SIGNING_KEY should be use

[anhdle14]

What happened?

Try to centralize all secrets for config in one place, and found out that signing-key is set up in Helm and not SIGNING_KEY.

The helm values important lines are:

# values.yaml
config:
  existingSigningKeySecret: pomerium-secrets

# pomerium-secrets k8s file
---
kind: Secret
stringData:
  ...
  SIGNING_KEY: ---REDACTED---
  ...

• charts/pomerium/templates/signing-key-secret.yaml
• https://www.pomerium.com/reference/#signing-key

Because helm expects the key to be signing-key

What did you expect to happen?

Use SIGNING_KEY as key and Helm should accept.

Steps to reproduce

1. Create the pomerium-secret
2. Apply values.yaml
3. Error from logs with existing secret does not have signing-key secret key.

What's your environment like?

• Chart version: irrelevant
• Container image: irrelevant
• Kubernetes version: irrelevant
• Cloud provider: irrelevant
• Other details: irrelevant

What are your chart values?

...
config:
  existingSigningKeySecret: pomerium-secrets
...

What are the contents of your config secret?

kubectl get secret pomerium -o=jsonpath="{.data['config\.yaml']}" | base64 -D

# irrelevant

What did you see in the logs?

# forgot to record the full logs but it should basically tell the existing secret does not have a key named signing-key.

Additional context

Add any other context about the problem here.