# services/crypto/wallet-monero-temp/secrets-ensure-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: wallet-monero-temp-secrets-ensure
  namespace: crypto
spec:
  backoffLimit: 1
  template:
    spec:
      serviceAccountName: crypto-secrets-ensure
      restartPolicy: OnFailure
      containers:
        - name: vault-write
          image: hashicorp/vault:1.17.6
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-c"]
          args:
            - |
              set -euo pipefail
              export VAULT_ADDR=http://vault.vault.svc.cluster.local:8200
              VAULT_TOKEN="$(vault write -field=token auth/kubernetes/login role=crypto-secrets jwt=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token))"
              export VAULT_TOKEN
              vault kv put kv/atlas/crypto/wallet-monero-temp-rpc-auth \
                username="${RPC_USER}" \
                password="${RPC_PASS}"
          env:
            - name: RPC_USER
              valueFrom:
                secretKeyRef:
                  name: wallet-monero-temp-rpc-auth
                  key: username
            - name: RPC_PASS
              valueFrom:
                secretKeyRef:
                  name: wallet-monero-temp-rpc-auth
                  key: password