# services/keycloak/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: sso-vault
  namespace: sso
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "sso"
    objects: |
      - objectName: "keycloak-db__POSTGRES_DATABASE"
        secretPath: "kv/data/atlas/sso/keycloak-db"
        secretKey: "POSTGRES_DATABASE"
      - objectName: "keycloak-db__POSTGRES_USER"
        secretPath: "kv/data/atlas/sso/keycloak-db"
        secretKey: "POSTGRES_USER"
      - objectName: "keycloak-db__POSTGRES_PASSWORD"
        secretPath: "kv/data/atlas/sso/keycloak-db"
        secretKey: "POSTGRES_PASSWORD"
      - objectName: "keycloak-admin__username"
        secretPath: "kv/data/atlas/shared/keycloak-admin"
        secretKey: "username"
      - objectName: "keycloak-admin__password"
        secretPath: "kv/data/atlas/shared/keycloak-admin"
        secretKey: "password"
      - objectName: "portal-e2e-client__client_id"
        secretPath: "kv/data/atlas/shared/portal-e2e-client"
        secretKey: "client_id"
      - objectName: "portal-e2e-client__client_secret"
        secretPath: "kv/data/atlas/shared/portal-e2e-client"
        secretKey: "client_secret"
      - objectName: "openldap-admin__LDAP_ADMIN_PASSWORD"
        secretPath: "kv/data/atlas/sso/openldap-admin"
        secretKey: "LDAP_ADMIN_PASSWORD"
      - objectName: "openldap-admin__LDAP_CONFIG_PASSWORD"
        secretPath: "kv/data/atlas/sso/openldap-admin"
        secretKey: "LDAP_CONFIG_PASSWORD"