feat: expose DUA Agentex credentials to Redash#11
Merged
Conversation
…TEX_ACCOUNT_ID) Mirror the EGP pattern: map duaAPIKey/duaAccountId (from the existing/rendered secret) to DUA_AGENTEX_API_KEY / DUA_AGENTEX_ACCOUNT_ID. Only these two are secrets (per the DUA agent's manifest.yaml credentials); kb_id/database/model are plain config set elsewhere. Bump 3.0.12 -> 3.0.13. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
yianni
marked this pull request as ready for review
July 15, 2026 20:25
kylewang1
approved these changes
Jul 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Exposes the two Agentex credentials required by DUA and bumps the chart from
3.0.12to3.0.13.Changes
duaAgentexAPIKeytoDUA_AGENTEX_API_KEY.duaAgentexAccountIdtoDUA_AGENTEX_ACCOUNT_ID.This is additive, but releases using an existing secret must add both keys before upgrading to
3.0.13.Related
Greptile Summary
This PR adds two new Agentex credentials (
DUA_AGENTEX_API_KEY,DUA_AGENTEX_ACCOUNT_ID) to the Redash Helm chart and bumps the version to3.0.13. The implementation follows the exact same pattern as the existing EGP credentials — values stored in the chart-managed Secret when noexistingSecretis configured, and env vars injected conditionally using theor <value> .Values.redash.existingSecretguard.duaAgentexAPIKeyandduaAgentexAccountIdfields added tovalues.yamlwith empty defaults; corresponding keys written totemplates/secrets.yamlwhen the chart manages the Secret.templates/_helpers.tplexpose the credentials to the Redash container, consistent with the existing EGP credential pattern.existingSecretmust add both new keys to that secret before upgrading to3.0.13.Confidence Score: 5/5
Additive chart change that mirrors an already-proven credential pattern; no existing behavior is altered.
All four files are updated consistently. The new keys follow the identical guard pattern used for the EGP credentials, the chart-managed Secret template correctly includes the new keys, and the env-var blocks in _helpers.tpl are properly conditioned. No logic is changed for existing deployments that don't set the new values.
No files require special attention.
Important Files Changed
duaAgentexAPIKey,duaAgentexAccountId) with empty-string defaults; follows existing EGP key conventions.not .Values.redash.existingSecretvia the template's outer conditional.or .Values.redash.duaAgentex* .Values.redash.existingSecretguard pattern used by existing EGP keys.Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Helm Install / Upgrade] --> B{existingSecret set?} B -- No --> C[secrets.yaml creates\nmanaged Secret\nwith duaAgentexAPIKey\n& duaAgentexAccountId] B -- Yes --> D[Operator-managed\nexternal Secret\nmust already contain\nboth keys] C --> E[_helpers.tpl injects\nDUA_AGENTEX_API_KEY\nif value OR existingSecret] D --> E E --> F[_helpers.tpl injects\nDUA_AGENTEX_ACCOUNT_ID\nif value OR existingSecret] F --> G[Redash Pod\nreads env vars\nDUA_AGENTEX_API_KEY\nDUA_AGENTEX_ACCOUNT_ID]%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A[Helm Install / Upgrade] --> B{existingSecret set?} B -- No --> C[secrets.yaml creates\nmanaged Secret\nwith duaAgentexAPIKey\n& duaAgentexAccountId] B -- Yes --> D[Operator-managed\nexternal Secret\nmust already contain\nboth keys] C --> E[_helpers.tpl injects\nDUA_AGENTEX_API_KEY\nif value OR existingSecret] D --> E E --> F[_helpers.tpl injects\nDUA_AGENTEX_ACCOUNT_ID\nif value OR existingSecret] F --> G[Redash Pod\nreads env vars\nDUA_AGENTEX_API_KEY\nDUA_AGENTEX_ACCOUNT_ID]Reviews (1): Last reviewed commit: "feat: DUA agentex secret env mappings (D..." | Re-trigger Greptile