#!/bin/bash

set -Eeuo pipefail

# https://cloud.yandex.ru/docs/managed-kubernetes/solutions/kubernetes-lockbox-secrets#before-you-begin

# Uncomment what needed.
# Prod and preprod.
#export SA_MANE="yc.wall-e.external-secrets-operator-sa"
#export KEY_FILE_NAME="yc-walle-prod-external-secrets-operator-sa-key.json"
#export KEY_FILE_NAME="yc-walle-preprod-external-secrets-operator-sa-key.json"
# Testing.
export SA_MANE="yc.wall-e.external-secrets-operator-sa-testing"
export KEY_FILE_NAME="yc-walle-testing-external-secrets-operator-sa-testing-key.json"

# Service accounts are created in Bootstrap Terraform.
yc iam key create \
   --service-account-id ${SA_MANE} \
   --output /tmp/${KEY_FILE_NAME}

echo "Save key in Yandex Vault and update README.md"
