comms: shorten vault inject file names

services/comms/atlasbot-deployment.yaml

@@ -19,38 +19,38 @@ spec:
         checksum/atlasbot-configmap: manual-atlasbot-4
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
     spec:
       serviceAccountName: atlasbot

services/comms/bstein-force-leave-job.yaml

@@ -11,8 +11,8 @@ spec:
       annotations:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
     spec:
       restartPolicy: Never
@@ -26,7 +26,7 @@ spec:
             - name: MAS_ADMIN_CLIENT_ID
               value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
             - name: MAS_ADMIN_CLIENT_SECRET_FILE
-              value: /vault/secrets/mas-admin-client-runtime__client_secret
+              value: /vault/secrets/mas-admin-secret
             - name: MAS_TOKEN_URL
               value: http://matrix-authentication-service:8080/oauth2/token
             - name: MAS_ADMIN_API_BASE

services/comms/coturn.yaml

@@ -17,38 +17,38 @@ spec:
       annotations:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
     spec:
       serviceAccountName: comms-vault

services/comms/guest-name-job.yaml

@@ -18,38 +18,38 @@ spec:
           annotations:
             vault.hashicorp.com/agent-inject: "true"
             vault.hashicorp.com/role: "comms"
-            vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+            vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-            vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+            vault.hashicorp.com/agent-inject-template-turn-secret: |
               {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+            vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-            vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+            vault.hashicorp.com/agent-inject-template-livekit-primary: |
               {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+            vault.hashicorp.com/agent-inject-template-bot-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+            vault.hashicorp.com/agent-inject-template-seeder-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+            vault.hashicorp.com/agent-inject-template-chat-matrix: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+            vault.hashicorp.com/agent-inject-template-chat-homepage: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
               {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+            vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-            vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+            vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
               {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+            vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-            vault.hashicorp.com/agent-inject-template-mas-db__password: |
+            vault.hashicorp.com/agent-inject-template-mas-db-pass: |
               {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
         spec:
           restartPolicy: Never
@@ -72,7 +72,7 @@ spec:
                 - name: MAS_ADMIN_CLIENT_ID
                   value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
                 - name: MAS_ADMIN_CLIENT_SECRET_FILE
-                  value: /vault/secrets/mas-admin-client-runtime__client_secret
+                  value: /vault/secrets/mas-admin-secret
                 - name: MAS_ADMIN_API_BASE
                   value: http://matrix-authentication-service:8081/api/admin/v1
                 - name: MAS_TOKEN_URL

services/comms/guest-register-deployment.yaml

@@ -16,8 +16,8 @@ spec:
         checksum/config: guest-register-proxy-5
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
       labels:
         app.kubernetes.io/name: matrix-guest-register
@@ -48,7 +48,7 @@ spec:
             - name: MAS_ADMIN_CLIENT_ID
               value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
             - name: MAS_ADMIN_CLIENT_SECRET_FILE
-              value: /vault/secrets/mas-admin-client-runtime__client_secret
+              value: /vault/secrets/mas-admin-secret
             - name: MAS_ADMIN_API_BASE
               value: http://matrix-authentication-service:8081/api/admin/v1
             - name: SYNAPSE_BASE

services/comms/livekit.yaml

@@ -17,38 +17,38 @@ spec:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/agent-init-first: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
       labels:
         app: livekit

