bakery-ia/infrastructure/kubernetes/base/secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: database-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: database
type: Opaque
data:
  # Database Users (base64 encoded from .env)
  AUTH_DB_USER: YXV0aF91c2Vy  # auth_user
  TENANT_DB_USER: dGVuYW50X3VzZXI=  # tenant_user
  TRAINING_DB_USER: dHJhaW5pbmdfdXNlcg==  # training_user
  FORECASTING_DB_USER: Zm9yZWNhc3RpbmdfdXNlcg==  # forecasting_user
  SALES_DB_USER: c2FsZXNfdXNlcg==  # sales_user
  EXTERNAL_DB_USER: ZXh0ZXJuYWxfdXNlcg==  # external_user
  NOTIFICATION_DB_USER: bm90aWZpY2F0aW9uX3VzZXI=  # notification_user
  INVENTORY_DB_USER: aW52ZW50b3J5X3VzZXI=  # inventory_user
  RECIPES_DB_USER: cmVjaXBlc191c2Vy  # recipes_user
  SUPPLIERS_DB_USER: c3VwcGxpZXJzX3VzZXI=  # suppliers_user
  POS_DB_USER: cG9zX3VzZXI=  # pos_user
  ORDERS_DB_USER: b3JkZXJzX3VzZXI=  # orders_user
  PRODUCTION_DB_USER: cHJvZHVjdGlvbl91c2Vy  # production_user
  ALERT_PROCESSOR_DB_USER: YWxlcnRfcHJvY2Vzc29yX3VzZXI=  # alert_processor_user

  # Database Passwords (base64 encoded from .env)
  AUTH_DB_PASSWORD: YXV0aF9wYXNzMTIz # auth_pass123
  TENANT_DB_PASSWORD: dGVuYW50X3Bhc3MxMjM=  # tenant_pass123
  TRAINING_DB_PASSWORD: dHJhaW5pbmdfcGFzczEyMw==  # training_pass123
  FORECASTING_DB_PASSWORD: Zm9yZWNhc3RpbmdfcGFzczEyMw==  # forecasting_pass123
  SALES_DB_PASSWORD: c2FsZXNfcGFzczEyMw==  # sales_pass123
  EXTERNAL_DB_PASSWORD: ZXh0ZXJuYWxfcGFzczEyMw==  # external_pass123
  NOTIFICATION_DB_PASSWORD: bm90aWZpY2F0aW9uX3Bhc3MxMjM=  # notification_pass123
  INVENTORY_DB_PASSWORD: aW52ZW50b3J5X3Bhc3MxMjM=  # inventory_pass123
  RECIPES_DB_PASSWORD: cmVjaXBlc19wYXNzMTIz  # recipes_pass123
  SUPPLIERS_DB_PASSWORD: c3VwcGxpZXJzX3Bhc3MxMjM=  # suppliers_pass123
  POS_DB_PASSWORD: cG9zX3Bhc3MxMjM=  # pos_pass123
  ORDERS_DB_PASSWORD: b3JkZXJzX3Bhc3MxMjM=  # orders_pass123
  PRODUCTION_DB_PASSWORD: cHJvZHVjdGlvbl9wYXNzMTIz  # production_pass123
  ALERT_PROCESSOR_DB_PASSWORD: YWxlcnRfcHJvY2Vzc29yX3Bhc3MxMjM=  # alert_processor_pass123

