apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: postgresql-ghcr-pull
  namespace: database
spec:
  refreshInterval: 1m
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-platform
  target:
    name: postgresql-ghcr-pull
    creationPolicy: Owner
    template:
      type: kubernetes.io/dockerconfigjson
      engineVersion: v2
      data:
        .dockerconfigjson: |
          {"auths":{"ghcr.io":{"username":"{{ .username }}","password":"{{ .token }}","auth":"{{ printf "%s:%s" .username .token | b64enc }}"}}}
  data:
    - secretKey: username
      remoteRef:
        key: kv/postgresql.svc.plus
        property: GHCR_USERNAME
    - secretKey: token
      remoteRef:
        key: kv/postgresql.svc.plus
        property: GHCR_TOKEN