feat(SecretManagement): migrate secrets to AWS SM

sofiasimdianova · sofiasimdianova · commit ddefa2c437b0 · 2025-02-06T16:05:51.000+01:00
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@
 | [Demo](./charts/demo/README.md) | 2.1.0 | latest | Formance Private Regions Demo | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/demo)](https://artifacthub.io/packages/search?repo=demo) |
 | [Membership](./charts/membership/README.md) | 2.2.1 | v1.1.0 | Formance Membership API. Manage stacks, organizations, regions, invitations, users, roles, and permissions. | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/membership)](https://artifacthub.io/packages/search?repo=membership) |
 | [Portal](./charts/portal/README.md) | 2.0.5 | 5e7b404a3a208b1f38603719e02a8b1883c10acf | Formance Portal | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/portal)](https://artifacthub.io/packages/search?repo=portal) |
-| [Regions](./charts/regions/README.md) | 2.8.4 | latest | Formance Private Regions Helm Chart | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/regions)](https://artifacthub.io/packages/search?repo=regions) |
+| [Regions](./charts/regions/README.md) | 2.9.4 | latest | Formance Private Regions Helm Chart | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/regions)](https://artifacthub.io/packages/search?repo=regions) |
 | [Stargate](./charts/stargate/README.md) | 0.6.1 | latest | Formance Stargate gRPC Gateway | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/stargate)](https://artifacthub.io/packages/search?repo=stargate) |
 
 ## How to contribute
diff --git a/charts/agent/README.md b/charts/agent/README.md
@@ -1,5 +1,6 @@
 # agent
 
+![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square)
 ![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square)
 
 Formance Membership Agent Helm Chart
@@ -47,9 +48,10 @@ Formance Membership Agent Helm Chart
 | affinity | object | `{}` |  |
 | agent.authentication.clientID | string | `""` |  |
 | agent.authentication.clientSecret | string | `""` |  |
-| agent.authentication.existingSecretToken | string | `""` |  |
+| agent.authentication.existingSecret | string | `""` |  |
 | agent.authentication.issuer | string | `"https://app.formance.cloud/api"` |  |
 | agent.authentication.mode | string | `"bearer"` |  |
+| agent.authentication.secretKeys.secret | string | `""` |  |
 | agent.baseUrl | string | `""` |  |
 | agent.id | string | `"b7549a16-f74a-4815-ab1e-bb8ef1c3833b"` |  |
 | agent.outdated | bool | `false` | Any region: - this flag is sync by the server - it will mark the associated region as outdated and will block any new Creation/Enable/Restore |
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
@@ -29,8 +29,8 @@ app.kubernetes.io/instance: {{ .Release.Name }}
   {{- if gt (len .Values.agent.authentication.existingSecretToken) 0 }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.agent.authentication.existingSecretToken }}
-      key: "token"
+      name: {{ .Values.agent.authentication.existingSecret }}
+      key: {{ .Values.agent.authentication.secretKeys.secret | default "token"  }}
   {{- else }}
   value: {{ .Values.agent.authentication.token }}
   {{- end }}
diff --git a/charts/agent/values.schema.json b/charts/agent/values.schema.json
@@ -15,14 +15,22 @@
                         "clientSecret": {
                             "type": "string"
                         },
-                        "existingSecretToken": {
+                        "existingSecret": {
                             "type": "string"
                         },
                         "issuer": {
                             "type": "string"
                         },
                         "mode": {
                             "type": "string"
+                        },
+                        "secretKeys": {
+                            "properties": {
+                                "secret": {
+                                    "type": "string"
+                                }
+                            },
+                            "type": "object"
                         }
                     },
                     "type": "object"
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
@@ -109,7 +109,10 @@ agent:
     issuer: https://app.formance.cloud/api
     clientID: ""
     clientSecret: ""
-    existingSecretToken: ""
+    existingSecret: ""
+    secretKeys:
+      secret: ""
+
 
     # -- Public Region
     # mode: token
diff --git a/charts/regions/Chart.lock b/charts/regions/Chart.lock
@@ -2,8 +2,9 @@ dependencies:
 - name: agent
   repository: file://../agent
   version: 2.5.0
+  version: 2.5.0
 - name: operator
   repository: oci://ghcr.io/formancehq/helm
   version: v2.6.0
-digest: sha256:22dbd8e815865ab7efe82156516bdbd48683a1530120677138c7704dfbadf47c
-generated: "2025-02-06T13:49:12.33188523Z"
+digest: sha256:22d544a8bd745a33a0b3867bdb1422416b17d9a1ecf761b76a83c6b969400f57
+generated: "2025-02-06T14:42:03.279397119Z"
diff --git a/charts/regions/Chart.yaml b/charts/regions/Chart.yaml
@@ -11,12 +11,12 @@ maintainers:
 icon: "https://avatars.githubusercontent.com/u/84325077?s=200&v=4"
 
 type: application
-version: 2.8.4
+version: 2.9.4
 appVersion: "latest"
 
 dependencies:
 - name: agent
-  version: 2.X
+  version: 2.5.0
   repository: "file://../agent"
   condition: agent.enabled
 - name: operator
diff --git a/charts/regions/README.md b/charts/regions/README.md
@@ -1,6 +1,6 @@
 # regions
 
-![Version: 2.8.4](https://img.shields.io/badge/Version-2.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 2.9.4](https://img.shields.io/badge/Version-2.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
 
 Formance Private Regions Helm Chart
 
@@ -21,7 +21,7 @@ Formance Private Regions Helm Chart
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../agent | agent | 2.X |
+| file://../agent | agent | 2.5.0 |
 | oci://ghcr.io/formancehq/helm | operator | v2.6.0 |
 
 ## Values
@@ -121,9 +121,10 @@ Formance Private Regions Helm Chart
 | agent.affinity | object | `{}` |  |
 | agent.agent.authentication.clientID | string | `""` |  |
 | agent.agent.authentication.clientSecret | string | `""` |  |
-| agent.agent.authentication.existingSecretToken | string | `""` |  |
+| agent.agent.authentication.existingSecret | string | `""` |  |
 | agent.agent.authentication.issuer | string | `"https://app.formance.cloud/api"` |  |
 | agent.agent.authentication.mode | string | `"bearer"` |  |
+| agent.agent.authentication.secretKeys.secret | string | `""` |  |
 | agent.agent.baseUrl | string | `""` |  |
 | agent.agent.id | string | `"b7549a16-f74a-4815-ab1e-bb8ef1c3833b"` |  |
 | agent.agent.outdated | bool | `false` | Any region: - this flag is sync by the server - it will mark the associated region as outdated and will block any new Creation/Enable/Restore |
