The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hyperlane-monorepo/rust/helm/optics-agent/templates/external-secret.yaml

56 lines
2.1 KiB

apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: {{ include "optics-agent.fullname" . }}-external-secret
labels:
{{- include "optics-agent.labels" . | nindent 4 }}
spec:
secretStoreRef:
name: {{ include "optics-agent.cluster-secret-store.name" . }}
kind: ClusterSecretStore
refreshInterval: "1h"
# The secret that will be created
target:
name: {{ include "optics-agent.fullname" . }}-secret
template:
type: Opaque
metadata:
labels:
{{- include "optics-agent.labels" . | nindent 10 }}
data:
{{- if .Values.optics.aws }}
AWS_ACCESS_KEY_ID: {{ print "'{{ .aws_access_key_id | toString }}'" }}
AWS_SECRET_ACCESS_KEY: {{ print "'{{ .aws_secret_access_key | toString }}'" }}
{{- end }}
{{/* RPC URLs */}}
OPT_BASE_HOME_CONNECTION_URL: {{ print "'{{ .home_rpc | toString }}'" }}
{{/*
* For each network, create an environment variable with the RPC endpoint.
* The templating of external-secrets will use the data section below to know how
* to replace the correct value in the created secret.
*/}}
{{- range .Values.optics.replicaChains }}
OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL: {{ printf "'{{ .%s_rpc | toString }}'" .name }}
{{- end }}
data:
{{- if .Values.optics.aws }}
- secretKey: aws_access_key_id
remoteRef:
key: {{ printf "%s-aws-access-key-id" .Values.optics.runEnv }}
- secretKey: aws_secret_access_key
remoteRef:
key: {{ printf "%s-aws-secret-access-key" .Values.optics.runEnv }}
{{- end }}
- secretKey: home_rpc
remoteRef:
key: {{ printf "%s-rpc-endpoint-%s" .Values.optics.runEnv .Values.optics.homeChain.name }}
{{/*
* For each network, load the secret in GCP secret manager with the form: environment-rpc-endpoint-network,
* and associate it with the secret key networkname_rpc.
*/}}
{{- range .Values.optics.replicaChains }}
- secretKey: {{ printf "%s_rpc" .name }}
remoteRef:
key: {{ printf "%s-rpc-endpoint-%s" $.Values.optics.runEnv .name }}
{{- end }}