  # Database URLs (base64 encoded)
  AUTH_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vYXV0aF91c2VyOmF1dGhfcGFzczEyM0BhdXRoLWRiLXNlcnZpY2U6NTQzMi9hdXRoX2Ri  # postgresql+asyncpg://auth_user:auth_pass123@auth-db-service:5432/auth_db
  TENANT_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vdGVuYW50X3VzZXI6dGVuYW50X3Bhc3MxMjNAdGVuYW50LWRiLXNlcnZpY2U6NTQzMi90ZW5hbnRfZGIK  # postgresql+asyncpg://tenant_user:tenant_pass123@tenant-db-service:5432/tenant_db
  TRAINING_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vdHJhaW5pbmdfdXNlcjp0cmFpbmluZ19wYXNzMTIzQHRyYWluaW5nLWRiLXNlcnZpY2U6NTQzMi90cmFpbmluZ19kYg==  # postgresql+asyncpg://training_user:training_pass123@training-db-service:5432/training_db
  FORECASTING_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vZm9yZWNhc3RpbmdfdXNlcjpmb3JlY2FzdGluZ19wYXNzMTIzQGZvcmVjYXN0aW5nLWRiLXNlcnZpY2U6NTQzMi9mb3JlY2FzdGluZ19kYg==  # postgresql+asyncpg://forecasting_user:forecasting_pass123@forecasting-db-service:5432/forecasting_db
  SALES_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vc2FsZXNfdXNlcjpzYWxlc19wYXNzMTIzQHNhbGVzLWRiLXNlcnZpY2U6NTQzMi9zYWxlc19kYg==  # postgresql+asyncpg://sales_user:sales_pass123@sales-db-service:5432/sales_db
  EXTERNAL_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vZXh0ZXJuYWxfdXNlcjpleHRlcm5hbF9wYXNzMTIzQGV4dGVybmFsLWRiLXNlcnZpY2U6NTQzMi9leHRlcm5hbF9kYg==  # postgresql+asyncpg://external_user:external_pass123@external-db-service:5432/external_db
  NOTIFICATION_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vbm90aWZpY2F0aW9uX3VzZXI6bm90aWZpY2F0aW9uX3Bhc3MxMjNAbm90aWZpY2F0aW9uLWRiLXNlcnZpY2U6NTQzMi9ub3RpZmljYXRpb25fZGI= # postgresql+asyncpg://notification_user:notification_pass123@notification-db-service:5432/notification_db
  INVENTORY_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vaW52ZW50b3J5X3VzZXI6aW52ZW50b3J5X3Bhc3MxMjNAaW52ZW50b3J5LWRiLXNlcnZpY2U6NTQzMi9pbnZlbnRvcnlfZGI=  # postgresql+asyncpg://inventory_user:inventory_pass123@inventory-db-service:5432/inventory_db
  RECIPES_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vcmVjaXBlc191c2VyOnJlY2lwZXNfcGFzczEyM0ByZWNpcGVzLWRiLXNlcnZpY2U6NTQzMi9yZWNpcGVzX2Ri  # postgresql+asyncpg://recipes_user:recipes_pass123@recipes-db-service:5432/recipes_db
  SUPPLIERS_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vc3VwcGxpZXJzX3VzZXI6c3VwcGxpZXJzX3Bhc3MxMjNAc3VwcGxpZXJzLWRiLXNlcnZpY2U6NTQzMi9zdXBwbGllcnNfZGI= # postgresql+asyncpg://suppliers_user:suppliers_pass123@suppliers-db-service:5432/suppliers_db
  POS_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vcG9zX3VzZXI6cG9zX3Bhc3MxMjNAcG9zLWRiLXNlcnZpY2U6NTQzMi9wb3NfZGI=  # postgresql+asyncpg://pos_user:pos_pass123@pos-db-service:5432/pos_db
  ORDERS_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vb3JkZXJzX3VzZXI6b3JkZXJzX3Bhc3MxMjNAb3JkZXJzLWRiLXNlcnZpY2U6NTQzMi9vcmRlcnNfZGI=  # postgresql+asyncpg://orders_user:orders_pass123@orders-db-service:5432/orders_db
  PRODUCTION_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vcHJvZHVjdGlvbl91c2VyOnByb2R1Y3Rpb25fcGFzczEyM0Bwcm9kdWN0aW9uLWRiLXNlcnZpY2U6NTQzMi9wcm9kdWN0aW9uX2Ri  # postgresql+asyncpg://production_user:production_pass123@production-db-service:5432/production_db
  ALERT_PROCESSOR_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vYWxlcnRfcHJvY2Vzc29yX3VzZXI6YWxlcnRfcHJvY2Vzc29yX3Bhc3MxMjNAYWxlcnQtcHJvY2Vzc29yLWRiLXNlcnZpY2U6NTQzMi9hbGVydF9wcm9jZXNzb3JfZGI=  # postgresql+asyncpg://alert_processor_user:alert_processor_pass123@alert-processor-db-service:5432/alert_processor_db

---
apiVersion: v1
kind: Secret
metadata:
  name: redis-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: redis
type: Opaque
data:
  REDIS_PASSWORD: cmVkaXNfcGFzczEyMw==  # redis_pass123

---
apiVersion: v1
kind: Secret
metadata:
  name: rabbitmq-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: rabbitmq
type: Opaque
data:
  RABBITMQ_USER: YmFrZXJ5  # bakery
  RABBITMQ_PASSWORD: Zm9yZWNhc3QxMjM=  # forecast123
  RABBITMQ_ERLANG_COOKIE: YmFrZXJ5LXNlY3JldC1jb29raWU=  # bakery-secret-cookie

---
apiVersion: v1
kind: Secret
metadata:
  name: jwt-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: auth
type: Opaque
data:
  JWT_SECRET_KEY: eW91ci1zdXBlci1zZWNyZXQtand0LWtleS1jaGFuZ2UtaW4tcHJvZHVjdGlvbi1taW4tMzItY2hhcmFjdGVycy1sb25n  # your-super-secret-jwt-key-change-in-production-min-32-characters-long
  JWT_REFRESH_SECRET_KEY: eW91ci1zdXBlci1zZWNyZXQtcmVmcmVzaC1qd3Qta2V5LWNoYW5nZS1pbi1wcm9kdWN0aW9uLW1pbi0zMi1jaGFyYWN0ZXJzLWxvbmc=  # your-super-secret-refresh-jwt-key-change-in-production-min-32-characters-long
  SERVICE_API_KEY: c2VydmljZS1hcGkta2V5LWNoYW5nZS1pbi1wcm9kdWN0aW9u  # service-api-key-change-in-production

