{{- $adminToken := "" }}
{{- if and (eq .Values.bitwardenrs.admin.enabled true) (not .Values.bitwardenrs.admin.existingSecret) }}
{{- $adminToken = .Values.bitwardenrs.admin.token | default (randAlphaNum 48) | b64enc | quote }}
{{- end -}}

{{- $databaseUrl := "" }}
{{- if and (ne .Values.database.type "sqlite") (not .Values.database.existingSecret) }}
{{- $databaseUrl = required "External databases need either URL or existing secret" .Values.database.url | b64enc | quote }}
{{- end -}}

{{- $smtpUser := "" }}
{{- if and (eq .Values.bitwardenrs.smtp.enabled true ) (not .Values.bitwardenrs.smtp.exitingSecret) (.Values.bitwardenrs.smtp.user) }}
{{- $smtpUser = .Values.bitwardenrs.smtp.user | b64enc | quote }}
{{- end -}}

{{- $yubicoClientId := "" }}
{{- if and (eq .Values.bitwardenrs.yubico.enabled true ) (not .Values.bitwardenrs.yubico.exitingSecret) }}
{{- $yubicoClientId = required "Yubico Client ID required" .Values.bitwardenrs.yubico.clientId | toString | b64enc | quote }}
{{- end -}}

{{- if or (ne $adminToken "") (ne $databaseUrl "") (ne $smtpUser "" ) (ne $yubicoClientId "") }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "bitwardenrs.fullname" . }}
  labels:
    {{- include "bitwardenrs.labels" . | nindent 4 }}
data:
  {{- if ne $adminToken "" }}
  admin-token: {{ $adminToken }}
  {{- end }}
  {{- if ne $databaseUrl "" }}
  database-url: {{ $databaseUrl }}
  {{- end }}
  {{- if ne $smtpUser "" }}
  smtp-user: {{ $smtpUser }}
  smtp-password: {{ required "Must specify SMTP password" .Values.bitwardenrs.smtp.password | b64enc | quote }}
  {{- end }}
  {{- if ne $yubicoClientId "" }}
  yubico-client-id: {{ $yubicoClientId }}
  yubico-secret-key: {{ required "Yubico Secret Key required" .Values.bitwardenrs.yubico.secretKey | b64enc | quote }}
  {{- end }}
{{- end }}