Changed requiredSecrets to defaultSecrets

apps/README.md

@@ -34,7 +34,7 @@ defaultConfig:
   dbHostname: postgres.postgres.svc.cluster.local
   dbUsername: immich
   domain: immich.{{ .cloud.domain }}
-requiredSecrets:
+defaultSecrets:
   - apps.immich.dbPassword
   - apps.postgres.password
 ```
@@ -47,7 +47,7 @@ Explanation of the fields:
 - `icon`: A URL to an icon representing the app.
 - `requires`: A list of other apps that this app depends on. Each entry should be the name of another app.
 - `defaultConfig`: A set of default configuration values for the app. When an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file.
-- `requiredSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added.
+- `defaultSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added.
 
 ### Kustomization
 
@@ -168,7 +168,7 @@ Examples of apps with db-init jobs: `gitea`, `codimd`, `immich`, `openproject`
       key: apps.appname.dbUrl
 ```
 
-Add `apps.appname.dbUrl` to the manifest's `requiredSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials.
+Add `apps.appname.dbUrl` to the manifest's `defaultSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials.
 
 ##### Security Context Requirements
 
@@ -198,7 +198,7 @@ For PostgreSQL init jobs, use `runAsUser: 999` (postgres user). For other databa
 
 #### Secrets
 
-Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `requiredSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps.<app-name>.<secret-name>` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `<app-name>-secrets`, containing all secrets defined in the manifest's `requiredSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. 
+Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `defaultSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps.<app-name>.<secret-name>` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `<app-name>-secrets`, containing all secrets defined in the manifest's `defaultSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. 
 
 **Important:** Always use the full dotted path from the manifest as the secret key, not just the last segment. For example, to mount a secret in an environment variable, you would use:
 

apps/discourse/manifest.yaml

@@ -26,7 +26,7 @@ defaultConfig:
     from: "{{ .cloud.smtp.from }}"
     tls: {{ .cloud.smtp.tls }}
     startTls: {{ .cloud.smtp.startTls }}
-requiredSecrets:
+defaultSecrets:
   - apps.discourse.adminPassword
   - apps.discourse.dbPassword
   - apps.discourse.dbUrl

apps/ghost/manifest.yaml

@@ -24,7 +24,7 @@ defaultConfig:
     port: "{{ .cloud.smtp.port }}"
     from: "{{ .cloud.smtp.from }}"
     user: "{{ .cloud.smtp.user }}"
-requiredSecrets:
+defaultSecrets:
   - apps.ghost.adminPassword
   - apps.ghost.dbPassword
   - apps.ghost.smtpPassword

apps/gitea/README.md

@@ -20,7 +20,7 @@ Sensitive configuration is stored in the `gitea-secrets` secret and managed by t
 - `dbPassword` - Database password
 - `smtpPassword` - SMTP authentication password
 
-Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `requiredSecrets`. The `wild-app-deploy` command automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment.
+Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `defaultSecrets`. The `wild-app-deploy` command automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment.
 
 ### Persistent Configuration (app.ini)
 Gitea manages its own `app.ini` file on persistent storage for:
@@ -46,7 +46,7 @@ Gitea manages its own `app.ini` file on persistent storage for:
 
 ### Secret Settings
 1. Edit `secrets.yaml` with your secret values
-2. Ensure the secret key is listed in `manifest.yaml` under `requiredSecrets`
+2. Ensure the secret key is listed in `manifest.yaml` under `defaultSecrets`
 3. Run `wild-app-deploy gitea` - this will automatically update the `gitea-secrets` secret and restart the pod
 
 ### Web UI Changes

apps/gitea/manifest.yaml

@@ -25,7 +25,7 @@ defaultConfig:
     port: 465
     from: no-reply@{{ .cloud.domain }}
     user: TBD
-requiredSecrets:
+defaultSecrets:
   - apps.gitea.adminPassword
   - apps.gitea.dbPassword
   - apps.gitea.secretKey

apps/immich/manifest.yaml

@@ -19,7 +19,7 @@ defaultConfig:
   dbUsername: immich
   domain: immich.{{ .cloud.domain }}
   tlsSecretName: wildcard-wild-cloud-tls
-requiredSecrets:
+defaultSecrets:
   - apps.immich.dbPassword
   - apps.postgres.password
   - apps.redis.password

apps/keila/manifest.yaml

@@ -22,7 +22,7 @@ defaultConfig:
     user: "{{ .cloud.smtp.user }}"
     tls: {{ .cloud.smtp.tls }}
     startTls: {{ .cloud.smtp.startTls }}
-requiredSecrets:
+defaultSecrets:
   - apps.keila.secretKeyBase
   - apps.keila.dbPassword
   - apps.keila.dbUrl

