apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: ${AKS_SERVICE_PROVIDER}
  namespace: ${AKS_NAMESPACE}
spec:
  provider: azure
  parameters:
    usePodIdentity: "false"
    clientID: "${USER_ASSIGNED_CLIENT_ID}" # Setting this to use workload identity
    keyvaultName: ${KEYVAULT_NAME}       # Set to the name of your key vault
    cloudName: ""                         # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud
    objects: |
      array:
        - |
          objectName: EDCMYSQLHOST
          objectType: secret
        - |
          objectName: EDCMYSQLUSER
          objectType: secret
        - |
          objectName: EDCMYSQLPASS
          objectType: secret
        - |
          objectName: EDCSMTPHOST
          objectType: secret
        - |
          objectName: EDCSMTPPORT
          objectType: secret
        - |
          objectName: EDCSMTPUSER
          objectType: secret
        - |
          objectName: EDCSMTPPASS
          objectType: secret
        - |
          objectName: EDCSMTPFROMEMAIL
          objectType: secret
        - |
          objectName: EDCSMTPFROMNAME
          objectType: secret

    tenantId: "${IDENTITY_TENANT}"        # The tenant ID of the key vault
  secretObjects:
    - secretName: edcenter-secret
      type: Opaque
      data:
        - key: EDCMYSQLHOST
          objectName: EDCMYSQLHOST
        - key: EDCMYSQLUSER
          objectName: EDCMYSQLUSER
        - key: EDCMYSQLPASS
          objectName: EDCMYSQLPASS
        - key: EDCSMTPHOST
          objectName: EDCSMTPHOST
        - key: EDCSMTPPORT
          objectName: EDCSMTPPORT
        - key: EDCSMTPUSER
          objectName: EDCSMTPUSER
        - key: EDCSMTPPASS
          objectName: EDCSMTPPASS
        - key: EDCSMTPFROMEMAIL
          objectName: EDCSMTPFROMEMAIL
        - key: EDCSMTPFROMNAME
          objectName: EDCSMTPFROMNAME