From a55400a0ba27bf9bae26497ec0a2499ca764926b Mon Sep 17 00:00:00 2001
From: William P <me@williamtpeebles.com>
Date: Fri, 6 Mar 2026 14:12:20 -0500
Subject: [PATCH] attic: try to use postgres

---
 attic/db_auth.yaml    | 24 ++++++++++++++++++++++++
 attic/deployment.yaml |  2 ++
 2 files changed, 26 insertions(+)
 create mode 100644 attic/db_auth.yaml

diff --git a/attic/db_auth.yaml b/attic/db_auth.yaml
new file mode 100644
index 0000000..ef29228
--- /dev/null
+++ b/attic/db_auth.yaml
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: attic-db-auth
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: attic_pw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    template:
+      data:
+        ATTIC_SERVER_DATABASE_URL: "postgres://attic:{{ .password }}@pooler-weyma-rw.cloudnativepg.svc.cluster.local/attic"
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: attic-db-auth
diff --git a/attic/deployment.yaml b/attic/deployment.yaml
index 08a292a..b54647e 100644
--- a/attic/deployment.yaml
+++ b/attic/deployment.yaml
@@ -18,6 +18,8 @@ spec:
         envFrom:
         - secretRef:
             name: attic-secret
+        - secretRef:
+            name: attic-db-auth
         - secretRef:
             name: attic-bucket
         volumeMounts: