apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: vaultwarden
  namespace: vaultwarden
spec:
  destination:
    create: true
    name: vaultwarden
  mount: kv
  path: vaultwarden/vaultwarden
  refreshAfter: 30s
  type: kv-v2
  vaultAuthRef: vault
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultDynamicSecret
metadata:
  name: postgres-vaultwarden
  namespace: vaultwarden
spec:
  allowStaticCreds: true
  destination:
    create: true
    name: postgres-vaultwarden
    transformation:
      templates:
        DATABASE_URL:
          text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/vaultwarden
  mount: database
  path: static-creds/vaultwarden
  refreshAfter: 30s
  vaultAuthRef: vault
  rolloutRestartTargets:
    - name: vaultwarden
      kind: Deployment
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: vaultwarden-keys
  namespace: vaultwarden
spec:
  destination:
    create: true
    name: vaultwarden-keys
  mount: kv
  path: vaultwarden/keys
  refreshAfter: 30s
  type: kv-v2
  vaultAuthRef: vault