apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: gitea-registry
  namespace: gateway-cert-operator-system
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: gitea-registry
    creationPolicy: Owner
    template:
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: "{{ .token }}"
  data:
    - secretKey: token
      remoteRef:
        key: k8s_home/gitea/container-registry
        property: token