# services/comms/secretproviderclass.yaml apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: comms-vault namespace: comms spec: provider: vault parameters: vaultAddress: "http://vault.vault.svc.cluster.local:8200" roleName: "comms" objects: | - objectName: "turn-secret" secretPath: "kv/data/atlas/comms/turn-shared-secret" secretKey: "TURN_STATIC_AUTH_SECRET" - objectName: "livekit-primary" secretPath: "kv/data/atlas/comms/livekit-api" secretKey: "primary" - objectName: "synapse-db-pass" secretPath: "kv/data/atlas/comms/synapse-db" secretKey: "POSTGRES_PASSWORD" - objectName: "synapse-redis__redis-password" secretPath: "kv/data/atlas/comms/synapse-redis" secretKey: "redis-password" - objectName: "synapse-macaroon__macaroon_secret_key" secretPath: "kv/data/atlas/comms/synapse-macaroon" secretKey: "macaroon_secret_key" - objectName: "bot-pass" secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime" secretKey: "bot-password" - objectName: "seeder-pass" secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime" secretKey: "seeder-password" - objectName: "chat-matrix" secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime" secretKey: "matrix" - objectName: "chat-homepage" secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime" secretKey: "homepage" - objectName: "mas-admin-secret" secretPath: "kv/data/atlas/comms/mas-admin-client-runtime" secretKey: "client_secret" - objectName: "mas-db-pass" secretPath: "kv/data/atlas/comms/mas-db" secretKey: "password" - objectName: "mas-encryption" secretPath: "kv/data/atlas/comms/mas-secrets-runtime" secretKey: "encryption" - objectName: "mas-matrix-shared" secretPath: "kv/data/atlas/comms/mas-secrets-runtime" secretKey: "matrix_shared_secret" - objectName: "mas-kc-secret" secretPath: "kv/data/atlas/comms/mas-secrets-runtime" secretKey: "keycloak_client_secret" - objectName: "mas-rsa-key" secretPath: "kv/data/atlas/comms/mas-secrets-runtime" secretKey: "rsa_key" - objectName: "othrys-synapse-signingkey__signing.key" secretPath: "kv/data/atlas/comms/othrys-synapse-signingkey" secretKey: "signing.key" - objectName: "synapse-oidc__client-secret" secretPath: "kv/data/atlas/comms/synapse-oidc" secretKey: "client-secret" - objectName: "harbor-pull__dockerconfigjson" secretPath: "kv/data/atlas/harbor-pull/comms" secretKey: "dockerconfigjson" secretObjects: - secretName: turn-shared-secret type: Opaque data: - objectName: turn-secret key: TURN_STATIC_AUTH_SECRET - secretName: livekit-api type: Opaque data: - objectName: livekit-primary key: primary - secretName: synapse-db type: Opaque data: - objectName: synapse-db-pass key: POSTGRES_PASSWORD - secretName: synapse-redis type: Opaque data: - objectName: synapse-redis__redis-password key: redis-password - secretName: synapse-macaroon type: Opaque data: - objectName: synapse-macaroon__macaroon_secret_key key: macaroon_secret_key - secretName: atlasbot-credentials-runtime type: Opaque data: - objectName: bot-pass key: bot-password - objectName: seeder-pass key: seeder-password - secretName: chat-ai-keys-runtime type: Opaque data: - objectName: chat-matrix key: matrix - objectName: chat-homepage key: homepage - secretName: mas-admin-client-runtime type: Opaque data: - objectName: mas-admin-secret key: client_secret - secretName: mas-db type: Opaque data: - objectName: mas-db-pass key: password - secretName: mas-secrets-runtime type: Opaque data: - objectName: mas-encryption key: encryption - objectName: mas-matrix-shared key: matrix_shared_secret - objectName: mas-kc-secret key: keycloak_client_secret - objectName: mas-rsa-key key: rsa_key - secretName: othrys-synapse-signingkey type: Opaque data: - objectName: othrys-synapse-signingkey__signing.key key: signing.key - secretName: synapse-oidc type: Opaque data: - objectName: synapse-oidc__client-secret key: client-secret - secretName: harbor-regcred type: kubernetes.io/dockerconfigjson data: - objectName: harbor-pull__dockerconfigjson key: .dockerconfigjson