apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: woodpecker-secrets
  namespace: woodpecker
spec:
  provider: azure
  secretObjects:
    - secretName: woodpecker-secret
      type: Opaque
      data:
        - objectName: woodpecker-gitea-client
          key: WOODPECKER_GITEA_CLIENT
        - objectName: woodpecker-gitea-secret
          key: WOODPECKER_GITEA_SECRET
        - objectName: woodpecker-agent-secret
          key: WOODPECKER_AGENT_SECRET
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"
    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"     # client_id of the user-assigned managed identity
    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"                   # client_id of the user-assigned managed identity
    keyvaultName: "dev-aks"
    objects: |
      array:
        - |
          objectName: woodpecker-gitea-client
          objectType: secret
        - |
          objectName: woodpecker-gitea-secret
          objectType: secret
        - |
          objectName: woodpecker-agent-secret
          objectType: secret
    tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"