{{- if .Values.abacus.validator.enabled }} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ include "abacus-agent.fullname" . }}-validator-external-secret labels: {{- include "abacus-agent.labels" . | nindent 4 }} spec: secretStoreRef: name: {{ include "abacus-agent.cluster-secret-store.name" . }} kind: ClusterSecretStore refreshInterval: "1h" # The secret that will be created target: name: {{ include "abacus-agent.fullname" . }}-validator-secret template: type: Opaque metadata: labels: {{- include "abacus-agent.labels" . | nindent 10 }} data: {{ $index := 0 }} {{- range .Values.abacus.validator.configs }} validator-{{ $index }}.env: | {{- if eq .validator.type "hexKey" }} OPT_VALIDATOR_VALIDATOR_KEY={{ printf "'{{ .signer_key_%d | toString }}'" $index }} {{- end }} {{- if or (eq .checkpointSyncer.type "s3") $.Values.abacus.aws }} AWS_ACCESS_KEY_ID={{ printf "'{{ .aws_access_key_id_%d | toString }}'" $index }} AWS_SECRET_ACCESS_KEY={{ printf "'{{ .aws_secret_access_key_%d | toString }}'" $index }} {{- end }} {{ $index = add1 $index }} {{- end }} data: {{ $index := 0 }} {{- range .Values.abacus.validator.configs }} {{- if eq .validator.type "hexKey" }} - secretKey: signer_key_{{ $index }} remoteRef: key: {{ printf "abacus-%s-key-%s-validator-%d" $.Values.abacus.runEnv $.Values.abacus.outboxChain.name $index }} property: privateKey {{- end }} {{- if or (eq .checkpointSyncer.type "s3") $.Values.abacus.aws }} - secretKey: aws_access_key_id_{{ $index }} remoteRef: key: {{ printf "abacus-%s-%s-validator-%d-aws-access-key-id" $.Values.abacus.runEnv $.Values.abacus.outboxChain.name $index }} - secretKey: aws_secret_access_key_{{ $index }} remoteRef: key: {{ printf "abacus-%s-%s-validator-%d-aws-secret-access-key" $.Values.abacus.runEnv $.Values.abacus.outboxChain.name $index }} {{- end }} {{ $index = add1 $index }} {{- end }} {{- end }}