# SOPS Secret Template
# Use this template for creating encrypted secrets

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
  namespace: app-namespace
type: Opaque
data:
  # These fields will be encrypted by SOPS
  # Replace with actual base64-encoded values before encryption
  DATABASE_PASSWORD: <REPLACE_WITH_BASE64_ENCODED_PASSWORD>
  S3_ACCESS_KEY: <REPLACE_WITH_BASE64_ENCODED_KEY>
  S3_SECRET_KEY: <REPLACE_WITH_BASE64_ENCODED_SECRET>
  REDIS_PASSWORD: <REPLACE_WITH_BASE64_ENCODED_PASSWORD>

---
# ConfigMap for non-sensitive configuration
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
  namespace: app-namespace
data:
  # Database connection
  DATABASE_HOST: "postgresql-shared-rw.postgresql-system.svc.cluster.local"
  DATABASE_PORT: "5432"
  DATABASE_NAME: "app_database"
  
  # Redis connection
  REDIS_HOST: "redis-ha-haproxy.redis-system.svc.cluster.local"
  REDIS_PORT: "6379"
  
  # S3 storage configuration
  S3_BUCKET: "app-bucket"
  S3_REGION: "<REPLACE_WITH_S3_REGION>"
  S3_ENDPOINT: "<REPLACE_WITH_S3_ENDPOINT>"
  S3_CDN_URL: "<REPLACE_WITH_CDN_URL>"
  
  # Application settings
  APP_ENV: "production"
  APP_DEBUG: "false"

# SOPS encryption commands:
# sops -e -i this-file.yaml
# sops this-file.yaml  # to edit
# sops -d this-file.yaml | kubectl apply -f -  # to apply