From bbf7bd7d8b1ac2d246eed3229184ccbada7a8198 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 21 Jun 2026 17:23:50 +1000 Subject: [PATCH] feat: manage postgres-credentials for artifactapi3 pull credentials for postgres/cnpg from vault --- apps/base/artifactapi/cnpg_cluster.yaml | 2 +- apps/base/artifactapi/vaultstaticsecret.yaml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/apps/base/artifactapi/cnpg_cluster.yaml b/apps/base/artifactapi/cnpg_cluster.yaml index 91a4487..9404b7c 100644 --- a/apps/base/artifactapi/cnpg_cluster.yaml +++ b/apps/base/artifactapi/cnpg_cluster.yaml @@ -15,7 +15,7 @@ spec: localeCollate: C owner: artifacts secret: - name: postgres-password + name: postgres-credentials enablePDB: true enableSuperuserAccess: false failoverDelay: 0 diff --git a/apps/base/artifactapi/vaultstaticsecret.yaml b/apps/base/artifactapi/vaultstaticsecret.yaml index 68c1af5..b47f783 100644 --- a/apps/base/artifactapi/vaultstaticsecret.yaml +++ b/apps/base/artifactapi/vaultstaticsecret.yaml @@ -32,3 +32,20 @@ spec: refreshAfter: 5m type: kv-v2 vaultAuthRef: default +--- +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultStaticSecret +metadata: + name: postgres-credentials + namespace: puppet +spec: + destination: + create: true + name: postgres-credentials + overwrite: true + hmacSecretData: true + mount: kv + path: service/artifactapi/postgres-credentials + refreshAfter: 5m + type: kv-v2 + vaultAuthRef: default -- 2.47.3