services/comms/mas-deployment.yaml

@@ -17,44 +17,44 @@ spec:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/agent-init-first: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__encryption: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-encryption: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__encryption: |
+        vault.hashicorp.com/agent-inject-template-mas-encryption: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.encryption }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__rsa_key: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-rsa-key: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__rsa_key: |
+        vault.hashicorp.com/agent-inject-template-mas-rsa-key: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.rsa_key }}{{- end -}}
       labels:
         app: matrix-authentication-service
@@ -119,23 +119,23 @@ spec:
               readOnly: true
             - name: vault-secrets
               mountPath: /etc/mas/secrets/encryption
-              subPath: mas-secrets-runtime__encryption
+              subPath: mas-encryption
               readOnly: true
             - name: vault-secrets
               mountPath: /etc/mas/secrets/matrix_shared_secret
-              subPath: mas-secrets-runtime__matrix_shared_secret
+              subPath: mas-matrix-shared
               readOnly: true
             - name: vault-secrets
               mountPath: /etc/mas/secrets/keycloak_client_secret
-              subPath: mas-secrets-runtime__keycloak_client_secret
+              subPath: mas-kc-secret
               readOnly: true
             - name: vault-secrets
               mountPath: /etc/mas/keys/rsa_key
-              subPath: mas-secrets-runtime__rsa_key
+              subPath: mas-rsa-key
               readOnly: true
             - name: vault-secrets
               mountPath: /etc/mas/admin-client/client_secret
-              subPath: mas-admin-client-runtime__client_secret
+              subPath: mas-admin-secret
               readOnly: true
           resources:
             requests:

services/comms/mas-local-users-ensure-job.yaml

@@ -12,38 +12,38 @@ spec:
       annotations:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
     spec:
       restartPolicy: Never
@@ -64,7 +64,7 @@ spec:
             - name: MAS_ADMIN_CLIENT_ID
               value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
             - name: MAS_ADMIN_CLIENT_SECRET_FILE
-              value: /vault/secrets/mas-admin-client-runtime__client_secret
+              value: /vault/secrets/mas-admin-secret
             - name: MAS_TOKEN_URL
               value: http://matrix-authentication-service:8080/oauth2/token
             - name: MAS_ADMIN_API_BASE

services/comms/othrys-kick-numeric-job.yaml

@@ -11,38 +11,38 @@ spec:
       annotations:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
     spec:
       restartPolicy: Never

services/comms/pin-othrys-job.yaml

@@ -18,38 +18,38 @@ spec:
           annotations:
             vault.hashicorp.com/agent-inject: "true"
             vault.hashicorp.com/role: "comms"
-            vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+            vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-            vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+            vault.hashicorp.com/agent-inject-template-turn-secret: |
               {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+            vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-            vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+            vault.hashicorp.com/agent-inject-template-livekit-primary: |
               {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+            vault.hashicorp.com/agent-inject-template-bot-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+            vault.hashicorp.com/agent-inject-template-seeder-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+            vault.hashicorp.com/agent-inject-template-chat-matrix: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+            vault.hashicorp.com/agent-inject-template-chat-homepage: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
               {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+            vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-            vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+            vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
               {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+            vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-            vault.hashicorp.com/agent-inject-template-mas-db__password: |
+            vault.hashicorp.com/agent-inject-template-mas-db-pass: |
               {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
         spec:
           restartPolicy: Never

services/comms/reset-othrys-room-job.yaml

@@ -18,38 +18,38 @@ spec:
           annotations:
             vault.hashicorp.com/agent-inject: "true"
             vault.hashicorp.com/role: "comms"
-            vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+            vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-            vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+            vault.hashicorp.com/agent-inject-template-turn-secret: |
               {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+            vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-            vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+            vault.hashicorp.com/agent-inject-template-livekit-primary: |
               {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+            vault.hashicorp.com/agent-inject-template-bot-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+            vault.hashicorp.com/agent-inject-template-seeder-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+            vault.hashicorp.com/agent-inject-template-chat-matrix: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+            vault.hashicorp.com/agent-inject-template-chat-homepage: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
               {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+            vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-            vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+            vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
               {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+            vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-            vault.hashicorp.com/agent-inject-template-mas-db__password: |
+            vault.hashicorp.com/agent-inject-template-mas-db-pass: |
               {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
         spec:
           restartPolicy: Never

services/comms/scripts/comms_vault_env.sh

@@ -7,21 +7,21 @@ read_secret() {
   tr -d '\r\n' < "${vault_dir}/$1"
 }
 
-export TURN_STATIC_AUTH_SECRET="$(read_secret turn-shared-secret__TURN_STATIC_AUTH_SECRET)"
+export TURN_STATIC_AUTH_SECRET="$(read_secret turn-secret)"
 export TURN_PASSWORD="${TURN_STATIC_AUTH_SECRET}"
 
