apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: authelia-secrets
  namespace: authelia
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: authelia-secrets
    creationPolicy: Owner
  data:
    - secretKey: JWT_TOKEN
      remoteRef:
        key: cluster-infrastructure/authelia
        property: JWT_SECRET
    - secretKey: SESSION_ENCRYPTION_KEY
      remoteRef:
        key: cluster-infrastructure/authelia
        property: SESSION_SECRET
    - secretKey: STORAGE_ENCRYPTION_KEY
      remoteRef:
        key: cluster-infrastructure/authelia
        property: STORAGE_ENCRYPTION_KEY