# services/comms/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: comms-vault
  namespace: comms
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "comms"
    objects: |
      - objectName: "turn-shared-secret__TURN_STATIC_AUTH_SECRET"
        secretPath: "kv/data/atlas/comms/turn-shared-secret"
        secretKey: "TURN_STATIC_AUTH_SECRET"
      - objectName: "livekit-api__primary"
        secretPath: "kv/data/atlas/comms/livekit-api"
        secretKey: "primary"
      - objectName: "synapse-db__POSTGRES_PASSWORD"
        secretPath: "kv/data/atlas/comms/synapse-db"
        secretKey: "POSTGRES_PASSWORD"
      - objectName: "synapse-redis__redis-password"
        secretPath: "kv/data/atlas/comms/synapse-redis"
        secretKey: "redis-password"
      - objectName: "synapse-macaroon__macaroon_secret_key"
        secretPath: "kv/data/atlas/comms/synapse-macaroon"
        secretKey: "macaroon_secret_key"
      - objectName: "atlasbot-credentials-runtime__bot-password"
        secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime"
        secretKey: "bot-password"
      - objectName: "atlasbot-credentials-runtime__seeder-password"
        secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime"
        secretKey: "seeder-password"
      - objectName: "chat-ai-keys-runtime__matrix"
        secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime"
        secretKey: "matrix"
      - objectName: "chat-ai-keys-runtime__homepage"
        secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime"
        secretKey: "homepage"
      - objectName: "mas-admin-client-runtime__client_secret"
        secretPath: "kv/data/atlas/comms/mas-admin-client-runtime"
        secretKey: "client_secret"
      - objectName: "mas-db__password"
        secretPath: "kv/data/atlas/comms/mas-db"
        secretKey: "password"
      - objectName: "mas-secrets-runtime__encryption"
        secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
        secretKey: "encryption"
      - objectName: "mas-secrets-runtime__matrix_shared_secret"
        secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
        secretKey: "matrix_shared_secret"
      - objectName: "mas-secrets-runtime__keycloak_client_secret"
        secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
        secretKey: "keycloak_client_secret"
      - objectName: "mas-secrets-runtime__rsa_key"
        secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
        secretKey: "rsa_key"
      - objectName: "othrys-synapse-signingkey__signing.key"
        secretPath: "kv/data/atlas/comms/othrys-synapse-signingkey"
        secretKey: "signing.key"
      - objectName: "synapse-oidc__client-secret"
        secretPath: "kv/data/atlas/comms/synapse-oidc"
        secretKey: "client-secret"
  secretObjects:
    - secretName: turn-shared-secret
      type: Opaque
      data:
        - objectName: turn-shared-secret__TURN_STATIC_AUTH_SECRET
          key: TURN_STATIC_AUTH_SECRET
    - secretName: livekit-api
      type: Opaque
      data:
        - objectName: livekit-api__primary
          key: primary
    - secretName: synapse-db
      type: Opaque
      data:
        - objectName: synapse-db__POSTGRES_PASSWORD
          key: POSTGRES_PASSWORD
    - secretName: synapse-redis
      type: Opaque
      data:
        - objectName: synapse-redis__redis-password
          key: redis-password
    - secretName: synapse-macaroon
      type: Opaque
      data:
        - objectName: synapse-macaroon__macaroon_secret_key
          key: macaroon_secret_key
    - secretName: atlasbot-credentials-runtime
      type: Opaque
      data:
        - objectName: atlasbot-credentials-runtime__bot-password
          key: bot-password
        - objectName: atlasbot-credentials-runtime__seeder-password
          key: seeder-password
    - secretName: chat-ai-keys-runtime
      type: Opaque
      data:
        - objectName: chat-ai-keys-runtime__matrix
          key: matrix
        - objectName: chat-ai-keys-runtime__homepage
          key: homepage
    - secretName: mas-admin-client-runtime
      type: Opaque
      data:
        - objectName: mas-admin-client-runtime__client_secret
          key: client_secret
    - secretName: mas-db
      type: Opaque
      data:
        - objectName: mas-db__password
          key: password
    - secretName: mas-secrets-runtime
      type: Opaque
      data:
        - objectName: mas-secrets-runtime__encryption
          key: encryption
        - objectName: mas-secrets-runtime__matrix_shared_secret
          key: matrix_shared_secret
        - objectName: mas-secrets-runtime__keycloak_client_secret
          key: keycloak_client_secret
        - objectName: mas-secrets-runtime__rsa_key
          key: rsa_key
    - secretName: othrys-synapse-signingkey
      type: Opaque
      data:
        - objectName: othrys-synapse-signingkey__signing.key
          key: signing.key
    - secretName: synapse-oidc
      type: Opaque
      data:
        - objectName: synapse-oidc__client-secret
          key: client-secret