---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: authentik-secret
  namespace: authentik
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
  name: authentik
  namespace: authentik
spec:
  method: kubernetes
  mount: kubernetes
  kubernetes:
    role: authentik
    serviceAccount: authentik-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: authentik-secret
  namespace: authentik
spec:
  type: kv-v2

  mount: secret
  path: authentik

  destination:
    create: true
    name: authentik-secret
    type: Opaque
    transformation:
      excludeRaw: true

  vaultAuthRef: authentik