---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
  name: vso-auth
  namespace: storage
spec:
  method: kubernetes
  mount: kubernetes
  kubernetes:
    role: vso
    serviceAccount: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: seaweedfs-s3-credentials
  namespace: storage
spec:
  vaultAuthRef: vso-auth
  mount: secret
  type: kv-v2
  path: seaweedfs
  refreshAfter: 30s
  destination:
    name: seaweedfs-s3-credentials
    create: true
    overwrite: true
    transformation:
      excludeRaw: true
      templates:
        S3_ACCESS_KEY:
          text: "{{ index .Secrets \"access-key\" }}"
        S3_SECRET_KEY:
          text: "{{ index .Secrets \"secret-key\" }}"
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: seaweedfs-s3-json
  namespace: storage
spec:
  vaultAuthRef: vso-auth
  mount: secret
  type: kv-v2
  path: seaweedfs
  refreshAfter: 30s
  destination:
    name: seaweedfs-s3-json
    create: true
    overwrite: true
    transformation:
      excludeRaw: true
      templates:
        "s3.json":
          text: '{"identities":[{"name":"seaweed","credentials":[{"accessKey":"{{ index .Secrets "access-key" }}","secretKey":"{{ index .Secrets "secret-key" }}"}],"actions":["Admin","Read","Write","List","Tagging"]}]}'