apps/listmonk/manifest.yaml

@@ -14,7 +14,7 @@ defaultConfig:
   dbUser: listmonk
   dbSSLMode: disable
   timezone: UTC
-requiredSecrets:
+defaultSecrets:
   - apps.listmonk.dbPassword
   - apps.listmonk.dbUrl
   - apps.postgres.password

apps/memcached/manifest.yaml

@@ -16,4 +16,4 @@ defaultConfig:
     limits:
       memory: 128Mi
       cpu: 200m
-requiredSecrets: []
+defaultSecrets: []

apps/mysql/manifest.yaml

@@ -12,6 +12,6 @@ defaultConfig:
   user: mysql
   timezone: UTC
   enableSSL: false
-requiredSecrets:
+defaultSecrets:
   - apps.mysql.rootPassword
   - apps.mysql.password

apps/open-webui/manifest.yaml

@@ -13,5 +13,5 @@ defaultConfig:
   # Authentication settings
   enableAuth: true
   enableSignup: false
-requiredSecrets:
+defaultSecrets:
   - apps.openWebui.secretKey

apps/openproject/manifest.yaml

@@ -27,7 +27,7 @@ defaultConfig:
   tlsSecretName: wildcard-wild-cloud-tls
   cacheStore: memcache
   railsRelativeUrlRoot: ""
-requiredSecrets:
+defaultSecrets:
   - apps.openproject.dbPassword
   - apps.openproject.adminPassword
   - apps.postgres.password

apps/postgres/manifest.yaml

@@ -9,5 +9,5 @@ defaultConfig:
   storage: 10Gi
   image: pgvector/pgvector:pg15
   timezone: UTC
-requiredSecrets:
+defaultSecrets:
   - apps.postgres.password

apps/redis/manifest.yaml

@@ -7,5 +7,5 @@ defaultConfig:
   image: redis:alpine
   timezone: UTC
   port: 6379
-requiredSecrets:
+defaultSecrets:
   - apps.redis.password

apps/vllm/manifest.yaml

@@ -18,4 +18,4 @@ defaultConfig:
   gpuCount: 1
   domain: vllm.{{ .cloud.domain }}
   namespace: llm
-requiredSecrets: []
+defaultSecrets: []

bin/wild-app-add

@@ -109,7 +109,7 @@ mkdir -p "${DEST_APP_DIR}"
 # Step 1: Copy manifest.yaml from repository first
 MANIFEST_FILE="${SOURCE_APP_DIR}/manifest.yaml"
 if [ -f "${MANIFEST_FILE}" ]; then
-    # manifest.yaml is allowed to have gomplate variables in the defaultConfig and requiredSecrets sections.
+    # manifest.yaml is allowed to have gomplate variables in the defaultConfig and defaultSecrets sections.
     # We need to use gomplate to process these variables before using yq.
     echo "Processing app manifest."
     DEST_MANIFEST="${DEST_APP_DIR}/manifest.yaml"
@@ -155,7 +155,7 @@ if yq eval '.defaultConfig' "${DEST_MANIFEST}" | grep -q -v '^null$'; then
 fi
 
 # Scaffold required secrets into .wildcloud/secrets.yaml if they don't exist
-if yq eval '.requiredSecrets' "${DEST_MANIFEST}" | grep -q -v '^null$'; then
+if yq eval '.defaultSecrets' "${DEST_MANIFEST}" | grep -q -v '^null$'; then
     
     # Ensure .wildcloud/secrets.yaml exists
     if [ ! -f "${SECRETS_FILE}" ]; then
@@ -174,7 +174,7 @@ if yq eval '.requiredSecrets' "${DEST_MANIFEST}" | grep -q -v '^null$'; then
             random_secret=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-32)
             yq eval ".${secret_path} = \"${random_secret}\"" -i "${SECRETS_FILE}"
         fi
-    done < <(yq eval '.requiredSecrets[]' "${DEST_MANIFEST}")
+    done < <(yq eval '.defaultSecrets[]' "${DEST_MANIFEST}")
     echo "Required secrets declared in app manifest added to '${SECRETS_FILE}'."
 fi
 

bin/wild-app-deploy

@@ -63,14 +63,14 @@ deploy_secrets() {
     local app_name="$1"
     local target_namespace="${2:-${app_name}}"  # Default to app name if not specified
     
-    # Check if app has a manifest with requiredSecrets
+    # Check if app has a manifest with defaultSecrets
     local manifest_file="apps/${app_name}/manifest.yaml"
     if [ ! -f "${manifest_file}" ]; then
         return 0
     fi
     
     # Check if there are required secrets defined
-    if ! yq eval '.requiredSecrets' "${manifest_file}" | grep -q -v '^null$'; then
+    if ! yq eval '.defaultSecrets' "${manifest_file}" | grep -q -v '^null$'; then
         return 0
     fi
     