-export LIVEKIT_API_SECRET="$(read_secret livekit-api__primary)"
+export LIVEKIT_API_SECRET="$(read_secret livekit-primary)"
 export LIVEKIT_SECRET="${LIVEKIT_API_SECRET}"
 
-export BOT_PASS="$(read_secret atlasbot-credentials-runtime__bot-password)"
+export BOT_PASS="$(read_secret bot-pass)"
-export SEEDER_PASS="$(read_secret atlasbot-credentials-runtime__seeder-password)"
+export SEEDER_PASS="$(read_secret seeder-pass)"
 
-export CHAT_API_KEY="$(read_secret chat-ai-keys-runtime__matrix)"
+export CHAT_API_KEY="$(read_secret chat-matrix)"
-export CHAT_API_HOMEPAGE="$(read_secret chat-ai-keys-runtime__homepage)"
+export CHAT_API_HOMEPAGE="$(read_secret chat-homepage)"
 
-export MAS_ADMIN_CLIENT_SECRET_FILE="${vault_dir}/mas-admin-client-runtime__client_secret"
+export MAS_ADMIN_CLIENT_SECRET_FILE="${vault_dir}/mas-admin-secret"
-export PGPASSWORD="$(read_secret synapse-db__POSTGRES_PASSWORD)"
+export PGPASSWORD="$(read_secret synapse-db-pass)"
 
-export MAS_DB_PASSWORD="$(read_secret mas-db__password)"
+export MAS_DB_PASSWORD="$(read_secret mas-db-pass)"
-export MATRIX_SHARED_SECRET="$(read_secret mas-secrets-runtime__matrix_shared_secret)"
+export MATRIX_SHARED_SECRET="$(read_secret mas-matrix-shared)"
-export KEYCLOAK_CLIENT_SECRET="$(read_secret mas-secrets-runtime__keycloak_client_secret)"
+export KEYCLOAK_CLIENT_SECRET="$(read_secret mas-kc-secret)"

