Move MAS from secrets.encryption to secrets.encryption_file

Author: benbz

charts/matrix-stack/configs/matrix-authentication-service/config.yaml.tpl

@@ -83,8 +83,16 @@ clients:
 {{- end }}
 
 secrets:
-  encryption: ${ENCRYPTION_SECRET}
-
+  encryption_file: /secrets/{{
+                include "element-io.ess-library.init-secret-path" (
+                      dict "root" $root
+                      "context" (dict
+                        "secretPath" "matrixAuthenticationService.encryptionSecret"
+                        "initSecretKey" "MAS_ENCRYPTION_SECRET"
+                        "defaultSecretName" (include "element-io.matrix-authentication-service.secret-name" (dict "root" $root "context" .))
+                        "defaultSecretKey" "ENCRYPTION_SECRET"
+                      )
+                    ) }}
   keys:
 {{- with required "privateKeys is required for Matrix Authentication Service" .privateKeys }}
   - kid: rsa

charts/matrix-stack/templates/matrix-authentication-service/_helpers.tpl

@@ -128,21 +128,6 @@ env:
           )
         )
     }}
-- name: ENCRYPTION_SECRET
-  value: >-
-    {{
-      printf "{{ readfile \"/secrets/%s\" | quote }}" (
-          include "element-io.ess-library.init-secret-path" (
-              dict "root" $root
-              "context" (dict
-                "secretPath" "matrixAuthenticationService.encryptionSecret"
-                "initSecretKey" "MAS_ENCRYPTION_SECRET"
-                "defaultSecretName" (include "element-io.matrix-authentication-service.secret-name" (dict "root" $root "context" .))
-                "defaultSecretKey" "ENCRYPTION_SECRET"
-              )
-          )
-        )
-    }}
 {{- /*
   This is the secrets shared between Synapse & MAS
 */ -}}