separate cluster store secrets

kubernetes/apps/anime/radarr/app/externalsecret.yaml

@@ -4,7 +4,6 @@ apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
   name: radarr
-  namespace: anime
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -17,6 +16,26 @@ spec:
         PUSHOVER_TOKEN: "{{ .radarr_token }}"
         PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}"
         RADARR__AUTH__APIKEY: "{{ .api_key_anime }}"
+  dataFrom:
+    - extract:
+        key: pushover
+    - extract:
+        key: radarr
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: radarr
+spec:
+  secretStoreRef:
+    name: crunchy-pgo-secrets
+    kind: ClusterSecretStore
+  target:
+    name: radarr-db-secret
+    template:
+      engineVersion: v2
+      data:
         RADARR__POSTGRES__HOST: "{{ .pgbouncer-host }}"
         RADARR__POSTGRES__USER: "{{ .user }}"
         RADARR__POSTGRES__PASSWORD: "{{ .password }}"
@@ -25,7 +44,3 @@ spec:
   dataFrom:
     - extract:
         key: postgres-pguser-radarr-anime
-    - extract:
-        key: pushover
-    - extract:
-        key: radarr

kubernetes/apps/anime/radarr/app/helmrelease.yaml

@@ -45,6 +45,8 @@ spec:
             envFrom:
               - secretRef:
                   name: radarr-secret
+              - secretRef:
+                  name: radarr-db-secret
             probes:
               liveness: &probes
                 enabled: true