# services/mailu/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: mailu-vault
  namespace: mailu-mailserver
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "mailu-mailserver"
    objects: |
      - objectName: "mailu-secret__secret-key"
        secretPath: "kv/data/atlas/mailu/mailu-secret"
        secretKey: "secret-key"
      - objectName: "postmark-relay__relay-username"
        secretPath: "kv/data/atlas/shared/postmark-relay"
        secretKey: "relay-username"
      - objectName: "postmark-relay__relay-password"
        secretPath: "kv/data/atlas/shared/postmark-relay"
        secretKey: "relay-password"
      - objectName: "mailu-db-secret__database"
        secretPath: "kv/data/atlas/mailu/mailu-db-secret"
        secretKey: "database"
      - objectName: "mailu-db-secret__username"
        secretPath: "kv/data/atlas/mailu/mailu-db-secret"
        secretKey: "username"
      - objectName: "mailu-db-secret__password"
        secretPath: "kv/data/atlas/mailu/mailu-db-secret"
        secretKey: "password"
      - objectName: "mailu-db-secret__url"
        secretPath: "kv/data/atlas/mailu/mailu-db-secret"
        secretKey: "url"
      - objectName: "mailu-initial-account-secret__password"
        secretPath: "kv/data/atlas/mailu/mailu-initial-account-secret"
        secretKey: "password"
      - objectName: "mailu-sync-credentials__client-id"
        secretPath: "kv/data/atlas/mailu/mailu-sync-credentials"
        secretKey: "client-id"
      - objectName: "mailu-sync-credentials__client-secret"
        secretPath: "kv/data/atlas/mailu/mailu-sync-credentials"
        secretKey: "client-secret"
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/harbor-pull/mailu-mailserver"
        secretKey: "dockerconfigjson"
  secretObjects:
    - secretName: mailu-secret
      type: Opaque
      data:
        - objectName: mailu-secret__secret-key
          key: secret-key
    - secretName: mailu-postmark-relay
      type: Opaque
      data:
        - objectName: postmark-relay__relay-username
          key: relay-username
        - objectName: postmark-relay__relay-password
          key: relay-password
    - secretName: mailu-db-secret
      type: Opaque
      data:
        - objectName: mailu-db-secret__database
          key: database
        - objectName: mailu-db-secret__username
          key: username
        - objectName: mailu-db-secret__password
          key: password
        - objectName: mailu-db-secret__url
          key: url
    - secretName: mailu-initial-account-secret
      type: Opaque
      data:
        - objectName: mailu-initial-account-secret__password
          key: password
    - secretName: mailu-sync-credentials
      type: Opaque
      data:
        - objectName: mailu-sync-credentials__client-id
          key: client-id
        - objectName: mailu-sync-credentials__client-secret
          key: client-secret
    - secretName: harbor-regcred
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson