fix(infrastructure): add oauth keys as secret

7project/charts/myapp-chart/templates/app-deployment.yaml

@@ -20,7 +20,7 @@ spec:
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
-              drop: ["ALL"]
+              drop: [ "ALL" ]
           ports:
             - containerPort: {{ .Values.app.port }}
           env:
@@ -53,13 +53,25 @@ spec:
             - name: MAIL_QUEUE
               value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
             - name: MOJEID_CLIENT_ID
-              value: {{ .Values.oauth.mojeid.clientId | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: MOJEID_CLIENT_ID
             - name: MOJEID_CLIENT_SECRET
-              value: {{ .Values.oauth.mojeid.clientSecret | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: MOJEID_CLIENT_SECRET
             - name: BANKID_CLIENT_ID
-              value: {{ .Values.oauth.bankid.clientId | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: BANKID_CLIENT_ID
             - name: BANKID_CLIENT_SECRET
-              value: {{ .Values.oauth.bankid.clientSecret | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: BANKID_CLIENT_SECRET
             - name: DOMAIN
               value: {{ required "Set .Values.domain" .Values.domain | quote }}
             - name: DOMAIN_SCHEME

7project/charts/myapp-chart/templates/prod.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prod
+type: Opaque
+stringData:
+  MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }}
+  MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }}
+  BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }}
+  BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }}