maintenance(soteria): source restic credentials from vault

2026-04-13 02:54:05 -03:00 · 2026-04-13 02:54:05 -03:00 · ac12a9bfed
commit ac12a9bfed
parent 8a371e1267
1 changed files with 23 additions and 0 deletions
--- a/services/maintenance/secretproviderclass.yaml
+++ b/services/maintenance/secretproviderclass.yaml
@ -13,9 +13,32 @@ spec:
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/shared/harbor-pull"
        secretKey: "dockerconfigjson"
+      - objectName: "soteria-restic__AWS_ACCESS_KEY_ID"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "AWS_ACCESS_KEY_ID"
+      - objectName: "soteria-restic__AWS_SECRET_ACCESS_KEY"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "AWS_SECRET_ACCESS_KEY"
+      - objectName: "soteria-restic__RESTIC_PASSWORD"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "RESTIC_PASSWORD"
+      - objectName: "soteria-restic__AWS_ENDPOINTS"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "AWS_ENDPOINTS"
  secretObjects:
    - secretName: harbor-regcred
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson
+    - secretName: soteria-restic
+      type: Opaque
+      data:
+        - objectName: soteria-restic__AWS_ACCESS_KEY_ID
+          key: AWS_ACCESS_KEY_ID
+        - objectName: soteria-restic__AWS_SECRET_ACCESS_KEY
+          key: AWS_SECRET_ACCESS_KEY
+        - objectName: soteria-restic__RESTIC_PASSWORD
+          key: RESTIC_PASSWORD
+        - objectName: soteria-restic__AWS_ENDPOINTS
+          key: AWS_ENDPOINTS