chore: add svix secret env var

charts/galoy/templates/api-deployment.yaml

@@ -75,6 +75,11 @@ spec:
           value: {{ .Values.tracing.otelExporterOtlpEndpoint | quote }}
         - name: TRACING_SERVICE_NAME
           value: "{{ .Values.tracing.prefix }}-{{ template "galoy.api.fullname" . }}"
+        - name: SVIX_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.svixExistingSecret.name }}
+              key: {{ .Values.galoy.svixExistingSecret.secret_key }}
 {{/* Databases */}}
 {{ include "galoy.mongodb.env" . | indent 8 }}
 {{ include "galoy.redis.env" . | indent 8 }}

charts/galoy/templates/galoy-cronjob.yaml

@@ -69,6 +69,12 @@ spec:
 
 {{ include "galoy.appcheck.env" . | indent 12 }}
 
+            - name: SVIX_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.galoy.svixExistingSecret.name }}
+                  key: {{ .Values.galoy.svixExistingSecret.secret_key }}
+
             {{ if .Values.galoy.trigger.backups.dropbox.enabled }}
             - name: DROPBOX_ACCESS_TOKEN
               valueFrom:

charts/galoy/templates/galoy-secrets.yaml

@@ -98,8 +98,18 @@ data:
   {{ .Values.galoy.twilioExistingSecret.verify_service_id }}: {{ .Values.secrets.twilioVerifyServiceId | toString | b64enc }}
   {{ .Values.galoy.twilioExistingSecret.account_sid_key }}: {{ .Values.secrets.twilioAccountSid | toString | b64enc }}
   {{ .Values.galoy.twilioExistingSecret.auth_token_key }}: {{ .Values.secrets.twilioAuthToken | toString | b64enc }}
-
-
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.galoy.svixExistingSecret.name }}
+  labels:
+    app: {{ template "galoy.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "twilio"
+type: Opaque
+data:
+  {{ .Values.galoy.svixExistingSecret.secret_key }}: {{ .Values.secrets.svixSecretKey | toString | b64enc }}
 ---
 
 apiVersion: v1

charts/galoy/templates/trigger-deployment.yaml

@@ -119,6 +119,12 @@ spec:
           value: "/tmp/service-account.json"
         {{ end }}
 
+        - name: SVIX_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.svixExistingSecret.name }}
+              key: {{ .Values.galoy.svixExistingSecret.secret_key }}
+
         {{ if .Values.galoy.trigger.probes.enabled }}
         livenessProbe:
           httpGet:

charts/galoy/templates/websocket-deployment.yaml

@@ -98,6 +98,12 @@ spec:
         - name: PRICE_HOST
           value: {{ .Values.price.realtime.host | quote }}
 
+        - name: SVIX_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.svixExistingSecret.name }}
+              key: {{ .Values.galoy.svixExistingSecret.secret_key }}
+
         {{ if .Values.galoy.websocket.firebaseNotifications.enabled }}
         - name: GOOGLE_APPLICATION_CREDENTIALS
           value: "/tmp/firebase-service-account/service-account.json"

charts/galoy/values.yaml

@@ -493,6 +493,12 @@ galoy:
     auth_token_key: TWILIO_AUTH_TOKEN
   ## Mattermost webhook url
   mattermostWebhookUrl: ""
+  ## Svix secret
+  svixExistingSecret:
+    # Secret Name
+    name: svix-secret
+    # Svix secret
+    secret_key: svix-secret
 # Configuration values for the mongodb dependency.
 # Ref: https://artifacthub.io/packages/helm/bitnami/mongodb/
 #
@@ -618,6 +624,8 @@ secrets:
   ## Secret for Galoy app
   kratosMasterUserPassword:
   kratosCallbackApiKey:
+  ## Secret for Svix
+  svixSecretKey:
 ## Tracing details
 ##
 tracing:

dev/galoy/main.tf

@@ -275,6 +275,16 @@ resource "kubernetes_secret" "kratos_master_user_password" {
   }
 }
 
+resource "kubernetes_secret" "svix_secret" {
+  metadata {
+    name      = "svix-secret"
+    namespace = kubernetes_namespace.galoy.metadata[0].name
+  }
+  data = {
+    "svix-secret" = "dummy"
+  }
+}
+
 resource "helm_release" "galoy" {
   name      = "galoy"
   chart     = "${path.module}/../../charts/galoy"