Skip to main content

priv/templates/helm/secret_env.yaml.eex

<%!--
  secret_env — Kubernetes Secret with env-style keys.

  Same shape as `configmap_env`, but reads the YAML file from
  `marea.d/secrets/` (kept out of git via `.gitignore`) and
  base64-encodes each value before placing it under the Secret's
  `data:` block with UPPER_CASED keys. Mount with `envFrom:` on your
  Deployment to inject the secrets as env vars in one go.

  Wiring (marea.yaml):

      releases:
        api:
          helm:
            template: secret_env.yaml
            values:
              file: api.secrets.yaml   # basename under marea.d/secrets/

  Assigns used: @name, @values["file"], @secret_files.
--%>
<%
  import Marea.Templates, only: [to_dashes: 1, yaml!: 1]
  file = Map.fetch!(@values, "file")
  data = Map.fetch!(@secret_files, file) |> yaml!()
%>
apiVersion: v1
kind: Secret
metadata:
  name: <%= to_dashes(@name) %>
data:
  <%= for {key, value} <- data do %>
  <%= String.upcase(to_string(key)) %>: '<%= Base.encode64(to_string(value)) %>'
  <% end %>