The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hyperlane-monorepo/rust/helm/hyperlane-agent/templates/external-secret.yaml

63 lines
2.2 KiB

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ include "agent-common.fullname" . }}-external-secret
labels:
{{- include "agent-common.labels" . | nindent 4 }}
annotations:
update-on-redeploy: "{{ now }}"
spec:
secretStoreRef:
name: {{ include "agent-common.cluster-secret-store.name" . }}
kind: ClusterSecretStore
refreshInterval: "1h"
# The secret that will be created
target:
name: {{ include "agent-common.fullname" . }}-secret
template:
type: Opaque
metadata:
labels:
{{- include "agent-common.labels" . | nindent 10 }}
data:
{{- if .Values.hyperlane.gelatoApiKeyRequired }}
HYP_BASE_GELATO_SPONSORAPIKEY: {{ print "'{{ .gelato_sponsor_api_key | toString }}'" }}
{{- end }}
{{- /*
* For each network, create an environment variable with the RPC endpoint.
* The templating of external-secrets will use the data section below to know how
* to replace the correct value in the created secret.
*/}}
{{- range .Values.hyperlane.chains }}
{{- if not .disabled }}
{{- if eq .connection.type "httpQuorum" }}
HYP_BASE_CHAINS_{{ .name | upper }}_CONNECTION_URLS: {{ printf "'{{ .%s_rpcs | fromJson | join \",\" }}'" .name }}
{{- else }}
HYP_BASE_CHAINS_{{ .name | upper }}_CONNECTION_URL: {{ printf "'{{ .%s_rpc | toString }}'" .name }}
{{- end }}
{{- end }}
{{- end }}
data:
{{- if .Values.hyperlane.gelatoApiKeyRequired }}
- secretKey: gelato_sponsor_api_key
remoteRef:
key: {{ printf "%s-gelato-api-key" .Values.hyperlane.runEnv }}
{{- end }}
{{- /*
* For each network, load the secret in GCP secret manager with the form: environment-rpc-endpoint-network,
* and associate it with the secret key networkname_rpc.
*/}}
{{- range .Values.hyperlane.chains }}
{{- if not .disabled }}
{{- if eq .connection.type "httpQuorum" }}
- secretKey: {{ printf "%s_rpcs" .name }}
remoteRef:
key: {{ printf "%s-rpc-endpoints-%s" $.Values.hyperlane.runEnv .name }}
{{- else }}
- secretKey: {{ printf "%s_rpc" .name }}
remoteRef:
key: {{ printf "%s-rpc-endpoint-%s" $.Values.hyperlane.runEnv .name }}
{{- end }}
{{- end }}
{{- end }}