apiVersion: v1
kind: Secret
metadata:
  name: gohoarder-git-credentials
  namespace: default
type: Opaque
stringData:
  credentials.json: |
    {
      "credentials": [
        {
          "pattern": "github.com/mycompany/*",
          "host": "github.com",
          "username": "oauth2",
          "token": "ghp_REPLACE_WITH_YOUR_GITHUB_TOKEN",
          "fallback": false
        },
        {
          "pattern": "github.com/external-vendor/*",
          "host": "github.com",
          "username": "oauth2",
          "token": "ghp_REPLACE_WITH_VENDOR_TOKEN",
          "fallback": false
        },
        {
          "pattern": "gitlab.com/backend-team/*",
          "host": "gitlab.com",
          "username": "oauth2",
          "token": "glpat_REPLACE_WITH_GITLAB_TOKEN",
          "fallback": false
        },
        {
          "pattern": "*",
          "host": "*",
          "username": "oauth2",
          "token": "ghp_REPLACE_WITH_DEFAULT_READONLY_TOKEN",
          "fallback": true
        }
      ]
    }
---
# Example using External Secrets Operator (ESO)
# Uncomment and configure if you're using ESO
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
#   name: gohoarder-git-credentials
#   namespace: default
# spec:
#   refreshInterval: 1h
#   secretStoreRef:
#     name: vault-backend  # Your SecretStore name
#     kind: SecretStore
#   target:
#     name: gohoarder-git-credentials
#     creationPolicy: Owner
#   data:
#   - secretKey: credentials.json
#     remoteRef:
#       key: secret/gohoarder/git-credentials
#       property: credentials.json