From 896f31d64c704c91f03559ad6679e4cf279f5f2d Mon Sep 17 00:00:00 2001
From: Dominik Pinsel <dominik.pinsel@mercedes-benz.com>
Date: Thu, 10 Aug 2023 09:18:55 +0200
Subject: [PATCH] feat(helm): set default database encryption key to random
 value

Signed-off-by: Dominik Pinsel <dominik.pinsel@mercedes-benz.com>
---
 charts/managed-identity-wallet/templates/deployment.yaml | 2 +-
 charts/managed-identity-wallet/values.yaml               | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml
index 1bd7b95fb..0160a7cc4 100644
--- a/charts/managed-identity-wallet/templates/deployment.yaml
+++ b/charts/managed-identity-wallet/templates/deployment.yaml
@@ -56,7 +56,7 @@ spec:
             - name: MIW_HOST_NAME
               value: {{ tpl .Values.miw.host . }}
             - name: ENCRYPTION_KEY
-              value: {{ .Values.miw.database.encryptionKey }}
+              value: {{ default .Values.miw.database.encryptionKey (randAlphaNum 32)}}
             - name: AUTHORITY_WALLET_BPN
               value: {{ tpl .Values.miw.authorityWallet.bpn . }}
             - name: AUTHORITY_WALLET_DID
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index a6be86266..582ca7c8f 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -50,7 +50,8 @@ anchors:
       vcExpiryDate: &vcExpiryDate ""
     postgres:
       database: &miwPostgresDatabase "miw_app"
-      encryptionKey: &miwPostgresEncryptionKey 76a7834fb37e090c2789a9b1a76748d3
+      # -- database encryption key for confidential data. Default: 32 random alphanumeric chars
+      encryptionKey: &miwPostgresEncryptionKey ""
   defaultSecurityContext: &defaultSecurityContext
     runAsUser: 1001
     runAsGroup: 0