---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: immich-password
  namespace: immich
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
  name: immich
  namespace: immich
spec:
  method: kubernetes
  mount: kubernetes
  kubernetes:
    role: immich
    serviceAccount: immich-password
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: immich-db
  namespace: immich
spec:
  type: kv-v2

  mount: secret
  path: immich-db

  destination:
    create: true
    name: immich-db-immich
    type: kubernetes.io/basic-auth
    transformation:
      excludeRaw: true

  vaultAuthRef: immich