suite: values.schema.json — secret length enforcement (blocker fix regression net) release: name: t namespace: sim tests: - it: rejects a BETTER_AUTH_SECRET shorter than 32 characters set: app.env.BETTER_AUTH_SECRET: short app.env.ENCRYPTION_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app.env.INTERNAL_API_SECRET: x app.env.CRON_SECRET: x postgresql.auth.password: xxxxxxxx asserts: - failedTemplate: errorPattern: "BETTER_AUTH_SECRET.*minLength" - it: rejects an ENCRYPTION_KEY shorter than 32 characters set: app.env.BETTER_AUTH_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app.env.ENCRYPTION_KEY: short app.env.INTERNAL_API_SECRET: x app.env.CRON_SECRET: x postgresql.auth.password: xxxxxxxx asserts: - failedTemplate: errorPattern: "ENCRYPTION_KEY.*minLength" - it: rejects a postgresql.auth.password shorter than 8 characters set: app.env.BETTER_AUTH_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app.env.ENCRYPTION_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app.env.INTERNAL_API_SECRET: x app.env.CRON_SECRET: x postgresql.auth.password: short asserts: - failedTemplate: errorPattern: "password.*minLength" - it: accepts an empty BETTER_AUTH_SECRET (deferred to existingSecret/ESO) templates: - secrets-app.yaml set: app.secrets.existingSecret.enabled: true app.secrets.existingSecret.name: my-existing-secret postgresql.auth.password: xxxxxxxx asserts: - hasDocuments: { count: 0 } - it: accepts a valid 32-character BETTER_AUTH_SECRET and ENCRYPTION_KEY template: deployment-app.yaml set: app.env.BETTER_AUTH_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app.env.ENCRYPTION_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app.env.INTERNAL_API_SECRET: x app.env.CRON_SECRET: x postgresql.auth.password: xxxxxxxx asserts: - isKind: { of: Deployment }