putting s3 secrets in one object

2026-04-20 21:09:45 -06:00
parent 0099dc1e4a
commit 749afaebf7
5 changed files with 17 additions and 55 deletions
@@ -1,28 +1,11 @@
 {{- define "template.upload-storage" -}}
 - name: upload-storage
  container:
-    image: {{ .Values.images.awsCli | quote }}
+    image: {{ .Values.images.awsCli }}
+    envFrom:
+      - secretRef:
+          name: amp-security-pipeline-secrets
    env:
-      - name: AWS_ACCESS_KEY_ID
-        valueFrom:
-          secretKeyRef:
-            name: amp-security-pipeline-secrets
-            key: AWS_ACCESS_KEY_ID
-      - name: AWS_SECRET_ACCESS_KEY
-        valueFrom:
-          secretKeyRef:
-            name: amp-security-pipeline-secrets
-            key: AWS_SECRET_ACCESS_KEY
-      - name: MINIO_ROOT_USER
-        valueFrom:
-          secretKeyRef:
-            name: amp-security-pipeline-secrets
-            key: MINIO_ROOT_USER
-      - name: MINIO_ROOT_PASSWORD
-        valueFrom:
-          secretKeyRef:
-            name: amp-security-pipeline-secrets
-            key: MINIO_ROOT_PASSWORD
      - name: REPORTS_BUCKET
        value: {{ .Values.storage.reportsBucket | quote }}
      - name: REPO_NAME
@@ -35,6 +18,8 @@
    args:
      - |
        set -eu
+        export AWS_ACCESS_KEY_ID="${S3_ACCESS_KEY_ID:-}"
+        export AWS_SECRET_ACCESS_KEY="${S3_SECRET_ACCESS_KEY:-}"
        commit_sha="${GIT_COMMIT_SHA:-unknown}"
        report_date="$(date -u +%F)"
        sync_target="s3://${REPORTS_BUCKET}/${REPO_NAME}/${report_date}/${commit_sha}/"