apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: cluster-user-auth
  namespace: flux-system
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: doppler-hetznerterra
    kind: ClusterSecretStore
  target:
    name: cluster-user-auth
    creationPolicy: Owner
    template:
      type: Opaque
      data:
        username: "{{ .fluxAdminUsername }}"
        password: "{{ .fluxAdminPasswordHash }}"
  data:
    - secretKey: fluxAdminUsername
      remoteRef:
        key: WEAVE_GITOPS_ADMIN_USERNAME
    - secretKey: fluxAdminPasswordHash
      remoteRef:
        key: WEAVE_GITOPS_ADMIN_PASSWORD_BCRYPT_HASH