{{- if .Values.hyperlane.relayer.enabled }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: {{ include "agent-common.fullname" . }}-relayer-external-secret
  labels:
    {{- include "agent-common.labels" . | nindent 4 }}
  annotations:
    update-on-redeploy: "{{ now }}"
spec:
  secretStoreRef:
    name: {{ include "agent-common.secret-store.name" . }}
    kind: {{ .Values.externalSecrets.storeType }}
  refreshInterval: "1h"
  # The secret that will be created
  target:
    name: {{ include "agent-common.fullname" . }}-relayer-secret
    template:
      type: Opaque
      metadata:
        labels:
          {{- include "agent-common.labels" . | nindent 10 }}
      data:
        {{- range .Values.hyperlane.relayerChains }}
        {{- if or (eq .signer.type "hexKey") (eq .signer.type "cosmosKey") }}
        HYP_CHAINS_{{ .name | upper }}_SIGNER_KEY: {{ printf "'{{ .%s_signer_key | toString }}'" .name }}
        {{- include "agent-common.config-env-vars" (dict "config" .signer "format" "config_map" "key_name_prefix" (printf "CHAINS_%s_SIGNER_" (.name | upper))) | nindent 8 }}
        {{- end }}
        {{- if and (eq .signer.type "aws") $.Values.hyperlane.relayer.aws }}
        HYP_CHAINS_{{ .name | upper }}_SIGNER_TYPE: aws
        HYP_CHAINS_{{ .name | upper }}_SIGNER_ID: {{ .signer.id }}
        HYP_CHAINS_{{ .name | upper }}_SIGNER_REGION: {{ .signer.region}}
        {{- end }}
        {{- end }}
        {{- if .Values.hyperlane.relayer.aws }}
        AWS_ACCESS_KEY_ID: {{ print "'{{ .aws_access_key_id | toString }}'" }}
        AWS_SECRET_ACCESS_KEY: {{ print "'{{ .aws_secret_access_key | toString }}'" }}
        {{- end }}
  data:
  {{- range .Values.hyperlane.relayerChains }}
  {{- if or (eq .signer.type "hexKey") (eq .signer.type "cosmosKey") }}
  - secretKey: {{ printf "%s_signer_key" .name }}
    remoteRef:
  {{- if $.Values.hyperlane.relayer.usingDefaultSignerKey }}
      key: {{ printf "%s-%s-key-relayer" $.Values.hyperlane.context $.Values.hyperlane.runEnv }}
  {{- else }}
      key: {{ printf "%s-%s-key-%s-relayer" $.Values.hyperlane.context $.Values.hyperlane.runEnv .name }}
  {{- end }}
      property: privateKey
  {{- end }}
  {{- end }}
  {{- if .Values.hyperlane.relayer.aws }}
  - secretKey: aws_access_key_id
    remoteRef:
      key: {{ printf "%s-%s-relayer-aws-access-key-id" .Values.hyperlane.context .Values.hyperlane.runEnv }}
  - secretKey: aws_secret_access_key
    remoteRef:
      key: {{ printf "%s-%s-relayer-aws-secret-access-key" .Values.hyperlane.context .Values.hyperlane.runEnv }}
  {{- end }}
{{- end }}