ai/deploy/k8s/prod/secrets/gateway-secrets.tpl.yaml

apiVersion: v1
kind: Secret
metadata:
  name: gateway-secrets
  namespace: ai
type: Opaque
stringData:
  secrets.yaml: |
    # Gateway Secrets (production)

    # Database
    database:
      url: "postgresql://postgres:{{ op://AI Prod/PostgreSQL/password }}@postgres:5432/iceberg"

    # Authentication secret for JWT signing
    auth:
      secret: "{{ op://AI Prod/Gateway/jwt_secret }}"

    # LLM Provider API Keys
    llm_providers:
      deepinfra_api_key: "{{ op://AI Prod/Gateway/deepinfra_api_key }}"

    # Search API Keys
    search:
      tavily_api_key: "{{ op://AI Prod/Gateway/tavily_api_key }}"

    # Telegram (optional)
    telegram:
      bot_token: "{{ op://AI Prod/Telegram/bot_token }}"

    # Email service (optional)
    email:
      service_key: ""

    # Push notification service (optional)
    push:
      service_key: ""

    # Qdrant API key (optional, for hosted Qdrant)
    qdrant:
      api_key: ""

    # Iceberg S3 credentials (must match minio-secret)
    iceberg:
      s3_access_key: "{{ op://AI Prod/MinIO/access_key }}"
      s3_secret_key: "{{ op://AI Prod/MinIO/secret_key }}"

    # Embedding API key (if using external provider)
    embedding:
      api_key: ""