domain-incoming/apps/infisical/secret.tf

resource "kubectl_manifest" "secret" {
  ignore_fields = ["metadata.annotations"]
  yaml_body  = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      forceRegenerate: false
      data:
        MONGO_URL: "${module.mongo.url}"
      fields:
      - fieldName: "JWT_SIGNUP_SECRET"
        length: "32"
      - fieldName: "JWT_SERVICE_SECRET"
        length: "32"
      - fieldName: "JWT_REFRESH_SECRET"
        length: "32"
      - fieldName: "JWT_PROVIDER_AUTH_SECRET"
        length: "32"
      - fieldName: "JWT_MFA_SECRET"
        length: "32"
      - fieldName: "JWT_AUTH_SECRET"
        length: "32"
      - fieldName: "ENCRYPTION_KEY"
        length: "32"
      - fieldName: "AUTH_SECRET"
        length: "32"
  EOF
}