services/comms/secretproviderclass.yaml

@@ -10,13 +10,13 @@ spec:
     vaultAddress: "http://vault.vault.svc.cluster.local:8200"
     roleName: "comms"
     objects: |
-      - objectName: "turn-shared-secret__TURN_STATIC_AUTH_SECRET"
+      - objectName: "turn-secret"
         secretPath: "kv/data/atlas/comms/turn-shared-secret"
         secretKey: "TURN_STATIC_AUTH_SECRET"
-      - objectName: "livekit-api__primary"
+      - objectName: "livekit-primary"
         secretPath: "kv/data/atlas/comms/livekit-api"
         secretKey: "primary"
-      - objectName: "synapse-db__POSTGRES_PASSWORD"
+      - objectName: "synapse-db-pass"
         secretPath: "kv/data/atlas/comms/synapse-db"
         secretKey: "POSTGRES_PASSWORD"
       - objectName: "synapse-redis__redis-password"
@@ -25,34 +25,34 @@ spec:
       - objectName: "synapse-macaroon__macaroon_secret_key"
         secretPath: "kv/data/atlas/comms/synapse-macaroon"
         secretKey: "macaroon_secret_key"
-      - objectName: "atlasbot-credentials-runtime__bot-password"
+      - objectName: "bot-pass"
         secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime"
         secretKey: "bot-password"
-      - objectName: "atlasbot-credentials-runtime__seeder-password"
+      - objectName: "seeder-pass"
         secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime"
         secretKey: "seeder-password"
-      - objectName: "chat-ai-keys-runtime__matrix"
+      - objectName: "chat-matrix"
         secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime"
         secretKey: "matrix"
-      - objectName: "chat-ai-keys-runtime__homepage"
+      - objectName: "chat-homepage"
         secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime"
         secretKey: "homepage"
-      - objectName: "mas-admin-client-runtime__client_secret"
+      - objectName: "mas-admin-secret"
         secretPath: "kv/data/atlas/comms/mas-admin-client-runtime"
         secretKey: "client_secret"
-      - objectName: "mas-db__password"
+      - objectName: "mas-db-pass"
         secretPath: "kv/data/atlas/comms/mas-db"
         secretKey: "password"
-      - objectName: "mas-secrets-runtime__encryption"
+      - objectName: "mas-encryption"
         secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
         secretKey: "encryption"
-      - objectName: "mas-secrets-runtime__matrix_shared_secret"
+      - objectName: "mas-matrix-shared"
         secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
         secretKey: "matrix_shared_secret"
-      - objectName: "mas-secrets-runtime__keycloak_client_secret"
+      - objectName: "mas-kc-secret"
         secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
         secretKey: "keycloak_client_secret"
-      - objectName: "mas-secrets-runtime__rsa_key"
+      - objectName: "mas-rsa-key"
         secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
         secretKey: "rsa_key"
       - objectName: "othrys-synapse-signingkey__signing.key"
@@ -68,17 +68,17 @@ spec:
     - secretName: turn-shared-secret
       type: Opaque
       data:
-        - objectName: turn-shared-secret__TURN_STATIC_AUTH_SECRET
+        - objectName: turn-secret
           key: TURN_STATIC_AUTH_SECRET
     - secretName: livekit-api
       type: Opaque
       data:
-        - objectName: livekit-api__primary
+        - objectName: livekit-primary
           key: primary
     - secretName: synapse-db
       type: Opaque
       data:
-        - objectName: synapse-db__POSTGRES_PASSWORD
+        - objectName: synapse-db-pass
           key: POSTGRES_PASSWORD
     - secretName: synapse-redis
       type: Opaque
@@ -93,37 +93,37 @@ spec:
     - secretName: atlasbot-credentials-runtime
       type: Opaque
       data:
-        - objectName: atlasbot-credentials-runtime__bot-password
+        - objectName: bot-pass
           key: bot-password
-        - objectName: atlasbot-credentials-runtime__seeder-password
+        - objectName: seeder-pass
           key: seeder-password
     - secretName: chat-ai-keys-runtime
       type: Opaque
       data:
-        - objectName: chat-ai-keys-runtime__matrix
+        - objectName: chat-matrix
           key: matrix
-        - objectName: chat-ai-keys-runtime__homepage
+        - objectName: chat-homepage
           key: homepage
     - secretName: mas-admin-client-runtime
       type: Opaque
       data:
-        - objectName: mas-admin-client-runtime__client_secret
+        - objectName: mas-admin-secret
           key: client_secret
     - secretName: mas-db
       type: Opaque
       data:
-        - objectName: mas-db__password
+        - objectName: mas-db-pass
           key: password
     - secretName: mas-secrets-runtime
       type: Opaque
       data:
-        - objectName: mas-secrets-runtime__encryption
+        - objectName: mas-encryption
           key: encryption
-        - objectName: mas-secrets-runtime__matrix_shared_secret
+        - objectName: mas-matrix-shared
           key: matrix_shared_secret
-        - objectName: mas-secrets-runtime__keycloak_client_secret
+        - objectName: mas-kc-secret
           key: keycloak_client_secret
-        - objectName: mas-secrets-runtime__rsa_key
+        - objectName: mas-rsa-key
           key: rsa_key
     - secretName: othrys-synapse-signingkey
       type: Opaque

