# services/gitea/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: gitea-vault
  namespace: gitea
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "gitea"
    objects: |
      - objectName: "gitea-db-secret__password"
        secretPath: "kv/data/atlas/gitea/gitea-db-secret"
        secretKey: "password"
      - objectName: "gitea-secret__SECRET_KEY"
        secretPath: "kv/data/atlas/gitea/gitea-secret"
        secretKey: "SECRET_KEY"
      - objectName: "gitea-secret__INTERNAL_TOKEN"
        secretPath: "kv/data/atlas/gitea/gitea-secret"
        secretKey: "INTERNAL_TOKEN"
      - objectName: "gitea-oidc__client_id"
        secretPath: "kv/data/atlas/gitea/gitea-oidc"
        secretKey: "client_id"
      - objectName: "gitea-oidc__client_secret"
        secretPath: "kv/data/atlas/gitea/gitea-oidc"
        secretKey: "client_secret"
      - objectName: "gitea-oidc__openid_auto_discovery_url"
        secretPath: "kv/data/atlas/gitea/gitea-oidc"
        secretKey: "openid_auto_discovery_url"