working on pg root password/firefly

apps/fireflyiii/db/firefly-db-secrets.yaml

@@ -0,0 +1,29 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: firefly-db-secrets
+  namespace: pg-databases
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+
+  target:
+    name: firefly-db-secrets
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        APP_DB: '{{ index . "firefly-db-username" }}'
+        APP_USER: '{{ index . "firefly-db-username" }}'
+        APP_PASSWORD: '{{ index . "firefly-db-password" }}'
+
+  data:
+    - secretKey: firefly-db-password
+      remoteRef:
+        key: firefly-db-password
+    - secretKey: firefly-db-username
+      remoteRef:
+        key: firefly-db-username

apps/fireflyiii/db/kustomization.yaml

@@ -1,11 +1,16 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- fireflysecrets.yaml
+- firefly-db-secrets.yaml
 - ../../../infrastructure/modules/postgres-app
 
 namespace: pg-databases
 
+configMapGenerator:
+- name: postgres-app-config
+  literals:
+  - APP_SECRET_NAME=firefly-db-secrets
+
 patches:
 - target:
     kind: Job

apps/fireflyiii/kustomization.yaml

@@ -8,3 +8,4 @@ resources:
 - pvc.yaml
 - service.yaml
 - db
+- fireflysecrets.yaml

infrastructure/modules/postgres-app/job.yaml

@@ -25,17 +25,17 @@ spec:
         - name: APP_DB
           valueFrom:
             secretKeyRef:
-              name: app-db-secret
+              name: $(APP_SECRET_NAME)
               key: database
         - name: APP_USER
           valueFrom:
             secretKeyRef:
-              name: app-db-secret
+              name: $(APP_SECRET_NAME)
               key: username
         - name: APP_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: app-db-secret
+              name: $(APP_SECRET_NAME)
               key: password
 
         command: