Skip to content

feat: expose DUA Agentex credentials to Redash#11

Merged
yianni merged 1 commit into
masterfrom
johngerassimou/dua-env
Jul 15, 2026
Merged

feat: expose DUA Agentex credentials to Redash#11
yianni merged 1 commit into
masterfrom
johngerassimou/dua-env

Conversation

@yianni

@yianni yianni commented Jul 14, 2026

Copy link
Copy Markdown

Summary

Exposes the two Agentex credentials required by DUA and bumps the chart from 3.0.12 to 3.0.13.

Changes

  • Maps duaAgentexAPIKey to DUA_AGENTEX_API_KEY.
  • Maps duaAgentexAccountId to DUA_AGENTEX_ACCOUNT_ID.
  • Supports both chart-managed and existing Redash secrets.

This is additive, but releases using an existing secret must add both keys before upgrading to 3.0.13.

Related

Greptile Summary

This PR adds two new Agentex credentials (DUA_AGENTEX_API_KEY, DUA_AGENTEX_ACCOUNT_ID) to the Redash Helm chart and bumps the version to 3.0.13. The implementation follows the exact same pattern as the existing EGP credentials — values stored in the chart-managed Secret when no existingSecret is configured, and env vars injected conditionally using the or <value> .Values.redash.existingSecret guard.

  • New duaAgentexAPIKey and duaAgentexAccountId fields added to values.yaml with empty defaults; corresponding keys written to templates/secrets.yaml when the chart manages the Secret.
  • Two new env-var blocks in templates/_helpers.tpl expose the credentials to the Redash container, consistent with the existing EGP credential pattern.
  • As documented in the PR description, deployments using an existingSecret must add both new keys to that secret before upgrading to 3.0.13.

Confidence Score: 5/5

Additive chart change that mirrors an already-proven credential pattern; no existing behavior is altered.

All four files are updated consistently. The new keys follow the identical guard pattern used for the EGP credentials, the chart-managed Secret template correctly includes the new keys, and the env-var blocks in _helpers.tpl are properly conditioned. No logic is changed for existing deployments that don't set the new values.

No files require special attention.

Important Files Changed

Filename Overview
Chart.yaml Chart version bumped from 3.0.12 to 3.0.13 to reflect the new credentials addition.
values.yaml Two new optional values added (duaAgentexAPIKey, duaAgentexAccountId) with empty-string defaults; follows existing EGP key conventions.
templates/secrets.yaml New keys added to chart-managed Secret; correctly guarded by not .Values.redash.existingSecret via the template's outer conditional.
templates/_helpers.tpl Two new env-var blocks injected following the identical or .Values.redash.duaAgentex* .Values.redash.existingSecret guard pattern used by existing EGP keys.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Helm Install / Upgrade] --> B{existingSecret set?}
    B -- No --> C[secrets.yaml creates\nmanaged Secret\nwith duaAgentexAPIKey\n& duaAgentexAccountId]
    B -- Yes --> D[Operator-managed\nexternal Secret\nmust already contain\nboth keys]
    C --> E[_helpers.tpl injects\nDUA_AGENTEX_API_KEY\nif value OR existingSecret]
    D --> E
    E --> F[_helpers.tpl injects\nDUA_AGENTEX_ACCOUNT_ID\nif value OR existingSecret]
    F --> G[Redash Pod\nreads env vars\nDUA_AGENTEX_API_KEY\nDUA_AGENTEX_ACCOUNT_ID]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Helm Install / Upgrade] --> B{existingSecret set?}
    B -- No --> C[secrets.yaml creates\nmanaged Secret\nwith duaAgentexAPIKey\n& duaAgentexAccountId]
    B -- Yes --> D[Operator-managed\nexternal Secret\nmust already contain\nboth keys]
    C --> E[_helpers.tpl injects\nDUA_AGENTEX_API_KEY\nif value OR existingSecret]
    D --> E
    E --> F[_helpers.tpl injects\nDUA_AGENTEX_ACCOUNT_ID\nif value OR existingSecret]
    F --> G[Redash Pod\nreads env vars\nDUA_AGENTEX_API_KEY\nDUA_AGENTEX_ACCOUNT_ID]
Loading

Reviews (1): Last reviewed commit: "feat: DUA agentex secret env mappings (D..." | Re-trigger Greptile

…TEX_ACCOUNT_ID)

Mirror the EGP pattern: map duaAPIKey/duaAccountId (from the existing/rendered secret) to
DUA_AGENTEX_API_KEY / DUA_AGENTEX_ACCOUNT_ID. Only these two are secrets (per the DUA agent's
manifest.yaml credentials); kb_id/database/model are plain config set elsewhere. Bump 3.0.12 -> 3.0.13.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@yianni
yianni requested review from a team and elizabeth-hong July 14, 2026 15:32
@yianni yianni changed the title feat: DUA agentex secret env mappings (DUA_AGENTEX_API_KEY / DUA_AGENTEX_ACCOUNT_ID) feat: expose DUA Agentex credentials to Redash Jul 15, 2026
@yianni
yianni marked this pull request as ready for review July 15, 2026 20:25
@yianni
yianni requested a review from kylewang1 July 15, 2026 20:25
@yianni
yianni merged commit 8b1e5ba into master Jul 15, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants