use proper key in sercret manager service account configuration

- update helm chart README
- be consitent in chart template and use 'serviceAccountKey' everywhere

Signed-off-by: Christophe de Carvalho <christophe@archipelo.co>

Author: zaibon

deployment/chainloop/README.md

@@ -99,7 +99,7 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \
     # Secrets backend
     --set secretsBackend.backend=gcpSecretManager \
     --set secretsBackend.gcpSecretManager.projectId=[GCP Project ID] \
-    --set secretsBackend.gcpSecretManager.authKey=[GCP Auth KEY] \
+    --set secretsBackend.gcpSecretManager.serviceAccountKey=[GCP Auth KEY] \
     # Server Auth KeyPair
     # ...
 ```
@@ -317,7 +317,7 @@ secretsBackend:
     backend: gcpSecretManager
     gcpSecretManager:
         projectId: [PROJECT_ID]
-        authKey: [KEY]
+        serviceAccountKey: [KEY]
 ```
 
 ### Send exceptions to Sentry
@@ -370,7 +370,7 @@ chainloop config save \
 | `secretsBackend.awsSecretManager.secretKey` | AWS Secret Key                                                            |             |
 | `secretsBackend.awsSecretManager.region`    | AWS Secret Manager Region                                                 |             |
 | `secretsBackend.gcpSecretManager.projectId` | GCP Project ID                                                            |             |
-| `secretsBackend.gcpSecretManager.authKey`   | GCP Auth Key                                                              |             |
+| `secretsBackend.gcpSecretManager.serviceAccountKey`   | GCP Auth Key                                                              |             |
 
 ### Authentication
 

deployment/chainloop/templates/_helpers.tpl

@@ -82,7 +82,7 @@ awsSecretManager:
 gcpSecretManager:
   secretPrefix: {{ required "secret prefix required" .secretPrefix | quote }}
   projectId: {{ required "project id required" .gcpSecretManager.projectId | quote }}
-  authKey: "/gcp-secrets/authKey.json"
+  serviceAccountKey: "/gcp-secrets/serviceAccountKey.json"
 
 {{- end }}
 {{- end }}

deployment/chainloop/templates/cas/deployment.yaml

@@ -59,7 +59,7 @@ spec:
             - name: jwt-public-key
               mountPath: "/tmp"
             {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
-            - name: gcp-secretmanager-authkey
+            - name: gcp-secretmanager-serviceaccountkey
               mountPath: /gcp-secrets
             {{- end }}
       volumes:
@@ -74,7 +74,7 @@ spec:
           secret:
             secretName: {{ include "chainloop.cas.fullname" . }}-jwt-public-key
         {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
-        - name: gcp-secretmanager-authkey
+        - name: gcp-secretmanager-serviceaccountkey
           secret:
-            secretName: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-authkey
+            secretName: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-serviceaccountkey
         {{- end }}

deployment/chainloop/templates/cas/gcp_secret_manager.secret.yaml

@@ -2,10 +2,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "chainloop.cas.fullname" . }}-gcp-secretmanager-authkey
+  name: {{ include "chainloop.cas.fullname" . }}-gcp-secretmanager-serviceaccountkey
   labels:
     {{- include "chainloop.cas.labels" . | nindent 4 }}
 type: Opaque
 data:
-  authKey.json: {{ .Values.secretsBackend.gcpSecretManager.authKey | b64enc | quote  }}
+  serviceAccountKey.json: {{ .Values.secretsBackend.gcpSecretManager.serviceAccountKey | b64enc | quote  }}
 {{- end }}

deployment/chainloop/templates/controlplane/deployment.yaml

@@ -86,7 +86,7 @@ spec:
             - name: jwt-cas-private-key
               mountPath: /secrets
             {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
-            - name: gcp-secretmanager-authkey
+            - name: gcp-secretmanager-serviceaccountkey
               mountPath: /gcp-secrets
             {{- end }}
       volumes:
@@ -104,7 +104,7 @@ spec:
           secret:
             secretName: {{ include "chainloop.controlplane.fullname" . }}-jwt-cas
         {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
-        - name: gcp-secretmanager-authkey
+        - name: gcp-secretmanager-serviceaccountkey
           secret:
-            secretName: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-authkey
+            secretName: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-serviceaccountkey
         {{- end }}

deployment/chainloop/templates/controlplane/gcp_secret_manager.secret.yaml

@@ -2,10 +2,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-authkey
+  name: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-serviceaccountkey
   labels:
     {{- include "chainloop.controlplane.labels" . | nindent 4 }}
 type: Opaque
 data:
-  authKey.json: {{ .Values.secretsBackend.gcpSecretManager.authKey | b64enc | quote  }}
+  serviceAccountKey.json: {{ .Values.secretsBackend.gcpSecretManager.serviceAccountKey | b64enc | quote  }}
 {{- end }}

deployment/chainloop/values.yaml

@@ -55,11 +55,11 @@ secretsBackend:
   #   region: ""
 
   ## @extra secretsBackend.gcpSecretManager.projectId GCP Project ID
-  ## @extra secretsBackend.gcpSecretManager.authKey GCP Auth Key
+  ## @extra secretsBackend.gcpSecretManager.serviceAccountKey GCP Auth Key
   ##
   # gcpSecretManager:
   #   projectId: ""
-  #   authKey: ""
+  #   serviceAccountKey: ""
 
 ## @section Authentication
 ##