From 2271827ec5268aec531a7e58d5370450776d4f38 Mon Sep 17 00:00:00 2001
From: florian <flo@meergans.org>
Date: Wed, 5 Nov 2025 21:30:31 +0100
Subject: [PATCH] Writable secrets that can be consumed

---
 backend-api/deployment.yaml | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/backend-api/deployment.yaml b/backend-api/deployment.yaml
index f4ee82e..664b339 100644
--- a/backend-api/deployment.yaml
+++ b/backend-api/deployment.yaml
@@ -15,6 +15,22 @@ spec:
     spec:
       imagePullSecrets:
         - name: ghcr-secret
+      initContainers:
+        - name: copy-secrets
+          image: busybox
+          command:
+            - sh
+            - -c
+            - |
+              for f in /secrets/*; do
+                cp "$f" /etc/secrets/
+                chmod 666 "/etc/secrets/$(basename $f)"
+              done
+          volumeMounts:
+            - name: backend-api-secrets
+              mountPath: /secrets
+            - name: writable-secrets
+              mountPath: /etc/secrets
       containers:
         - name: backend-api
           image: ghcr.io/gansejunge/app-notifications-backend-api:24
@@ -26,10 +42,11 @@ spec:
             - name: LOG_LEVEL
               value: "INFO"
           volumeMounts:
-            - name: backend-api-secrets
+            - name: writable-secrets
               mountPath: /etc/secrets
-              readOnly: true
       volumes:
         - name: backend-api-secrets
           secret:
             secretName: backend-api
+        - name: writable-secrets
+          emptyDir: {}