apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: outline-secrets namespace: outline spec: refreshInterval: 1m secretStoreRef: name: vault-backend kind: ClusterSecretStore target: name: outline-secrets creationPolicy: Owner data: # Generelle Outline Secrets - secretKey: SECRET_KEY remoteRef: key: secret/apps/outline property: secret_key - secretKey: UTILS_SECRET remoteRef: key: secret/apps/outline property: utils_secret # Datenbank URLs (muss zusammengebaut werden oder direkt in Vault liegen) # Wir bauen die URL im Vault zusammen oder hier? # Outline erwartet DATABASE_URL als kompletten String. # Format: postgres://user:password@host:5432/dbname # Host für internes Postgres: outline-postgresql - secretKey: DATABASE_URL remoteRef: key: secret/apps/outline property: database_url # Redis URL # Format: redis://:password@host:6379 # Host für internes Redis: outline-redis-master - secretKey: REDIS_URL remoteRef: key: secret/apps/outline property: redis_url # Passwörter für die Subcharts (damit die Pods starten können) - secretKey: postgres-password remoteRef: key: secret/apps/outline property: postgres_password - secretKey: redis-password remoteRef: key: secret/apps/outline property: redis_password # S3 Storage Credentials - secretKey: AWS_ACCESS_KEY_ID remoteRef: key: secret/apps/outline property: aws_access_key_id - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: key: secret/apps/outline property: aws_secret_access_key # OIDC Credentials - secretKey: OIDC_CLIENT_ID remoteRef: key: secret/apps/outline property: oidc_client_id - secretKey: OIDC_CLIENT_SECRET remoteRef: key: secret/apps/outline property: oidc_client_secret - secretKey: OIDC_AUTH_URI remoteRef: key: secret/apps/outline property: oidc_auth_uri - secretKey: OIDC_TOKEN_URI remoteRef: key: secret/apps/outline property: oidc_token_uri - secretKey: OIDC_USERINFO_URI remoteRef: key: secret/apps/outline property: oidc_userinfo_uri