From 0f4f0b09fb5491f6af79032c34b63f19090b6aa5 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Mar 2026 22:42:05 +0000
Subject: [PATCH] fix: Add Rancher DB password ExternalSecret

---
 .../addons/rancher/kustomization.yaml         |  1 +
 .../rancher-db-password-externalsecret.yaml   | 21 +++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 infrastructure/addons/rancher/rancher-db-password-externalsecret.yaml

diff --git a/infrastructure/addons/rancher/kustomization.yaml b/infrastructure/addons/rancher/kustomization.yaml
index d52d44a..704e6b2 100644
--- a/infrastructure/addons/rancher/kustomization.yaml
+++ b/infrastructure/addons/rancher/kustomization.yaml
@@ -5,4 +5,5 @@ resources:
   - helmrepository-rancher.yaml
   - helmrelease-rancher.yaml
   - rancher-bootstrap-password-externalsecret.yaml
+  - rancher-db-password-externalsecret.yaml
   - rancher-tailscale-service.yaml
diff --git a/infrastructure/addons/rancher/rancher-db-password-externalsecret.yaml b/infrastructure/addons/rancher/rancher-db-password-externalsecret.yaml
new file mode 100644
index 0000000..106037e
--- /dev/null
+++ b/infrastructure/addons/rancher/rancher-db-password-externalsecret.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: rancher-db-password
+  namespace: cattle-system
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: doppler-hetznerterra
+    kind: ClusterSecretStore
+  target:
+    name: rancher-db-password
+    creationPolicy: Owner
+    template:
+      type: Opaque
+      data:
+        password: "{{ .RANCHER_DB_PASSWORD }}"
+  data:
+    - secretKey: RANCHER_DB_PASSWORD
+      remoteRef:
+        key: RANCHER_DB_PASSWORD