{% raw %}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: anchore-access-credentials
  namespace: security
spec:
  refreshInterval: 1m
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: anchore-access-credentials
    template:

      data:
        ANCHORE_ADMIN_USERNAME: >-
          {{ printf "{{ .username | toString }}" }}
        ANCHORE_ADMIN_PASSWORD: >-
          {{ printf "{{ .password | toString }}" }}
        ANCHORE_DB_PASSWORD: >-
          {{ printf "{{ .dbPassword | toString }}" }}
        db-url: >-
          {{ printf "{{ .dbUrl | toString }}" }}
        db-user: >-
          {{ printf "{{ .dbUser | toString }}" }}
        postgres-password: >-
          {{ printf "{{ .postgresPassword | toString }}" }}

  data:
    - secretKey: password
      remoteRef:
        key: anchore-engine
        property: ANCHORE_ADMIN_PASSWORD
    - secretKey: username
      remoteRef:
        key: anchore-engine
        property: ANCHORE_ADMIN_USERNAME
    - secretKey: dbPassword
      remoteRef:
        key: anchore-engine
        property: ANCHORE_DB_PASSWORD
    - secretKey: dbUrl
      remoteRef:
        key: anchore-engine
        property: db-url
    - secretKey: dbUser
      remoteRef:
        key: anchore-engine
        property: db-user
    - secretKey: postgresPassword
      remoteRef:
        key: anchore-engine
        property: postgres-password
{% endraw %}