github.com/replicatedhq/ship@v0.55.0/integration/failing/init/concourse/expected/.ship/upstream/templates/secrets.yaml (about) 1 {{- if .Values.secrets.create }} 2 apiVersion: v1 3 kind: Secret 4 metadata: 5 name: {{ template "concourse.concourse.fullname" . }} 6 labels: 7 app: {{ template "concourse.concourse.fullname" . }} 8 chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 release: "{{ .Release.Name }}" 10 heritage: "{{ .Release.Service }}" 11 type: Opaque 12 data: 13 host-key: {{ .Values.secrets.hostKey | b64enc | quote }} 14 host-key-pub: {{ .Values.secrets.hostKeyPub | b64enc | quote }} 15 session-signing-key: {{ .Values.secrets.sessionSigningKey | b64enc | quote }} 16 worker-key: {{ .Values.secrets.workerKey | b64enc | quote }} 17 worker-key-pub: {{ .Values.secrets.workerKeyPub | b64enc | quote }} 18 {{- if not .Values.postgresql.enabled }} 19 postgresql-user: {{ template "concourse.secret.required" dict "key" "postgresUser" "isnt" "postgresql.enabled" "root" . }} 20 postgresql-password: {{ template "concourse.secret.required" dict "key" "postgresPassword" "isnt" "postgresql.enabled" "root" . }} 21 postgresql-ca-cert: {{ default "" .Values.secrets.postgresCaCert | b64enc | quote }} 22 postgresql-client-cert: {{ default "" .Values.secrets.postgresClientCert | b64enc | quote }} 23 postgresql-client-key: {{ default "" .Values.secrets.postgresClientKey | b64enc | quote }} 24 {{- end }} 25 {{- if .Values.concourse.web.encryption.enabled }} 26 encryption-key: {{ template "concourse.secret.required" dict "key" "encryptionKey" "is" "concourse.encryption.enabled" "root" . }} 27 old-encryption-key: {{ default "" .Values.secrets.oldEncryptionKey | b64enc | quote }} 28 {{- end }} 29 {{- if .Values.concourse.web.localAuth.enabled }} 30 local-users: {{ .Values.secrets.localUsers | b64enc | quote }} 31 {{- end }} 32 {{- if .Values.concourse.web.auth.cf.enabled }} 33 cf-client-id: {{ template "concourse.secret.required" dict "key" "cfClientId" "is" "concourse.web.auth.cf.enabled" "root" . }} 34 cf-client-secret: {{ template "concourse.secret.required" dict "key" "cfClientSecret" "is" "concourse.web.auth.cf.enabled" "root" . }} 35 cf-ca-cert: {{ default "" .Values.secrets.cfCaCert | b64enc | quote }} 36 {{- end }} 37 {{- if .Values.concourse.web.auth.github.enabled }} 38 github-client-id: {{ template "concourse.secret.required" dict "key" "githubClientId" "is" "concourse.web.auth.github.enabled" "root" . }} 39 github-client-secret: {{ template "concourse.secret.required" dict "key" "githubClientSecret" "is" "concourse.web.auth.github.enabled" "root" . }} 40 github-ca-cert: {{ default "" .Values.secrets.githubCaCert | b64enc | quote }} 41 {{- end }} 42 {{- if .Values.concourse.web.auth.gitlab.enabled }} 43 gitlab-client-id: {{ template "concourse.secret.required" dict "key" "gitlabClientId" "is" "concourse.web.auth.gitlab.enabled" "root" . }} 44 gitlab-client-secret: {{ template "concourse.secret.required" dict "key" "gitlabClientSecret" "is" "concourse.web.auth.gitlab.enabled" "root" . }} 45 {{- end }} 46 {{- if .Values.concourse.web.auth.ldap.enabled }} 47 ldap-ca-cert: {{ default "" .Values.secrets.ldapCaCert | b64enc | quote }} 48 {{- end }} 49 {{- if .Values.concourse.web.auth.oauth.enabled }} 50 oauth-client-id: {{ template "concourse.secret.required" dict "key" "oauthClientId" "is" "concourse.web.auth.oauth.enabled" "root" . }} 51 oauth-client-secret: {{ template "concourse.secret.required" dict "key" "oauthClientSecret" "is" "concourse.web.auth.oauth.enabled" "root" . }} 52 oauth-ca-cert: {{ default "" .Values.secrets.oauthCaCert | b64enc | quote }} 53 {{- end }} 54 {{- if .Values.concourse.web.auth.oidc.enabled }} 55 oidc-client-id: {{ template "concourse.secret.required" dict "key" "oidcClientId" "is" "concourse.web.auth.oidc.enabled" "root" . }} 56 oidc-client-secret: {{ template "concourse.secret.required" dict "key" "oidcClientSecret" "is" "concourse.web.auth.oidc.enabled" "root" . }} 57 oidc-ca-cert: {{ default "" .Values.secrets.oidcCaCert | b64enc | quote }} 58 {{- end }} 59 {{- if .Values.concourse.web.tls.enabled }} 60 web-tls-cert: {{ template "concourse.secret.required" dict "key" "webTlsCert" "is" "concourse.web.tls.enabled" "root" . }} 61 web-tls-key: {{ template "concourse.secret.required" dict "key" "webTlsKey" "is" "concourse.web.tls.enabled" "root" . }} 62 {{- end }} 63 {{- if .Values.concourse.web.vault.enabled }} 64 vault-ca-cert: {{ default "" .Values.secrets.vaultCaCert | b64enc | quote }} 65 vault-client-token: {{ default "" .Values.secrets.vaultClientToken | b64enc | quote }} 66 vault-client-cert: {{ default "" .Values.secrets.vaultClientCert | b64enc | quote }} 67 vault-client-key: {{ default "" .Values.secrets.vaultClientKey | b64enc | quote }} 68 vault-client-auth-param: {{ default "" .Values.secrets.vaultAuthParam | b64enc | quote }} 69 {{- end }} 70 {{- if .Values.concourse.web.awsSsm.enabled }} 71 aws-ssm-access-key: {{ default "" .Values.secrets.awsSsmAccessKey | b64enc | quote }} 72 aws-ssm-secret-key: {{ default "" .Values.secrets.awsSsmSecretKey | b64enc | quote }} 73 {{- if .Values.secrets.awsSsmSessionToken }} 74 aws-ssm-session-token: {{ .Values.secrets.awsSsmSessionToken | b64enc | quote }} 75 {{- end }} 76 {{- end }} 77 {{- if .Values.concourse.web.awsSecretsManager.enabled }} 78 aws-secretsmanager-access-key: {{ default "" .Values.secrets.awsSecretsmanagerAccessKey | b64enc | quote }} 79 aws-secretsmanager-secret-key: {{ default "" .Values.secrets.awsSecretsmanagerSecretKey | b64enc | quote }} 80 {{- if .Values.secrets.awsSecretsmanagerSessionToken }} 81 aws-secretsmanager-session-token: {{ .Values.secrets.awsSecretsmanagerSessionToken | b64enc | quote }} 82 {{- end }} 83 {{- end }} 84 {{- if .Values.concourse.web.influxdb.enabled }} 85 influxdb-password: {{ default "" .Values.secrets.influxdbPassword | b64enc | quote }} 86 {{- end }} 87 {{- if .Values.concourse.web.syslog.enabled }} 88 syslog-ca-cert: {{ default "" .Values.secrets.syslogCaCert | b64enc | quote }} 89 {{- end }} 90 {{- end }}