From c9d6343a9b8a4804d6c21091cfa7991ede6165ce Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 19 Apr 2026 17:23:28 +0000 Subject: [PATCH] [job-hunter] Switch ExternalSecret to explicit UPPERCASE data mappings Replaces dataFrom.extract with per-key `data` entries so the Secret keys in K8s (and therefore env vars in the pod) are always UPPERCASE: WEBHOOK_BEARER_TOKEN, CDIO_API_KEY, SMTP_USERNAME, SMTP_PASSWORD, DIGEST_TO_ADDRESS, DIGEST_FROM_ADDRESS. Vault KV keys at secret/job-hunter stay lowercase (webhook_bearer_token etc.). Refs: code-snp Co-Authored-By: Claude Opus 4.7 (1M context) --- stacks/job-hunter/main.tf | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/stacks/job-hunter/main.tf b/stacks/job-hunter/main.tf index 5d123d7c..ff48e28d 100644 --- a/stacks/job-hunter/main.tf +++ b/stacks/job-hunter/main.tf @@ -61,11 +61,32 @@ resource "kubernetes_manifest" "external_secret" { } } } - dataFrom = [{ - extract = { - key = "job-hunter" - } - }] + data = [ + { + secretKey = "WEBHOOK_BEARER_TOKEN" + remoteRef = { key = "job-hunter", property = "webhook_bearer_token" } + }, + { + secretKey = "CDIO_API_KEY" + remoteRef = { key = "job-hunter", property = "cdio_api_key" } + }, + { + secretKey = "SMTP_USERNAME" + remoteRef = { key = "job-hunter", property = "smtp_username" } + }, + { + secretKey = "SMTP_PASSWORD" + remoteRef = { key = "job-hunter", property = "smtp_password" } + }, + { + secretKey = "DIGEST_TO_ADDRESS" + remoteRef = { key = "job-hunter", property = "digest_to_address" } + }, + { + secretKey = "DIGEST_FROM_ADDRESS" + remoteRef = { key = "job-hunter", property = "digest_from_address" } + }, + ] } } depends_on = [kubernetes_namespace.job_hunter]