@@ -89,7 +89,7 @@ deploy_secrets() {
             echo "Error: Required secret '${secret_path}' not found in ${SECRETS_FILE} for app '${app_name}'"
             exit 1
         fi
-    done < <(yq eval '.requiredSecrets[]' "${manifest_file}")
+    done < <(yq eval '.defaultSecrets[]' "${manifest_file}")
     
     # Create/update app secret in cluster
     if [ -n "${secret_data}" ]; then

docs/agent-context/wildcloud/apps-system.md

@@ -43,7 +43,7 @@ defaultConfig:
   storage: 10Gi
   dbHostname: postgres.postgres.svc.cluster.local
   dbUsername: myapp
-requiredSecrets:
+defaultSecrets:
   - apps.myapp.dbPassword
   - apps.postgres.password
 ```
@@ -55,7 +55,7 @@ requiredSecrets:
 - `icon` - A URL to an icon representing the app
 - `requires` - A list of other apps that this app depends on (each entry should be the name of another app)
 - `defaultConfig` - A set of default configuration values for the app (when an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file)
-- `requiredSecrets` - A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly (these secrets are typically sensitive information like database passwords or API keys; keys with random values will be generated automatically when the app is added)
+- `defaultSecrets` - A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly (these secrets are typically sensitive information like database passwords or API keys; keys with random values will be generated automatically when the app is added)
 
 ### Kustomization Configuration
 
@@ -354,7 +354,7 @@ spec:
 
 ```yaml
 # In manifest.yaml
-requiredSecrets:
+defaultSecrets:
   - apps.myapp.dbUrl
 
 # Generated secret (by wild-app-add)
@@ -509,7 +509,7 @@ Wild Cloud includes apps for common self-hosted services:
 
 **Manifest Design**:
 - Include comprehensive `defaultConfig` for all configurable values
-- List all `requiredSecrets` the app needs
+- List all `defaultSecrets` the app needs
 - Specify dependencies in `requires` field
 - Use semantic versioning
 

docs/agent-context/wildcloud/configuration-system.md

@@ -247,7 +247,7 @@ wild-secret-set apps.database '{"user":"admin","password":"secret"}'
 
 When you run `wild-app-add`, Wild Cloud automatically generates required secrets:
 
-1. **Reads App Manifest**: Identifies `requiredSecrets` list
+1. **Reads App Manifest**: Identifies `defaultSecrets` list
 2. **Checks Existing Secrets**: Never overwrites existing values
 3. **Generates Missing Secrets**: Creates secure random values
 4. **Updates secrets.yaml**: Adds new secrets with proper structure
@@ -255,7 +255,7 @@ When you run `wild-app-add`, Wild Cloud automatically generates required secrets
 **Example App Manifest**:
 ```yaml
 name: ghost
-requiredSecrets:
+defaultSecrets:
   - apps.ghost.dbPassword      # Auto-generated if missing
   - apps.ghost.jwtSecret       # Auto-generated if missing
   - apps.postgresql.password   # Auto-generated if missing (dependency)

docs/guides/adding-apps.md

@@ -34,7 +34,7 @@ defaultConfig:
   dbHostname: postgres.postgres.svc.cluster.local
   dbUsername: immich
   domain: immich.{{ .cloud.domain }}
-requiredSecrets:
+defaultSecrets:
   - apps.immich.dbPassword
   - apps.postgres.password
 ```
@@ -47,7 +47,7 @@ Explanation of the fields:
 - `icon`: A URL to an icon representing the app.
 - `requires`: A list of other apps that this app depends on. Each entry should be the name of another app.
 - `defaultConfig`: A set of default configuration values for the app. When an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file.
-- `requiredSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added.
+- `defaultSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added.
 
 ### Kustomization
 
@@ -168,7 +168,7 @@ Examples of apps with db-init jobs: `gitea`, `codimd`, `immich`, `openproject`
       key: apps.appname.dbUrl
 ```
 
-Add `apps.appname.dbUrl` to the manifest's `requiredSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials.
+Add `apps.appname.dbUrl` to the manifest's `defaultSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials.
 
 ##### Security Context Requirements
 
@@ -198,7 +198,7 @@ For PostgreSQL init jobs, use `runAsUser: 999` (postgres user). For other databa
 
 #### Secrets
 
-Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `requiredSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps.<app-name>.<secret-name>` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `<app-name>-secrets`, containing all secrets defined in the manifest's `requiredSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. 
+Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `defaultSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps.<app-name>.<secret-name>` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `<app-name>-secrets`, containing all secrets defined in the manifest's `defaultSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. 
 
 **Important:** Always use the full dotted path from the manifest as the secret key, not just the last segment. For example, to mount a secret in an environment variable, you would use: