valinor/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: grafana-secrets
  namespace: monitoring
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: grafana-secrets
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ .auth0_generic_client_id }}"
        GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .auth0_generic_client_secret }}"
        GF_AUTH_GENERIC_OAUTH_AUTH_URL: "{{ .auth0_hsn_domain }}/authorize"
        GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "{{ .auth0_hsn_domain }}/oauth/token"
        GF_AUTH_GENERIC_OAUTH_API_URL: "{{ .auth0_hsn_domain }}/userinfo"
  dataFrom:
    - extract:
        key: auth0
      rewrite:
        - regexp:
            source: "(.*)"
            target: "auth0_$1"