From df862dfa390fd58cd29622b78ef05c403255d1ae Mon Sep 17 00:00:00 2001
From: zhenyus <zhenyus@mathmast.com>
Date: Mon, 18 Aug 2025 16:33:42 +0800
Subject: [PATCH] refactor(devsvc): enhance secret management in values.yaml

- Removed hardcoded sensitive configurations (Gitea token, MongoDB URI, RabbitMQ password, and default Git password) from the values.yaml file.
- Introduced a structured secrets section to reference these sensitive values from FreeleapsSecretStore, improving security and maintainability.
- This change continues the effort to centralize and secure sensitive information management across the application.

Signed-off-by: zhenyus <zhenyus@mathmast.com>
---
 freeleaps/helm-pkg/devsvc/values.yaml | 39 ++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/freeleaps/helm-pkg/devsvc/values.yaml b/freeleaps/helm-pkg/devsvc/values.yaml
index 5c060e38..ece85e8f 100644
--- a/freeleaps/helm-pkg/devsvc/values.yaml
+++ b/freeleaps/helm-pkg/devsvc/values.yaml
@@ -58,10 +58,6 @@ devsvc:
     serviceApiAccessPort: "8013"
     # MONGODB_NAME
     mongodbName: ""
-    # MONGODB_URI
-    mongodbUri: ""
-    # GITEA_TOKEN
-    giteaToken: ""
     # GITEA_URL
     giteaUrl: ""
     # GITEA_DEPOT_ORGANIZATION
@@ -82,22 +78,45 @@ devsvc:
     rabbitmqPort: ""
     # RABBITMQ_USERNAME
     rabbitmqUsername: ""
-    # RABBITMQ_PASSWORD
-    rabbitmqPassword: ""
     # RABBITMQ_VIRTUAL_HOST
     rabbitmqVirtualHost: ""
     # DEFAULT_GIT_USERNAME
     defaultGitUsername: ""
-    # DEFAULT_GIT_PASSWORD
-    defaultGitPassword: ""
     # DEVOPS_DOCKER_REGISTRY_URL
     devopsDockerRegistryUrl: ""
     # DEVOPS_DOCKER_REGISTRY_REPOSITORY_NAME
     devopsDockerRegistryRepositoryName: ""
     # DEVOPS_DOCKER_REGISTRY_USERNAME
     devopsDockerRegistryUsername: ""
-    # DEVOPS_DOCKER_REGISTRY_PASSWORD
-    devopsDockerRegistryPassword: ""
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-devsvc-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: giteaToken
+        remoteRef:
+          key: "freeleaps-alpha-gitea-token"
+          type: Secret
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-alpha-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-alpha-rabbitmq-password"
+          type: Secret
+      - key: defaultGitPassword
+        remoteRef:
+          key: "freeleaps-alpha-gitea-password"
+          type: Secret
+      - key: devopsDockerRegistryPassword
+        remoteRef:
+          key: "freeleaps-alpha-devops-docker-registry-password"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false