From 1442802804c2c4be2aa3dcbcb7fbaf89a4d7201a Mon Sep 17 00:00:00 2001
From: William P <me@williamtpeebles.com>
Date: Fri, 12 Dec 2025 10:23:00 -0500
Subject: [PATCH] kite: perma config

---
 system-apps/kite/templates/secrets.yaml | 30 +++++++++++++++++++++++++
 system-apps/kite/values.yaml            |  8 +++++++
 2 files changed, 38 insertions(+)
 create mode 100644 system-apps/kite/templates/secrets.yaml

diff --git a/system-apps/kite/templates/secrets.yaml b/system-apps/kite/templates/secrets.yaml
new file mode 100644
index 0000000..0075b5d
--- /dev/null
+++ b/system-apps/kite/templates/secrets.yaml
@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: kite-secret
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: kite-secret
+    creationPolicy: Owner
+  data:
+  - secretKey: JWT_SECRET
+    remoteRef:
+      key: kite
+      property: JWT_SECRET
+  - secretKey: KITE_ENCRYPT_KEY
+    remoteRef:
+      key: kite
+      property: KITE_ENCRYPT_KEY
+  - secretKey: KITE_PASSWORD
+    remoteRef:
+      key: kite
+      property: KITE_PASSWORD
+  - secretKey: KITE_USERNAME
+    remoteRef:
+      key: kite
+      property: KITE_USERNAME
\ No newline at end of file
diff --git a/system-apps/kite/values.yaml b/system-apps/kite/values.yaml
index e494abc..6a93ca9 100644
--- a/system-apps/kite/values.yaml
+++ b/system-apps/kite/values.yaml
@@ -1,5 +1,13 @@
 kite:
   host: "https://weyma-kite.infra.dubyatp.xyz"
+  secret:
+    create: false
+    existingSecret: kite-secret
+  db:
+    sqlite:
+      persistence:
+        pvc:
+          enabled: true
   ingress:
     enabled: true
     className: "traefik"