From 384d73d1fa7c5d538724ffbee29da29e16b21442 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Tue, 6 Jan 2026 16:53:10 +0900
Subject: [PATCH] REFACTOR(secrets): flatten Vault paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Change secret paths from <category>/<app> to <app>
- databases/postgresql → postgresql
- cluster-infrastructure/authelia → authelia
---
 authelia/manifests/secret.yaml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/authelia/manifests/secret.yaml b/authelia/manifests/secret.yaml
index c83ced7..5b7b774 100644
--- a/authelia/manifests/secret.yaml
+++ b/authelia/manifests/secret.yaml
@@ -15,45 +15,45 @@ spec:
     # Storage password (PostgreSQL)
     - secretKey: storage.postgres.password.txt
       remoteRef:
-        key: databases/postgresql
+        key: postgresql
         property: PASSWORD
     # Session encryption key
     - secretKey: session.encryption.key
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: SESSION_SECRET
     # Storage encryption key
     - secretKey: storage.encryption.key
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: STORAGE_ENCRYPTION_KEY
     # JWT HMAC key for identity validation (password reset)
     - secretKey: identity_validation.reset_password.jwt.hmac.key
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: JWT_HMAC_KEY
     # OIDC HMAC key
     - secretKey: identity_providers.oidc.hmac.key
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: OIDC_HMAC_SECRET
     # OIDC JWKS private key
     - secretKey: identity_providers.oidc.jwks.key
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: OIDC_JWKS_PRIVATE_KEY
     # Headlamp OIDC client secret
     - secretKey: HEADLAMP_CLIENT_SECRET
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: HEADLAMP_CLIENT_SECRET
     # Vault OIDC client secret
     - secretKey: VAULT_CLIENT_SECRET
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: VAULT_CLIENT_SECRET
     # Immich OIDC client secret
     - secretKey: IMMICH_CLIENT_SECRET
       remoteRef:
-        key: cluster-infrastructure/authelia
+        key: authelia
         property: IMMICH_CLIENT_SECRET