---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: authentik
  namespace: security
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: authentik-secret
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        authentik_secret_key: "{{ .authentik_secret_key }}"
        authentik_email_host: "{{ .authentik_email_host }}"
        authentik_email_username: "{{ .authentik_email_username }}"
        authentik_email_password: "{{ .mailgun_authentik_smtp_password }}"
        authentik_email_from: "{{ .authentik_email_from }}"
  dataFrom:
    - extract:
        key: Authentik
      rewrite:
        - regexp:
            source: "(.*)"
            target: "authentik_$1"
    - extract:
        key: mailgun
      rewrite:
        - regexp:
            source: "(.*)"
            target: "mailgun_$1"