TREK/chart/templates/secret.yaml

{{- if and (not .Values.existingSecret) (not .Values.generateJwtSecret) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "trek.fullname" . }}-secret
  labels:
    app: {{ include "trek.name" . }}
type: Opaque
data:
  {{ .Values.existingSecretKey | default "JWT_SECRET" }}: {{ .Values.secretEnv.JWT_SECRET | b64enc | quote }}
  ENCRYPTION_KEY: {{ .Values.secretEnv.ENCRYPTION_KEY | b64enc | quote }}
{{- end }}

{{- if and (not .Values.existingSecret) (.Values.generateJwtSecret) }}
{{- $secretName := printf "%s-secret" (include "trek.fullname" .) }}
{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $secretName }}
  labels:
    app: {{ include "trek.name" . }}
type: Opaque
stringData:
  {{- if and $existingSecret $existingSecret.data }}
  {{ .Values.existingSecretKey | default "JWT_SECRET" }}: {{ index $existingSecret.data (.Values.existingSecretKey | default "JWT_SECRET") | b64dec }}
  ENCRYPTION_KEY: {{ index $existingSecret.data "ENCRYPTION_KEY" | b64dec }}
  {{- else }}
  {{ .Values.existingSecretKey | default "JWT_SECRET" }}: {{ randAlphaNum 32 }}
  ENCRYPTION_KEY: {{ randAlphaNum 32 }}
  {{- end }}
{{- end }}