---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: lets-encrypt-unifi
spec:
  secretStoreRefs:
    - name: onepassword-connect
      kind: ClusterSecretStore
  selector:
    secret:
      name: ${SECRET_EXTERNAL_DOMAIN/./-}-unifi
  template:
    engineVersion: v2
    data:
      tls.crt: '{{ index . "tls.crt" | b64enc }}'
      tls.key: '{{ index . "tls.key" | b64enc }}'
      keystore.jks: '{{ index . "keystore.jks" | b64enc }}'
  data:
    - match:
        secretKey: &key tls.crt
        remoteRef:
          remoteKey: lets-encrypt-unifi
          property: *key
    - match:
        secretKey: &key tls.key
        remoteRef:
          remoteKey: lets-encrypt-unifi
          property: *key
    - match:
        secretKey: &key keystore.jks
        remoteRef:
          remoteKey: lets-encrypt-unifi
          property: *key