#!/bin/bash
set -e

# ============================================
# Create K8s secrets for maya-global-backend
# Run this ONCE (or when rotating keys)
# ============================================

echo "Creating K8s secrets for global-backend..."

# 1. GCP service account credentials (mounted as files)
kubectl create secret generic gcp-credentials \
  --from-file=gcp-service-account.json=../../../gcp-service-account.json \
  --from-file=google-play-service-account.json=../../../google-play-service-account.json \
  --dry-run=client -o yaml | kubectl apply -f -

echo "gcp-credentials secret created"

# 2. All env vars from .env file (mounted as environment variables)
kubectl create secret generic maya-global-env-secrets \
  --from-env-file=../../../.env \
  --dry-run=client -o yaml | kubectl apply -f -

echo "maya-global-env-secrets created"

echo ""
echo "Verify secrets:"
kubectl get secrets | grep -E "gcp-credentials|maya-global-env"
echo ""
echo "Done! Now deploy with: ./deploy.sh"