{{- $secretName := include "matrix-authentication-service.fullname" . }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $secretName }}
  labels:
    {{- include "matrix-authentication-service.labels" . | nindent 4 }}
data:
  {{- $mergeObj := dict }}
  {{- $currentData := lookup "v1" "Secret" .Release.Namespace $secretName }}

  {{- if not .Values.config.secrets.encryption }}
  {{- $secretEncrpytion := (dig "data" "secret_encryption" "" $currentData | b64dec) | default (randAscii 64 | sha256sum) }}
  secret_encryption: {{ $secretEncrpytion | b64enc }}
  {{- $mergeObj = mergeOverwrite $mergeObj ( dict 
    "secrets" (dict
      "encryption" $secretEncrpytion
    )
  ) }}
  {{- end }}

  {{- if not .Values.config.secrets.keys }}
  {{- $keyRSA := (dig "data"  "key_rsa" "" $currentData | b64dec) | default (genPrivateKey "rsa") }}
  {{- $keyECDSA := (dig "data" "key_ecdsa" "" $currentData | b64dec) | default (genPrivateKey "ecdsa") }}
  key_rsa: {{ $keyRSA | b64enc }}
  key_ecdsa: {{ $keyECDSA | b64enc }}
  {{- $mergeObj = mergeOverwrite $mergeObj ( dict 
    "secrets" (dict
      "keys" (list
        (dict
           "kid" "rsa"
           "key" $keyRSA
        )
        (dict
           "kid" "ecdsa"
           "key" $keyECDSA
        )
      )
    )
  ) }}
  {{- end }}
  config.yaml: |-
    {{ mergeOverwrite .Values.config $mergeObj | toYaml | b64enc }}