# Runtime secret placeholder for the self-hosted Apple MDM substrate.
#
# OnePasswordItem operator syncs this item into a Kubernetes Secret with the
# same name. Expected fields for MDM-N1:
#   NANOHUB_API_KEY
#
# Optional fields for later lanes:
#   NANOHUB_WEBHOOK_URL
#   APNS_MDM_CERT_PEM
#   APNS_MDM_KEY_PEM
#   APNS_MDM_TOPIC
#   SCEP_CA_CERT_PEM
#   SCEP_CA_KEY_PEM
#   PROFILE_SIGNING_CERT_PEM
#   PROFILE_SIGNING_KEY_PEM
#
# Do not commit APNs, SCEP, profile-signing, webhook, or API key material to
# Git. MDM-N1 only consumes NANOHUB_API_KEY and optional NANOHUB_WEBHOOK_URL.
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: fc-apple-mdm-runtime
  namespace: fc-apple-mdm
  labels:
    app.kubernetes.io/name: fc-apple-mdm
    app.kubernetes.io/component: secrets
    app.kubernetes.io/part-of: flowercore
    app.kubernetes.io/managed-by: argocd
    flowercore.io/tenant-id: system
    flowercore.io/created-by: bluejay-infra
spec:
  itemPath: "vaults/IAmWorkin/items/FlowerCore Apple MDM Runtime"