home-kubernetes/gitops/home-kubernetes/next-cloud/externalsecret.yaml

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: nextcloud-secrets
  namespace: nextcloud
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-backend  # or your store
    kind: ClusterSecretStore
  target:
    name: nextcloud-secrets
    creationPolicy: Owner
  data:
    - secretKey: nextcloud-password
      remoteRef:
        key: k8s_home/nextcloud/admin
        property: password
    - secretKey: nextcloud-username
      remoteRef:
        key: k8s_home/nextcloud/admin
        property: username
    - secretKey: db-username
      remoteRef:
        key: k8s_home/nextcloud/postgres
        property: db-username
    - secretKey: postgres-password
      remoteRef:
        key: k8s_home/nextcloud/postgres
        property: password
    - secretKey: redis-password
      remoteRef:
        key: k8s_home/nextcloud/redis
        property: password