[job-hunter] Switch ExternalSecret to explicit UPPERCASE data mappings

Replaces dataFrom.extract with per-key `data` entries so the Secret keys in K8s (and therefore env vars in the pod) are always UPPERCASE: WEBHOOK_BEARER_TOKEN, CDIO_API_KEY, SMTP_USERNAME, SMTP_PASSWORD, DIGEST_TO_ADDRESS, DIGEST_FROM_ADDRESS. Vault KV keys at secret/job-hunter stay lowercase (webhook_bearer_token etc.). Refs: code-snp Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 17:23:28 +00:00 · 2026-04-19 17:23:28 +00:00 · c9d6343a9b
commit c9d6343a9b
parent 9f9d7d10ff
1 changed files with 26 additions and 5 deletions
--- a/stacks/job-hunter/main.tf
+++ b/stacks/job-hunter/main.tf
@ -61,11 +61,32 @@ resource "kubernetes_manifest" "external_secret" {
          }
        }
      }
-      dataFrom = [{
-        extract = {
-          key = "job-hunter"
-        }
-      }]
+      data = [
+        {
+          secretKey = "WEBHOOK_BEARER_TOKEN"
+          remoteRef = { key = "job-hunter", property = "webhook_bearer_token" }
+        },
+        {
+          secretKey = "CDIO_API_KEY"
+          remoteRef = { key = "job-hunter", property = "cdio_api_key" }
+        },
+        {
+          secretKey = "SMTP_USERNAME"
+          remoteRef = { key = "job-hunter", property = "smtp_username" }
+        },
+        {
+          secretKey = "SMTP_PASSWORD"
+          remoteRef = { key = "job-hunter", property = "smtp_password" }
+        },
+        {
+          secretKey = "DIGEST_TO_ADDRESS"
+          remoteRef = { key = "job-hunter", property = "digest_to_address" }
+        },
+        {
+          secretKey = "DIGEST_FROM_ADDRESS"
+          remoteRef = { key = "job-hunter", property = "digest_from_address" }
+        },
+      ]
    }
  }
  depends_on = [kubernetes_namespace.job_hunter]