# Example secrets file - DO NOT COMMIT REAL SECRETS
# Copy this file to secrets.yaml and fill in real values
# Then use: kubectl create secret generic veza-secrets --from-env-file=secrets.yaml -n veza-production
#
# For production, consider using External Secrets Operator with Vault/AWS/GCP
# See k8s/secrets/README.md for more information

apiVersion: v1
kind: Secret
metadata:
  name: veza-secrets
  namespace: veza-production  # Change to veza-development or veza-staging as needed
type: Opaque
stringData:
  # Required secrets for all services
  database-url: "postgresql://user:password@postgres:5432/veza?sslmode=require"
  redis-url: "redis://redis:6379/0"
  jwt-secret: "your-jwt-secret-key-min-32-chars-long"
  
  # Backend API additional secrets
  stripe-api-key: "sk_live_your_stripe_api_key"
  stripe-webhook-secret: "whsec_your_webhook_secret"
  smtp-password: "your_smtp_password"
  s3-access-key: "your_aws_access_key"
  s3-secret-key: "your_aws_secret_key"

  # Chat: merged into backend-api since v0.502 (commit 05d02386d)
  # Reuses the shared JWT secret — no separate chat-server secret.

  # Stream Server secrets
  stream-server-secret: "your_stream_server_secret"