REFACTOR(repo): move vault/ to manifests/

- Move ExternalSecret files from vault/ to manifests/secret.yaml - Merge multiple secrets with --- separator (immich) - Update kustomization.yaml references - Remove vault/ folders Apps: umami, immich, code-server
2026-01-06 16:43:34 +09:00
parent 0c2ebe80b2
commit 068d9339b9
7 changed files with 23 additions and 22 deletions
--- a/immich/manifests/secret.yaml
+++ b/immich/manifests/secret.yaml
@@ -0,0 +1,38 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-postgres-password
+  namespace: immich
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: immich-postgres-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: databases/postgresql
+        property: PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-oidc
+  namespace: immich
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: immich-oidc
+    creationPolicy: Owner
+  data:
+    - secretKey: OAUTH_CLIENT_SECRET
+      remoteRef:
+        key: cluster-infrastructure/authelia
+        property: IMMICH_CLIENT_SECRET