apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: immich-postgres-password
  namespace: immich
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: immich-postgres-password
    creationPolicy: Owner
  data:
    - secretKey: password
      remoteRef:
        key: postgresql
        property: PASSWORD

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: immich-oidc
  namespace: immich
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: immich-oidc
    creationPolicy: Owner
  data:
    - secretKey: OAUTH_CLIENT_SECRET
      remoteRef:
        key: authelia
        property: IMMICH_CLIENT_SECRET