apiVersion: external-secrets.io/v1alpha1 kind: ExternalSecret metadata: name: {{ include "optics-agent.fullname" . }}-updater-external-secret labels: {{- include "optics-agent.labels" . | nindent 4 }} spec: secretStoreRef: name: {{ include "optics-agent.cluster-secret-store.name" . }} kind: ClusterSecretStore refreshInterval: "1h" # The secret that will be created target: name: {{ include "optics-agent.fullname" . }}-updater-secret template: type: Opaque metadata: labels: {{- include "optics-agent.labels" . | nindent 10 }} data: {{- if not (hasKey .Values.optics.updater.attestationSigner "aws") }} OPT_BASE_UPDATER_KEY: {{ print "'{{ .attestation_signer_hex_key | toString }}'" }} {{- end }} {{- range .Values.optics.updater.transactionSigners }} {{- if .hexKey }} OPT_BASE_SIGNERS_{{ .name | upper }}_KEY: {{ printf "'{{ .transaction_signer_%s_key | toString }}'" .name }} {{- end }} {{- end }} data: {{- if not (hasKey .Values.optics.updater.attestationSigner "aws") }} - secretKey: attestation_signer_hex_key remoteRef: key: {{ printf "optics-key-%s-%s-updater-attestation" .Values.optics.runEnv .Values.optics.homeChain.name }} property: privateKey {{- end }} {{- range .Values.optics.updater.transactionSigners }} {{- if .hexKey }} - secretKey: {{ printf "transaction_signer_%s_key" .name }} remoteRef: key: {{ printf "optics-key-%s-updater-signer" $.Values.optics.runEnv }} property: privateKey {{- end }} {{- end }}