auricom-home-cluster/kubernetes/apps/database/crunchy-postgres-operator/cluster/externalsecret.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: crunchy-postgres
spec:
  refreshInterval: 5m
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: crunchy-postgres-secret
    template:
      engineVersion: v2
      data:
        s3.conf: |
          [global]
          repo1-s3-key={{ .CRUNCHY_POSTGRES_S3_ACCESS_KEY }}
          repo1-s3-key-secret={{ .CRUNCHY_POSTGRES_S3_SECRET_KEY }}
        encryption.conf: |
          [global]
          repo1-cipher-pass={{ .CRUNCHY_POSTGRES_BACKUP_ENCRYPTION_CIPHER }}
  dataFrom:
    - extract:
        key: crunchy-postgres