From 60109c4a3537bddc7ff62e891433df216dea0188 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Thu, 16 Oct 2025 18:18:19 +0200
Subject: [PATCH] fix(infrastructure): add oauth keys as secret

---
 .../myapp-chart/templates/app-deployment.yaml | 22 ++++++++++++++-----
 .../charts/myapp-chart/templates/prod.yaml    | 10 +++++++++
 2 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100644 7project/charts/myapp-chart/templates/prod.yaml

diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml
index 499c1e4..1eeb7df 100644
--- a/7project/charts/myapp-chart/templates/app-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/app-deployment.yaml
@@ -20,7 +20,7 @@ spec:
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
-              drop: ["ALL"]
+              drop: [ "ALL" ]
           ports:
             - containerPort: {{ .Values.app.port }}
           env:
@@ -53,13 +53,25 @@ spec:
             - name: MAIL_QUEUE
               value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
             - name: MOJEID_CLIENT_ID
-              value: {{ .Values.oauth.mojeid.clientId | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: MOJEID_CLIENT_ID
             - name: MOJEID_CLIENT_SECRET
-              value: {{ .Values.oauth.mojeid.clientSecret | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: MOJEID_CLIENT_SECRET
             - name: BANKID_CLIENT_ID
-              value: {{ .Values.oauth.bankid.clientId | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: BANKID_CLIENT_ID
             - name: BANKID_CLIENT_SECRET
-              value: {{ .Values.oauth.bankid.clientSecret | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: BANKID_CLIENT_SECRET
             - name: DOMAIN
               value: {{ required "Set .Values.domain" .Values.domain | quote }}
             - name: DOMAIN_SCHEME
diff --git a/7project/charts/myapp-chart/templates/prod.yaml b/7project/charts/myapp-chart/templates/prod.yaml
new file mode 100644
index 0000000..43147b0
--- /dev/null
+++ b/7project/charts/myapp-chart/templates/prod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prod
+type: Opaque
+stringData:
+  MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }}
+  MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }}
+  BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }}
+  BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }}
\ No newline at end of file