From aea8c79ca384d5d290b138de0f2ba5af8559ee2d Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 9 Jun 2023 15:06:23 +0300
Subject: chore(corp/ops): pipe secrets through to backend container

Change-Id: Idcaa4a7213b53fe1e818c6a81754d29b6249e957
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8729
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
---
 corp/ops/yandex/rih.tf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'corp')

diff --git a/corp/ops/yandex/rih.tf b/corp/ops/yandex/rih.tf
index d2f58e7e8e..3e1ac5b091 100644
--- a/corp/ops/yandex/rih.tf
+++ b/corp/ops/yandex/rih.tf
@@ -96,6 +96,20 @@ resource "yandex_serverless_container" "rih_backend" {
   image {
     url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:a4sdm3gn9l41xv3lyr5642mpd9m0fdhg"
   }
+
+  secrets {
+    id                   = yandex_lockbox_secret.rih_backend_storage_key.id
+    version_id           = yandex_lockbox_secret_version.rih_backend_storage_secret.id
+    key                  = "access_key"
+    environment_variable = "AWS_ACCESS_KEY_ID"
+  }
+
+  secrets {
+    id                   = yandex_lockbox_secret.rih_backend_storage_key.id
+    version_id           = yandex_lockbox_secret_version.rih_backend_storage_secret.id
+    key                  = "secret_key"
+    environment_variable = "AWS_SECRET_ACCESS_KEY"
+  }
 }
 
 resource "yandex_api_gateway" "rih_gateway" {
-- 
cgit 1.4.1