services/comms/seed-othrys-room.yaml

@@ -16,38 +16,38 @@ spec:
           annotations:
             vault.hashicorp.com/agent-inject: "true"
             vault.hashicorp.com/role: "comms"
-            vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+            vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-            vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+            vault.hashicorp.com/agent-inject-template-turn-secret: |
               {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+            vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-            vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+            vault.hashicorp.com/agent-inject-template-livekit-primary: |
               {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+            vault.hashicorp.com/agent-inject-template-bot-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+            vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-            vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+            vault.hashicorp.com/agent-inject-template-seeder-pass: |
               {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+            vault.hashicorp.com/agent-inject-template-chat-matrix: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+            vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-            vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+            vault.hashicorp.com/agent-inject-template-chat-homepage: |
               {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
               {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+            vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-            vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+            vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
               {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+            vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-            vault.hashicorp.com/agent-inject-template-mas-db__password: |
+            vault.hashicorp.com/agent-inject-template-mas-db-pass: |
               {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-            vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+            vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-            vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+            vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
               {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
         spec:
           restartPolicy: Never

services/comms/synapse-seeder-admin-ensure-job.yaml

@@ -11,38 +11,38 @@ spec:
       annotations:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
     spec:
       restartPolicy: OnFailure

services/comms/synapse-user-seed-job.yaml

@@ -12,38 +12,38 @@ spec:
       annotations:
         vault.hashicorp.com/agent-inject: "true"
         vault.hashicorp.com/role: "comms"
-        vault.hashicorp.com/agent-inject-secret-turn-shared-secret__TURN_STATIC_AUTH_SECRET: "kv/data/atlas/comms/turn-shared-secret"
+        vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret"
-        vault.hashicorp.com/agent-inject-template-turn-shared-secret__TURN_STATIC_AUTH_SECRET: |
+        vault.hashicorp.com/agent-inject-template-turn-secret: |
           {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-livekit-api__primary: "kv/data/atlas/comms/livekit-api"
+        vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api"
-        vault.hashicorp.com/agent-inject-template-livekit-api__primary: |
+        vault.hashicorp.com/agent-inject-template-livekit-primary: |
           {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__bot-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__bot-password: |
+        vault.hashicorp.com/agent-inject-template-bot-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-atlasbot-credentials-runtime__seeder-password: "kv/data/atlas/comms/atlasbot-credentials-runtime"
+        vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime"
-        vault.hashicorp.com/agent-inject-template-atlasbot-credentials-runtime__seeder-password: |
+        vault.hashicorp.com/agent-inject-template-seeder-pass: |
           {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__matrix: |
+        vault.hashicorp.com/agent-inject-template-chat-matrix: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-chat-ai-keys-runtime__homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
+        vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime"
-        vault.hashicorp.com/agent-inject-template-chat-ai-keys-runtime__homepage: |
+        vault.hashicorp.com/agent-inject-template-chat-homepage: |
           {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-admin-client-runtime__client_secret: "kv/data/atlas/comms/mas-admin-client-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-admin-client-runtime__client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
           {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-synapse-db__POSTGRES_PASSWORD: "kv/data/atlas/comms/synapse-db"
+        vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db"
-        vault.hashicorp.com/agent-inject-template-synapse-db__POSTGRES_PASSWORD: |
+        vault.hashicorp.com/agent-inject-template-synapse-db-pass: |
           {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-db__password: "kv/data/atlas/comms/mas-db"
+        vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db"
-        vault.hashicorp.com/agent-inject-template-mas-db__password: |
+        vault.hashicorp.com/agent-inject-template-mas-db-pass: |
           {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__matrix_shared_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__matrix_shared_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-matrix-shared: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}}
-        vault.hashicorp.com/agent-inject-secret-mas-secrets-runtime__keycloak_client_secret: "kv/data/atlas/comms/mas-secrets-runtime"
+        vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime"
-        vault.hashicorp.com/agent-inject-template-mas-secrets-runtime__keycloak_client_secret: |
+        vault.hashicorp.com/agent-inject-template-mas-kc-secret: |
           {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}}
     spec:
       restartPolicy: Never