# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets,
# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either
# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.

# Option 1: Read secrets from the environment

# Option 2: Read secrets via a command
# RAILS_MASTER_KEY=$(cat config/master.key)

# Option 3: Read secrets via kamal secrets helpers
# These will handle logging in and fetching the secrets in as few calls as possible
# There are adapters for 1Password, LastPass + Bitwarden
#
# SECRETS=$(kamal secrets fetch --adapter 1password --account my-account --from MyVault/MyItem KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS)
# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS)
PASSWORD_MANAGER_ADAPTER=$(cat .env | grep PASSWORD_MANAGER_ADAPTER | cut -d '=' -f 2)
PASSWORD_MANAGER_ACCOUNT=$(cat .env | grep PASSWORD_MANAGER_ACCOUNT | cut -d '=' -f 2)

SECRETS=$(kamal secrets fetch --adapter ${PASSWORD_MANAGER_ADAPTER} --account ${PASSWORD_MANAGER_ACCOUNT} FORGEJO_TOKEN FORGEJO_APP_DB_PASSWORD FORGEJO_APP_DB_NAME FORGEJO_APP_DB_USER)
KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract GHCR_TOKEN ${SECRETS})
FORGEJO__database__NAME=$(kamal secrets extract FORGEJO_APP_DB_NAME ${SECRETS})
FORGEJO__database__USER=$(kamal secrets extract FORGEJO_APP_DB_USER ${SECRETS})
FORGEJO__database__PASSWD=$(kamal secrets extract FORGEJO_APP_DB_PASSWORD ${SECRETS})
POSTGRES_DB=$(kamal secrets extract FORGEJO_APP_DB_NAME ${SECRETS})
POSTGRES_USER=$(kamal secrets extract FORGEJO_APP_DB_USER ${SECRETS})
POSTGRES_PASSWORD=$(kamal secrets extract FORGEJO_APP_DB_PASSWORD ${SECRETS})