apiVersion: v1
kind: Secret
metadata:
  name: {{ template "operator.fullname" . }}-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "operator.fullname" . }}
  annotations:
    "helm.sh/resource-policy": keep
    # The following annotation indicates that Cloudflare credentials are managed externally by Ansible
    "container-mom.io/externally-managed-credentials": "true"
type: Opaque
stringData:
  MONGODB_URI: "mongodb+srv://pfeifferj:4971AkAr80oxoQL7@dev.47yp0.mongodb.net/container-mom?ssl=true"
  STRIPE_SECRET_KEY: "{{ .Values.secrets.stripeSecretKey | default "sk_test_placeholder" }}"
  STRIPE_WEBHOOK_SECRET: "{{ .Values.secrets.stripeWebhookSecret | default "whsec_placeholder" }}"
  AUTH0_CLIENT_ID: "{{ .Values.secrets.auth0ClientId | default "auth0_client_id_placeholder" }}"
  AUTH0_CLIENT_SECRET: "{{ .Values.secrets.auth0ClientSecret | default "auth0_client_secret_placeholder" }}"
  AUTH0_SECRET: "{{ .Values.secrets.auth0Secret | default "auth0_secret_placeholder" }}"
  CLUSTER_EUW_TOKEN: "{{ .Values.secrets.clusterEuwToken | default "cluster_euw_token_placeholder" }}"
  CLUSTER_NAE_TOKEN: "{{ .Values.secrets.clusterNaeToken | default "cluster_nae_token_placeholder" }}"
  CLUSTER_EUNE_TOKEN: "{{ .Values.secrets.clusterEuneToken | default "cluster_eune_token_placeholder" }}"
  # Note: Cloudflare credentials (CLOUDFLARE_API_TOKEN, CLOUDFLARE_ZONE_ID, OPENSHIFT_ROUTER_URL)
  # are managed by Ansible and stored in a separate secret named "cloudflare-credentials"