# services/maintenance/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: maintenance-vault
  namespace: maintenance
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "maintenance"
    objects: |
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/shared/harbor-pull"
        secretKey: "dockerconfigjson"
      - objectName: "harbor-core__harbor_admin_password"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "harbor_admin_password"
      - objectName: "metis-ssh-keys__bastion_pub"
        secretPath: "kv/data/atlas/maintenance/metis-ssh-keys"
        secretKey: "bastion_pub"
      - objectName: "metis-ssh-keys__brad_pub"
        secretPath: "kv/data/atlas/maintenance/metis-ssh-keys"
        secretKey: "brad_pub"
      - objectName: "metis-ssh-keys__hecate_tethys_pub"
        secretPath: "kv/data/atlas/maintenance/metis-ssh-keys"
        secretKey: "hecate_tethys_pub"
  secretObjects:
    - secretName: harbor-regcred
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson
    - secretName: metis-harbor
      type: Opaque
      data:
        - objectName: harbor-core__harbor_admin_password
          key: METIS_HARBOR_PASSWORD
    - secretName: metis-ssh-keys
      type: Opaque
      data:
        - objectName: metis-ssh-keys__bastion_pub
          key: bastion_pub
        - objectName: metis-ssh-keys__brad_pub
          key: brad_pub
        - objectName: metis-ssh-keys__hecate_tethys_pub
          key: hecate_tethys_pub