apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: azure-keyvault
  namespace: argo-events
spec:
  provider: azure
  secretObjects:
    - secretName: gitea-secrets
      type: Opaque
      data:
        - objectName: gitea-known-host
          key: GITEA_KNOWN_HOST
        - objectName: gitea-deploy-key
          key: GITEA_DEPLOY_KEY
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"
    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
    keyvaultName: "dev-aks"
    objects:  |
      array:
        - |
          objectName: gitea-known-host
          objectType: secret
        - |
          objectName: gitea-deploy-key
          objectType: secret
    tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"