apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: velero-s3-credentials
  namespace: velero
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: velero-s3-credentials
    creationPolicy: Owner
    template:
      type: Opaque
      data:
        cloud: |
          [default]
          aws_access_key_id={{ .minioAccessKey }}
          aws_secret_access_key="{{ .minioSecretKey }}"
  data:
    - secretKey: minioAccessKey
      remoteRef:
        key: databases/minio
        property: ROOT_USER
    - secretKey: minioSecretKey
      remoteRef:
        key: databases/minio
        property: ROOT_PASSWORD

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: velero-ui-secret
  namespace: velero
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: velero-ui-secret
    creationPolicy: Owner
  data:
    - secretKey: username
      remoteRef:
        key: cluster-infrastructure/velero
        property: UI_USERNAME
    - secretKey: password
      remoteRef:
        key: cluster-infrastructure/velero
        property: UI_PASSWORD