From ac12a9bfeda65d522c27b4535b51bdbc70282c66 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Mon, 13 Apr 2026 02:54:05 -0300
Subject: [PATCH] maintenance(soteria): source restic credentials from vault

---
 services/maintenance/secretproviderclass.yaml | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/services/maintenance/secretproviderclass.yaml b/services/maintenance/secretproviderclass.yaml
index 85df2af5..c2a5145c 100644
--- a/services/maintenance/secretproviderclass.yaml
+++ b/services/maintenance/secretproviderclass.yaml
@@ -13,9 +13,32 @@ spec:
       - objectName: "harbor-pull__dockerconfigjson"
         secretPath: "kv/data/atlas/shared/harbor-pull"
         secretKey: "dockerconfigjson"
+      - objectName: "soteria-restic__AWS_ACCESS_KEY_ID"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "AWS_ACCESS_KEY_ID"
+      - objectName: "soteria-restic__AWS_SECRET_ACCESS_KEY"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "AWS_SECRET_ACCESS_KEY"
+      - objectName: "soteria-restic__RESTIC_PASSWORD"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "RESTIC_PASSWORD"
+      - objectName: "soteria-restic__AWS_ENDPOINTS"
+        secretPath: "kv/data/atlas/maintenance/soteria-restic"
+        secretKey: "AWS_ENDPOINTS"
   secretObjects:
     - secretName: harbor-regcred
       type: kubernetes.io/dockerconfigjson
       data:
         - objectName: harbor-pull__dockerconfigjson
           key: .dockerconfigjson
+    - secretName: soteria-restic
+      type: Opaque
+      data:
+        - objectName: soteria-restic__AWS_ACCESS_KEY_ID
+          key: AWS_ACCESS_KEY_ID
+        - objectName: soteria-restic__AWS_SECRET_ACCESS_KEY
+          key: AWS_SECRET_ACCESS_KEY
+        - objectName: soteria-restic__RESTIC_PASSWORD
+          key: RESTIC_PASSWORD
+        - objectName: soteria-restic__AWS_ENDPOINTS
+          key: AWS_ENDPOINTS