---
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
  name: homelab-sslcert-secrets
  namespace: infisical
  labels:
    label-to-be-passed-to-managed-secret: homelab
  annotations:
    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
spec:
  hostAPI: https://app.infisical.com/api
  resyncInterval: 10
  authentication:
    # Universal Auth
    universalAuth:
      secretsScope:
        projectSlug: homelab-n-f-yj
        envSlug: prod
        secretsPath: "/homelab" # Root is "/"
        recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
      credentialsRef:
        secretName: universal-auth-credentials
        secretNamespace: infisical
  managedSecretReference:
    secretName: infisical-self-signed-cert
    secretNamespace: homelab
    creationPolicy: "Orphan" ## Owner | Orphan
    secretType: kubernetes.io/tls
    template:
      data:
        tls.crt: "{{ .TLS_CERT.Value }}"
        tls.key: "{{ .TLS_KEY.Value }}"