apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: airflow-env-external-secret
  namespace: {{ .Env.AIRFLOW_NAMESPACE }}
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-secret-store
    kind: ClusterSecretStore
  target:
    name: airflow-env-secret
    creationPolicy: Owner
    template:
      data:
        # Fixed values - customize as needed
        AWS_ENDPOINT_URL: "http://minio.minio.svc.cluster.local:9000"
        DESTINATION__POSTGRES__DATA_WRITER__INSERT_VALUES_MAX_ROWS: "10000"
        # Template values from Vault - reference via {{ .postgres_user }}
        POSTGRES_USER: "{{ .postgres_user }}"
        POSTGRES_PASSWORD: "{{ .postgres_password }}"
        # Add more fixed values here:
        # SOME_CONFIG_VALUE: "fixed-value"
        #
        # Add more Vault references here:
        # AWS_ACCESS_KEY_ID: "{{ .aws_access_key_id }}"
        # AWS_SECRET_ACCESS_KEY: "{{ .aws_secret_access_key }}"
  data:
  # PostgreSQL configuration - fetch from Vault
  - secretKey: postgres_user
    remoteRef:
      key: postgres/admin
      property: username
  - secretKey: postgres_password
    remoteRef:
      key: postgres/admin
      property: password
  # Add more Vault references here:
  # - secretKey: aws_access_key_id
  #   remoteRef:
  #     key: minio
  #     property: access_key_id
  # - secretKey: aws_secret_access_key
  #   remoteRef:
  #     key: minio
  #     property: secret_access_key