chore(corp/ops): pipe secrets through to backend container r/6249

Change-Id: Idcaa4a7213b53fe1e818c6a81754d29b6249e957 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8729 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
author: Vincent Ambo <mail@tazj.in> 2023-06-09T12·06+0300
committer: tazjin <tazjin@tvl.su> 2023-06-09T12·21+0000
commit: aea8c79ca384d5d290b138de0f2ba5af8559ee2d (patch)
tree: dbc8b7fe75f88fa8bc120ee1bb025f41b2ab2131 /corp
parent: eae70200cefb613a301f518ada681572950848d0 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/corp/ops/yandex/rih.tf b/corp/ops/yandex/rih.tf
index d2f58e7e8e..3e1ac5b091 100644
--- a/corp/ops/yandex/rih.tf
+++ b/corp/ops/yandex/rih.tf
@@ -96,6 +96,20 @@ resource "yandex_serverless_container" "rih_backend" {
   image {
     url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:a4sdm3gn9l41xv3lyr5642mpd9m0fdhg"
   }
+
+  secrets {
+    id                   = yandex_lockbox_secret.rih_backend_storage_key.id
+    version_id           = yandex_lockbox_secret_version.rih_backend_storage_secret.id
+    key                  = "access_key"
+    environment_variable = "AWS_ACCESS_KEY_ID"
+  }
+
+  secrets {
+    id                   = yandex_lockbox_secret.rih_backend_storage_key.id
+    version_id           = yandex_lockbox_secret_version.rih_backend_storage_secret.id
+    key                  = "secret_key"
+    environment_variable = "AWS_SECRET_ACCESS_KEY"
+  }
 }
 
 resource "yandex_api_gateway" "rih_gateway" {
author	Vincent Ambo <mail@tazj.in>	2023-06-09T12·06+0300
committer	tazjin <tazjin@tvl.su>	2023-06-09T12·21+0000
commit	aea8c79ca384d5d290b138de0f2ba5af8559ee2d (patch)
tree	dbc8b7fe75f88fa8bc120ee1bb025f41b2ab2131 /corp
parent	eae70200cefb613a301f518ada681572950848d0 (diff)