# services/pegasus/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: pegasus-vault
  namespace: jellyfin
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "pegasus"
    objects: |
      - objectName: "pegasus-secrets__PEGASUS_SESSION_KEY"
        secretPath: "kv/data/atlas/pegasus/pegasus-secrets"
        secretKey: "PEGASUS_SESSION_KEY"
      - objectName: "pegasus-secrets__JELLYFIN_URL"
        secretPath: "kv/data/atlas/pegasus/pegasus-secrets"
        secretKey: "JELLYFIN_URL"
      - objectName: "pegasus-secrets__JELLYFIN_API_KEY"
        secretPath: "kv/data/atlas/pegasus/pegasus-secrets"
        secretKey: "JELLYFIN_API_KEY"
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/harbor-pull/jellyfin"
        secretKey: "dockerconfigjson"
  secretObjects:
    - secretName: pegasus-secrets
      type: Opaque
      data:
        - objectName: pegasus-secrets__PEGASUS_SESSION_KEY
          key: PEGASUS_SESSION_KEY
        - objectName: pegasus-secrets__JELLYFIN_URL
          key: JELLYFIN_URL
        - objectName: pegasus-secrets__JELLYFIN_API_KEY
          key: JELLYFIN_API_KEY
    - secretName: harbor-regcred
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson