apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: ansible-secrets
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: id_ed25519
      remoteRef:
        key: /metal/ssh
        property: private_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: terraform-secrets
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  target:
    template:
      engineVersion: v2
      data:
        credentials.tfrc.json: |
          {
            "credentials": {
              "app.terraform.io": {
                "token": "{{ .terraform_cloud_token }}"
              }
            }
          }
        terraform.tfvars: |
          cloudflare_email      = "{{ .cloudflare_email }}"
          cloudflare_api_key    = "{{ .cloudflare_api_key }}"
          cloudflare_account_id = "{{ .cloudflare_account_id }}"
  data:
    - secretKey: terraform_cloud_token
      remoteRef:
        key: /external/terraform-cloud
        property: token
    - secretKey: cloudflare_email
      remoteRef:
        key: /external/cloudflare
        property: email
    - secretKey: cloudflare_api_key
      remoteRef:
        key: /external/cloudflare
        property: api_key
    - secretKey: cloudflare_account_id
      remoteRef:
        key: /external/cloudflare
        property: account_id