# store the secret-name as variable
{{- $secret_name := "sepa-exporter-secrets" -}}
---
apiVersion: v1
kind: Secret
metadata:
  name: "{{ $secret_name }}"
  annotations:
    "helm.sh/resource-policy": "keep"
data:
  # try to get the old secrets
  # keep in mind, that a dry-run only returns an empty map
  {{- $previous := lookup "v1" "Secret" .Release.Namespace $secret_name }}

  # check, if a secret is already set
  {{- if or (not $previous) (not $previous.data) }}
  # if not set, then generate a new password
  SMA_WORKFLOW_AUTH_TOKEN: "{{ .Values.sepaExporter.workflow.api_token | b64enc }}"
  SMA_DOCUMENT_AUTH_TOKEN: "{{ .Values.sepaExporter.document.api_token | b64enc }}"
  {{ else }}
  # if set, then use the old value
  SMA_WORKFLOW_AUTH_TOKEN: "{{ index $previous.data "SMA_WORKFLOW_AUTH_TOKEN" }}"
  SMA_DOCUMENT_AUTH_TOKEN: "{{ index $previous.data "SMA_DOCUMENT_AUTH_TOKEN" }}"
  {{ end }}