apiVersion: external-secrets.io/v1alpha1 kind: ExternalSecret metadata: name: {{ include "optics-agent.fullname" . }}-external-secret labels: {{- include "optics-agent.labels" . | nindent 4 }} spec: secretStoreRef: name: {{ include "optics-agent.cluster-secret-store.name" . }} kind: ClusterSecretStore refreshInterval: "1h" # The secret that will be created target: name: {{ include "optics-agent.fullname" . }}-secret template: type: Opaque metadata: labels: {{- include "optics-agent.labels" . | nindent 10 }} data: {{- if .Values.optics.aws }} AWS_ACCESS_KEY_ID: {{ print "'{{ .aws_access_key_id | toString }}'" }} AWS_SECRET_ACCESS_KEY: {{ print "'{{ .aws_secret_access_key | toString }}'" }} {{- end }} {{/* RPC URLs */}} OPT_BASE_HOME_CONNECTION_URL: {{ print "'{{ .home_rpc | toString }}'" }} {{/* * For each network, create an environment variable with the RPC endpoint. * The templating of external-secrets will use the data section below to know how * to replace the correct value in the created secret. */}} {{- range .Values.optics.replicaChains }} OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL: {{ printf "'{{ .%s_rpc | toString }}'" .name }} {{- end }} data: {{- if .Values.optics.aws }} - secretKey: aws_access_key_id remoteRef: key: {{ printf "%s-aws-access-key-id" .Values.optics.runEnv }} - secretKey: aws_secret_access_key remoteRef: key: {{ printf "%s-aws-secret-access-key" .Values.optics.runEnv }} {{- end }} - secretKey: home_rpc remoteRef: key: {{ printf "%s-rpc-endpoint-%s" .Values.optics.runEnv .Values.optics.homeChain.name }} {{/* * For each network, load the secret in GCP secret manager with the form: environment-rpc-endpoint-network, * and associate it with the secret key networkname_rpc. */}} {{- range .Values.optics.replicaChains }} - secretKey: {{ printf "%s_rpc" .name }} remoteRef: key: {{ printf "%s-rpc-endpoint-%s" $.Values.optics.runEnv .name }} {{- end }}