apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: oauth2-proxy-{{ .Env.APP_NAME }}-config
  namespace: {{ .Env.APP_NAMESPACE }}
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-secret-store
    kind: ClusterSecretStore
  target:
    name: oauth2-proxy-{{ .Env.APP_NAME }}-config
    creationPolicy: Owner
    template:
      type: Opaque
      data:
        client_id: "{{ `{{ .client_id }}` }}"
        client_secret: "{{ `{{ .client_secret }}` }}"
        cookie_secret: "{{ `{{ .cookie_secret }}` }}"
  data:
  - secretKey: client_id
    remoteRef:
      key: oauth2-proxy/{{ .Env.APP_NAME }}
      property: client_id
  - secretKey: client_secret
    remoteRef:
      key: oauth2-proxy/{{ .Env.APP_NAME }}
      property: client_secret
  - secretKey: cookie_secret
    remoteRef:
      key: oauth2-proxy/{{ .Env.APP_NAME }}
      property: cookie_secret