hyperlane-monorepo/rust/helm/hyperlane-agent/templates/validator-external-secret.yaml

{{- if .Values.hyperlane.validator.enabled }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: {{ include "agent-common.fullname" . }}-validator-external-secret
  labels:
    {{- include "agent-common.labels" . | nindent 4 }}
  annotations:
    update-on-redeploy: "{{ now }}"
spec:
  secretStoreRef:
    name: {{ include "agent-common.secret-store.name" . }}
    kind: {{ .Values.externalSecrets.storeType }}
  refreshInterval: "1h"
  # The secret that will be created
  target:
    name: {{ include "agent-common.fullname" . }}-validator-secret
    template:
      type: Opaque
      metadata:
        labels:
          {{- include "agent-common.labels" . | nindent 10 }}
      data:
{{ $index := 0 }}
{{- range .Values.hyperlane.validator.configs }}
        validator-{{ $index }}.env: |
          {{- if eq .validator.type "hexKey" }}
          HYP_VALIDATOR_KEY={{ printf "'{{ .signer_key_%d | toString }}'" $index }}
          HYP_CHAINS_{{ .originChainName | upper }}_SIGNER_KEY={{ printf "'{{ .signer_key_%d | toString }}'" $index }}
          {{- end }}
          {{- if or (eq .checkpointSyncer.type "s3") $.Values.hyperlane.aws }}
          AWS_ACCESS_KEY_ID={{ printf "'{{ .aws_access_key_id_%d | toString }}'" $index }}
          AWS_SECRET_ACCESS_KEY={{ printf "'{{ .aws_secret_access_key_%d | toString }}'" $index }}
          {{- end }}
{{ $index = add1 $index }}
{{- end }}
  data:
{{ $index = 0 }}
{{- range .Values.hyperlane.validator.configs }}
{{- if eq .validator.type "hexKey" }}
  - secretKey: signer_key_{{ $index }}
    remoteRef:
      key: {{ printf "%s-%s-key-%s-validator-%d" $.Values.hyperlane.context $.Values.hyperlane.runEnv .originChainName $index }}
      property: privateKey
{{- end }}
{{- if or (eq .checkpointSyncer.type "s3") $.Values.hyperlane.aws }}
  - secretKey: aws_access_key_id_{{ $index }}
    remoteRef:
      key: {{ printf "%s-%s-%s-validator-%d-aws-access-key-id" $.Values.hyperlane.context $.Values.hyperlane.runEnv .originChainName $index }}
  - secretKey: aws_secret_access_key_{{ $index }}
    remoteRef:
      key: {{ printf "%s-%s-%s-validator-%d-aws-secret-access-key" $.Values.hyperlane.context $.Values.hyperlane.runEnv .originChainName $index }}
{{- end }}
{{ $index = add1 $index }}
{{- end }}
{{- end }}