{{- if .Values.abacus.checkpointer.enabled }} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ include "abacus-agent.fullname" . }}-checkpointer-external-secret labels: {{- include "abacus-agent.labels" . | nindent 4 }} spec: secretStoreRef: name: {{ include "abacus-agent.cluster-secret-store.name" . }} kind: ClusterSecretStore refreshInterval: "1h" # The secret that will be created target: name: {{ include "abacus-agent.fullname" . }}-checkpointer-secret template: type: Opaque metadata: labels: {{- include "abacus-agent.labels" . | nindent 10 }} data: {{- range .Values.abacus.checkpointer.signers }} {{- if eq .keyConfig.type "hexKey" }} OPT_BASE_SIGNERS_{{ .name | upper }}_KEY: {{ printf "'{{ .%s_signer_key | toString }}'" .name }} {{- end }} {{- end }} {{- if .Values.abacus.checkpointer.aws }} AWS_ACCESS_KEY_ID: {{ print "'{{ .aws_access_key_id | toString }}'" }} AWS_SECRET_ACCESS_KEY: {{ print "'{{ .aws_secret_access_key | toString }}'" }} {{- end }} data: {{- range .Values.abacus.checkpointer.signers }} {{- if eq .keyConfig.type "hexKey" }} - secretKey: {{ printf "%s_signer_key" .name }} remoteRef: key: {{ printf "abacus-%s-key-checkpointer" $.Values.abacus.runEnv }} property: privateKey {{- end }} {{- end }} {{- if .Values.abacus.checkpointer.aws }} - secretKey: aws_access_key_id remoteRef: key: {{ printf "abacus-%s-checkpointer-aws-access-key-id" .Values.abacus.runEnv }} - secretKey: aws_secret_access_key remoteRef: key: {{ printf "abacus-%s-checkpointer-aws-secret-access-key" .Values.abacus.runEnv }} {{- end }} {{- end }}