The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hyperlane-monorepo/rust/helm/abacus-agent/templates/updater-external-secret.yaml

44 lines
1.6 KiB

apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: {{ include "abacus-agent.fullname" . }}-updater-external-secret
labels:
{{- include "abacus-agent.labels" . | nindent 4 }}
spec:
secretStoreRef:
name: {{ include "abacus-agent.cluster-secret-store.name" . }}
kind: ClusterSecretStore
refreshInterval: "1h"
# The secret that will be created
target:
name: {{ include "abacus-agent.fullname" . }}-updater-secret
template:
type: Opaque
metadata:
labels:
{{- include "abacus-agent.labels" . | nindent 10 }}
data:
{{- if not (hasKey .Values.abacus.updater.attestationSigner "aws") }}
OPT_BASE_UPDATER_KEY: {{ print "'{{ .attestation_signer_hex_key | toString }}'" }}
{{- end }}
{{- range .Values.abacus.updater.transactionSigners }}
{{- if .hexKey }}
OPT_BASE_SIGNERS_{{ .name | upper }}_KEY: {{ printf "'{{ .transaction_signer_%s_key | toString }}'" .name }}
{{- end }}
{{- end }}
data:
{{- if not (hasKey .Values.abacus.updater.attestationSigner "aws") }}
- secretKey: attestation_signer_hex_key
remoteRef:
key: {{ printf "abacus-key-%s-%s-updater-attestation" .Values.abacus.runEnv .Values.abacus.homeChain.name }}
property: privateKey
{{- end }}
{{- range .Values.abacus.updater.transactionSigners }}
{{- if .hexKey }}
- secretKey: {{ printf "transaction_signer_%s_key" .name }}
remoteRef:
key: {{ printf "abacus-key-%s-updater-signer" $.Values.abacus.runEnv }}
property: privateKey
{{- end }}
{{- end }}