{{- if (include "backend.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "backend.secretName" . }}
  labels: {{- include "common.labels.standard" . | nindent 4 }}
  {{- if .Values.commonLabels }}
  {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- end }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
type: Opaque
data:
  {{- if and (.Values.backend.password) (not .Values.backend.existingSecret) }}
  backend-password: {{ .Values.backend.password | b64enc | quote }}
  {{- else if not .Values.backend.existingSecret }}
  backend-password: {{ randAlphaNum 10 | b64enc | quote }}
  {{- end }}
  {{- if and (.Values.backend.smtp.password) (.Values.backend.smtp.enabled) (not .Values.backend.smtp.existingSecret) }}
  smtp-password: {{ .Values.backend.smtp.password | b64enc | quote }}
  {{- end }}
  {{- if .Values.backend.oidc.clientSecret }}
  oidc-client-secret: {{ .Values.backend.oidc.clientSecret | b64enc | quote }}
  {{- end }}
{{- end }}