Read sftToken from secrets.yaml (#4214)

* add sftToken to secrets

* add changelog

* rename to sftTokenSecret

* fix syntax

* add missing sft config in values

* set sftToken only when sftTokenSecret is set in secrets

* remove default sft config in values.yaml

changelog.d/5-internal/WPB-10302

@@ -0,0 +1 @@
+Read sftTokenSecret from secrets.yaml and mount to /etc/wire/brig/secrets/sftTokenSecret by default

charts/brig/templates/configmap.yaml

@@ -233,11 +233,11 @@ data:
       {{- if .sftDiscoveryIntervalSeconds }}
       sftDiscoveryIntervalSeconds: {{ .sftDiscoveryIntervalSeconds }}
       {{- end }}
-      {{- if .sftToken }}
+      {{- if $.Values.secrets.sftTokenSecret }}
       sftToken:
         {{- with .sftToken }}
         ttl: {{ .ttl }}
-        secret: {{ .secret }}
+        secret: {{ .secret | default "/etc/wire/brig/secrets/sftTokenSecret" }}
         {{- end }}
       {{- end }}
     {{- end }}

charts/brig/templates/secret.yaml

@@ -20,6 +20,9 @@ data:
   awsKeyId: {{ .awsKeyId | b64enc | quote }}
   awsSecretKey: {{ .awsSecretKey | b64enc | quote }}
   {{- end }}
+  {{- if .sftTokenSecret }}
+  sftTokenSecret: {{ .sftTokenSecret | b64enc | quote }}
+  {{- end }}
   {{- if (not $.Values.config.useSES) }}
   smtp-password.txt: {{ .smtpPassword | b64enc | quote }}
   {{- end }}

charts/brig/values.yaml

@@ -99,6 +99,14 @@ config:
     providerTokenTimeout: 900
     legalholdUserTokenTimeout: 4838400
     legalholdAccessTokenTimeout: 900
+  # sft:
+  #   sftBaseDomain: sft.wire.example.com
+  #   sftSRVServiceName: sft
+  #   sftDiscoveryIntervalSeconds: 10
+  #   sftListLength: 20
+  #   sftToken:
+  #     ttl: 120
+  #     secret: /etc/wire/brig/secrets/sftTokenSecret # this is the default path for secret.sftTokenSecret
   optSettings:
     setActivationTimeout: 1209600
     setTeamInvitationTimeout: 1814400