From 01f6b12b057a98ac370e6acd941a63ba716a2923 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20J=C3=BCrgens?= <martin.juergens@capgemini.com>
Date: Fri, 17 Nov 2023 13:00:51 +0000
Subject: [PATCH] Add functionality to externally supply sensitive values to
 Helm chart

---
 deployment/helm/templates/deployment.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/deployment/helm/templates/deployment.yaml b/deployment/helm/templates/deployment.yaml
index e02c22b..4ea1a70 100644
--- a/deployment/helm/templates/deployment.yaml
+++ b/deployment/helm/templates/deployment.yaml
@@ -52,14 +52,25 @@ spec:
             value: {{ .Values.signer.http.timeout.write | quote }}
           - name: VAULT_ADDR
             value: {{ .Values.signer.vault.addr | quote }}
+          {{- if .Values.signer.vault.token }}
           - name: VAULT_TOKEN
             value: {{ .Values.signer.vault.token | quote }}
+          {{- end }}
           - name: VAULT_SIGNING_KEY
             value: {{ .Values.signer.vault.key.signing | quote }}
           - name: VAULT_SUPPORTED_KEYS
             value: {{ .Values.signer.vault.key.supported | quote }}
           - name: CREDENTIAL_ISSUER
             value: {{ .Values.signer.credential.issuer | quote }}
+          {{- if .Values.secretEnv }}
+          {{- range $key, $value := .Values.secretEnv }}
+          - name: "{{ $key }}"
+            valueFrom:
+              secretKeyRef:
+                name: "{{ $value.name }}"
+                key: "{{ $value.key }}"
+          {{- end }}
+          {{- end }}
 {{- if .Values.extraVars }}
 {{ toYaml .Values.extraVars | indent 8 }}
 {{- end }}
-- 
GitLab