---
apiVersion: v1
kind: Secret
metadata:
  name: external-api-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: external-apis
type: Opaque
data:
  AEMET_API_KEY: ZXlKaGJHY2lPaUpJVXpJMU5pSjkuZXlKemRXSWlPaUoxWVd4bVlYSnZRR2R0WVdsc0xtTnZiU0lzSW1wMGFTSTZJbVJqWldWbU5URXdMVGRtWXpFdE5HTXhOeTFoT0RaaUxXUTROemRsWkRjNVpEbGxOeUlzSW1semN5STZJa0ZGVFVWVUlpd2lhV0YwSWpveE56VXlPRE13TURnM0xDSjFjMlZ5U1dRaU9pSmtZMlZsWmpVeE1DMDNabU14TFRSak1UY3RZVGcyWkMxa09EYzNaV1EzT1dRNVpUY2lMQ0p5YjJ4bElqb2lJbjAuQzA0N2dhaUVoV2hINEl0RGdrSFN3ZzhIektUend3ODdUT1BUSTJSZ01mOGotMnc=
  MADRID_OPENDATA_API_KEY: eW91ci1tYWRyaWQtb3BlbmRhdGEta2V5LWhlcmU=  # your-madrid-opendata-key-here

---
apiVersion: v1
kind: Secret
metadata:
  name: payment-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: payments
type: Opaque
data:
  STRIPE_SECRET_KEY: c2tfdGVzdF95b3VyX3N0cmlwZV9zZWNyZXRfa2V5X2hlcmU=  # sk_test_your_stripe_secret_key_here
  STRIPE_WEBHOOK_SECRET: d2hzZWNfeW91cl9zdHJpcGVfd2ViaG9va19zZWNyZXRfaGVyZQ==  # whsec_your_stripe_webhook_secret_here

---
apiVersion: v1
kind: Secret
metadata:
  name: email-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: notifications
type: Opaque
data:
  SMTP_USER: eW91ci1lbWFpbEBnbWFpbC5jb20=  # your-email@gmail.com
  SMTP_PASSWORD: eW91ci1hcHAtc3BlY2lmaWMtcGFzc3dvcmQ=  # your-app-specific-password

---
apiVersion: v1
kind: Secret
metadata:
  name: monitoring-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: monitoring
type: Opaque
data:
  GRAFANA_ADMIN_USER: YWRtaW4=  # admin
  GRAFANA_ADMIN_PASSWORD: YWRtaW4xMjM=  # admin123
  GRAFANA_SECRET_KEY: Z3JhZmFuYS1zZWNyZXQta2V5LWNoYW5nZS1pbi1wcm9kdWN0aW9u  # grafana-secret-key-change-in-production
  PGADMIN_EMAIL: YWRtaW5AYmFrZXJ5LmxvY2Fs  # admin@bakery.local
  PGADMIN_PASSWORD: YWRtaW4xMjM=  # admin123
  REDIS_COMMANDER_USER: YWRtaW4=  # admin
  REDIS_COMMANDER_PASSWORD: YWRtaW4xMjM=  # admin123

---
apiVersion: v1
kind: Secret
metadata:
  name: pos-integration-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: pos
type: Opaque
data:
  SQUARE_ACCESS_TOKEN: eW91ci1zcXVhcmUtYWNjZXNzLXRva2Vu  # your-square-access-token
  SQUARE_WEBHOOK_SECRET: eW91ci1zcXVhcmUtd2ViaG9vay1zZWNyZXQ=  # your-square-webhook-secret
  TOAST_API_KEY: eW91ci10b2FzdC1hcGkta2V5  # your-toast-api-key
  TOAST_API_SECRET: eW91ci10b2FzdC1hcGktc2VjcmV0  # your-toast-api-secret
  TOAST_WEBHOOK_SECRET: eW91ci10b2FzdC13ZWJob29rLXNlY3JldA==  # your-toast-webhook-secret
  LIGHTSPEED_API_KEY: eW91ci1saWdodHNwZWVkLWFwaS1rZXk=  # your-lightspeed-api-key
  LIGHTSPEED_API_SECRET: eW91ci1saWdodHNwZWVkLWFwaS1zZWNyZXQ=  # your-lightspeed-api-secret
  LIGHTSPEED_WEBHOOK_SECRET: eW91ci1saWdodHNwZWVkLXdlYmhvb2stc2VjcmV0  # your-lightspeed-webhook-secret

---
apiVersion: v1
kind: Secret
metadata:
  name: whatsapp-secrets
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: notifications
type: Opaque
data:
  WHATSAPP_API_KEY: eW91ci13aGF0c2FwcC1hcGkta2V5LWhlcmU=  # your-whatsapp-api-key-here