypto" "crypto" "crypto-vault-sync" \
 write_policy_and_role "health" "health" "health-vault-sync" \
   "health/*" ""
 write_policy_and_role "maintenance" "maintenance" "ariadne,maintenance-vault-sync" \
-  "maintenance/ariadne-db portal/bstein-dev-home-keycloak-admin mailu/mailu-db-secret mailu/mailu-initial-account-secret nextcloud/nextcloud-db nextcloud/nextcloud-admin health/wger-admin finance/firefly-secrets comms/mas-admin-client-runtime comms/atlasbot-credentials-runtime comms/synapse-db vault/vault-oidc-config shared/harbor-pull" ""
+  "maintenance/ariadne-db portal/atlas-portal-db portal/bstein-dev-home-keycloak-admin mailu/mailu-db-secret mailu/mailu-initial-account-secret nextcloud/nextcloud-db nextcloud/nextcloud-admin health/wger-admin finance/firefly-secrets comms/mas-admin-client-runtime comms/atlasbot-credentials-runtime comms/synapse-db vault/vault-oidc-config shared/harbor-pull" ""
 write_policy_and_role "finance" "finance" "finance-vault" \
   "finance/* shared/postmark-relay" ""
 write_policy_and_role "finance-secrets" "finance" "finance-secrets-ensure" \