# ExternalSecret for eblume superuser password
#
# Replaces the manual op inject workflow from secret-eblume.yaml.tpl
#
# 1Password item: "postgres" in blumeops vault
# Field: "password"
#
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: blumeops-pg-eblume
  namespace: databases
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-blumeops
  target:
    name: blumeops-pg-eblume
    creationPolicy: Owner
    template:
      type: kubernetes.io/basic-auth
      data:
        username: eblume
        password: "{{ .password }}"
  data:
  - secretKey: password
    remoteRef:
      key: postgres
      property: password