apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: secret-extract
spec:
  params:
    - name: key
      type: string
      description: Name of the key to extract from the secret

  workspaces:
    - name: secret
      description: Workspace mounted with the Secret (each key becomes a file)

  results:
    - name: value
      description: Extracted secret value

  steps:
    - name: extract
      image: alpine:3.21.3
      workingDir: /workspace/secret
      script: |
        #!/bin/sh
        set -e

        KEY=$(params.key)
        FILE="/workspace/secret/$KEY"

        if [ ! -f "$FILE" ]; then
          echo "❌ Key '$KEY' not found in secret workspace."
          exit 1
        fi

        VALUE=$(cat "$FILE")
        echo "🔑 Extracted key: $KEY"
        echo -n "$VALUE" > /tekton/results/value