From 044cae85e3f7b56a8c2ec1d6b49057f48f3a54b5 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Sat, 27 Dec 2025 21:27:08 +0900
Subject: [PATCH] FEAT(velero): add velero and falco UI auth

- secrets from Vault
---
 velero/argocd/velero-ui.yaml       |  4 +++-
 velero/kustomization.yaml          |  1 +
 velero/vault/velero-ui-secret.yaml | 23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 velero/vault/velero-ui-secret.yaml

diff --git a/velero/argocd/velero-ui.yaml b/velero/argocd/velero-ui.yaml
index eb079cc..8a843e3 100644
--- a/velero/argocd/velero-ui.yaml
+++ b/velero/argocd/velero-ui.yaml
@@ -40,7 +40,9 @@ spec:
 
         # Environment variables
         env: []
-        envFrom: []
+        envFrom:
+          - secretRef:
+              name: velero-ui-secret
 
         # Pod security context
         podSecurityContext:
diff --git a/velero/kustomization.yaml b/velero/kustomization.yaml
index 5f4a442..464fa0c 100644
--- a/velero/kustomization.yaml
+++ b/velero/kustomization.yaml
@@ -7,4 +7,5 @@ resources:
 
   # Velero credentials from Vault
   - external-secret.yaml
+  - vault/velero-ui-secret.yaml
   - ingress/velero-ui-ingress.yaml
diff --git a/velero/vault/velero-ui-secret.yaml b/velero/vault/velero-ui-secret.yaml
new file mode 100644
index 0000000..415b305
--- /dev/null
+++ b/velero/vault/velero-ui-secret.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: velero-ui-secret
+  namespace: velero
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: velero-ui-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: username
+      remoteRef:
+        key: cluster-infrastructure/velero
+        property: UI_USERNAME
+    - secretKey: password
+      remoteRef:
+        key: cluster-infrastructure/velero
+        property: UI_PASSWORD
+