{{- if .Values.hyperlane.validator.enabled }} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ include "agent-common.fullname" . }}-validator-external-secret labels: {{- include "agent-common.labels" . | nindent 4 }} annotations: update-on-redeploy: "{{ now }}" spec: secretStoreRef: name: {{ include "agent-common.cluster-secret-store.name" . }} kind: ClusterSecretStore refreshInterval: "1h" # The secret that will be created target: name: {{ include "agent-common.fullname" . }}-validator-secret template: type: Opaque metadata: labels: {{- include "agent-common.labels" . | nindent 10 }} data: {{ $index := 0 }} {{- range .Values.hyperlane.validator.configs }} validator-{{ $index }}.env: | {{- if eq .validator.type "hexKey" }} HYP_VALIDATOR_VALIDATOR_KEY={{ printf "'{{ .signer_key_%d | toString }}'" $index }} {{- end }} {{- if or (eq .checkpointSyncer.type "s3") $.Values.hyperlane.aws }} AWS_ACCESS_KEY_ID={{ printf "'{{ .aws_access_key_id_%d | toString }}'" $index }} AWS_SECRET_ACCESS_KEY={{ printf "'{{ .aws_secret_access_key_%d | toString }}'" $index }} {{- end }} {{ $index = add1 $index }} {{- end }} data: {{ $index := 0 }} {{- range .Values.hyperlane.validator.configs }} {{- if eq .validator.type "hexKey" }} - secretKey: signer_key_{{ $index }} remoteRef: key: {{ printf "%s-%s-key-%s-validator-%d" $.Values.hyperlane.context $.Values.hyperlane.runEnv .originChainName $index }} property: privateKey {{- end }} {{- if or (eq .checkpointSyncer.type "s3") $.Values.hyperlane.aws }} - secretKey: aws_access_key_id_{{ $index }} remoteRef: key: {{ printf "%s-%s-%s-validator-%d-aws-access-key-id" $.Values.hyperlane.context $.Values.hyperlane.runEnv .originChainName $index }} - secretKey: aws_secret_access_key_{{ $index }} remoteRef: key: {{ printf "%s-%s-%s-validator-%d-aws-secret-access-key" $.Values.hyperlane.context $.Values.hyperlane.runEnv .originChainName $index }} {{- end }} {{ $index = add1 $index }} {{- end }} {{- end }}