pieced-threema-gateway-public/deploy/helm/pieced-threema-gateway/templates/externalsecret.yaml

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: threema-credentials
  namespace: {{ .Values.namespace }}
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: openbao-backend
    kind: ClusterSecretStore
  target:
    name: threema-credentials
    creationPolicy: Owner
  data:
    - secretKey: api-identity
      remoteRef:
        key: {{ .Values.secrets.threemaPath }}
        property: api-identity
    - secretKey: api-secret
      remoteRef:
        key: {{ .Values.secrets.threemaPath }}
        property: api-secret
    - secretKey: private-key
      remoteRef:
        key: {{ .Values.secrets.threemaPath }}
        property: private-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: threema-admin-token
  namespace: {{ .Values.namespace }}
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: openbao-backend
    kind: ClusterSecretStore
  target:
    name: threema-admin-token
    creationPolicy: Owner
  data:
    - secretKey: token
      remoteRef:
        key: {{ .Values.secrets.adminTokenPath }}
        property: token