From 976bf10e912818cc6e31007b20f536940fb68d84 Mon Sep 17 00:00:00 2001
From: nprt <nikola.djoric@parity.io>
Date: Tue, 3 Mar 2026 14:57:58 +0100
Subject: [PATCH 1/5] add vaultKeyAppendPodIndex for aura keys

---
 charts/node/templates/statefulset.yaml | 27 +++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/charts/node/templates/statefulset.yaml b/charts/node/templates/statefulset.yaml
index 05faa40..c6d949d 100644
--- a/charts/node/templates/statefulset.yaml
+++ b/charts/node/templates/statefulset.yaml
@@ -41,10 +41,18 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- range $keys := .Values.node.vault.keys }}
-        vault.hashicorp.com/agent-inject-secret-{{ .name }}: {{ .vaultPath | squote }}
-        vault.hashicorp.com/agent-inject-template-{{ .name }}: |
-          {{`{{ with secret "`}}{{ .vaultPath }}{{`" }}{{ .Data.data.`}}{{ .vaultKey }}{{` }}{{ end }}`}}
-      {{- end }}
+        {{- if .vaultKeyAppendPodIndex }}
+          {{- range $index := until ($.Values.node.replicas | int) }}
+              vault.hashicorp.com/agent-inject-secret-{{ $keys.name }}-{{ $index }}: {{ $keys.vaultPath | squote }}
+              vault.hashicorp.com/agent-inject-template-{{ $keys.name }}-{{ $index }}: |
+                {{`{{ with secret "`}}{{ $keys.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $keys.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
+          {{- end }}
+        {{- else }}
+              vault.hashicorp.com/agent-inject-secret-{{ .name }}: {{ .vaultPath | squote }}
+              vault.hashicorp.com/agent-inject-template-{{ .name }}: |
+                {{`{{ with secret "`}}{{ .vaultPath }}{{`" }}{{ .Data.data.`}}{{ .vaultKey }}{{` }}{{ end }}`}}
+        {{- end }}
+      {{- end }}j
       {{- if .Values.node.vault.nodeKey }}
         {{- if .Values.node.vault.nodeKey.vaultKeyAppendPodIndex }}
           {{- range $index := until (.Values.node.replicas | int) }}
@@ -421,8 +429,9 @@ spec:
               echo "Inserted node key at ${NODE_KEY_PATH} with peer-id: ${NODE_PEER_ID}"
               {{- end }}
               {{- range $keys := .Values.node.vault.keys }}
-              if [ ! -f /vault/secrets/{{ .name }} ]; then
-                 echo "Error: File /vault/secrets/{{ .name }} does not exist"
+              KEY_PATH="/vault/secrets/{{ .name }}{{ if .vaultKeyAppendPodIndex }}-${HOSTNAME##*-}{{ end }}"
+              if [ ! -f ${KEY_PATH} ]; then
+                 echo "Error: File ${KEY_PATH} does not exist"
                  exit 1
               fi
               {{ $.Values.node.command }} key insert \
@@ -433,11 +442,11 @@ spec:
               --chain {{ $.Values.node.customChainspecPath }} \
               {{- end }}
               {{- if .extraDerivation }}
-              --suri "$(cat /vault/secrets/{{ .name }}){{ .extraDerivation }}" \
+              --suri "$(cat ${KEY_PATH}){{ .extraDerivation }}" \
               {{- else }}
-              --suri "/vault/secrets/{{ .name }}" \
+              --suri "$(cat ${KEY_PATH})" \
               {{- end }}
-              && echo "Inserted key {{ .name }} (type={{ .type }}, scheme={{ .scheme }}) into Keystore" \
+              && echo "Inserted key {{ .name }} (type={{ .type }}, scheme={{ .scheme }}) from ${KEY_PATH} into Keystore" \
               || echo "Failed to insert key {{ .name }} (type={{ .type }}, scheme={{ .scheme }}) into Keystore."
               {{- end }}
           resources:

From 23063574087410310bef57a68b0543d0790acf42 Mon Sep 17 00:00:00 2001
From: nprt <nikola.djoric@parity.io>
Date: Tue, 3 Mar 2026 16:04:55 +0100
Subject: [PATCH 2/5] fix indentation; add example values

---
 charts/node/templates/statefulset.yaml | 50 +++++++++++++-------------
 charts/node/values.yaml                |  2 ++
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/charts/node/templates/statefulset.yaml b/charts/node/templates/statefulset.yaml
index c6d949d..f9219c6 100644
--- a/charts/node/templates/statefulset.yaml
+++ b/charts/node/templates/statefulset.yaml
@@ -37,35 +37,35 @@ spec:
     metadata:
     {{- if or .Values.podAnnotations .Values.node.vault.keys .Values.node.vault.nodeKey }}
       annotations:
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- range $keys := .Values.node.vault.keys }}
-        {{- if .vaultKeyAppendPodIndex }}
-          {{- range $index := until ($.Values.node.replicas | int) }}
-              vault.hashicorp.com/agent-inject-secret-{{ $keys.name }}-{{ $index }}: {{ $keys.vaultPath | squote }}
-              vault.hashicorp.com/agent-inject-template-{{ $keys.name }}-{{ $index }}: |
-                {{`{{ with secret "`}}{{ $keys.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $keys.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- range $keys := .Values.node.vault.keys }}
+          {{- if .vaultKeyAppendPodIndex }}
+            {{- range $index := until ($.Values.node.replicas | int) }}
+          vault.hashicorp.com/agent-inject-secret-{{ $keys.name }}-{{ $index }}: {{ $keys.vaultPath | squote }}
+          vault.hashicorp.com/agent-inject-template-{{ $keys.name }}-{{ $index }}: |
+              {{`{{ with secret "`}}{{ $keys.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $keys.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
+            {{- end }}
+          {{- else }}
+          vault.hashicorp.com/agent-inject-secret-{{ .name }}: {{ .vaultPath | squote }}
+          vault.hashicorp.com/agent-inject-template-{{ .name }}: |
+            {{`{{ with secret "`}}{{ .vaultPath }}{{`" }}{{ .Data.data.`}}{{ .vaultKey }}{{` }}{{ end }}`}}
           {{- end }}
-        {{- else }}
-              vault.hashicorp.com/agent-inject-secret-{{ .name }}: {{ .vaultPath | squote }}
-              vault.hashicorp.com/agent-inject-template-{{ .name }}: |
-                {{`{{ with secret "`}}{{ .vaultPath }}{{`" }}{{ .Data.data.`}}{{ .vaultKey }}{{` }}{{ end }}`}}
         {{- end }}
-      {{- end }}j
-      {{- if .Values.node.vault.nodeKey }}
-        {{- if .Values.node.vault.nodeKey.vaultKeyAppendPodIndex }}
-          {{- range $index := until (.Values.node.replicas | int) }}
-        vault.hashicorp.com/agent-inject-secret-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: {{ $.Values.node.vault.nodeKey.vaultPath | squote }}
-        vault.hashicorp.com/agent-inject-template-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: |
-            {{`{{ with secret "`}}{{ $.Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $.Values.node.vault.nodeKey.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
+        {{- if .Values.node.vault.nodeKey }}
+          {{- if .Values.node.vault.nodeKey.vaultKeyAppendPodIndex }}
+            {{- range $index := until (.Values.node.replicas | int) }}
+          vault.hashicorp.com/agent-inject-secret-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: {{ $.Values.node.vault.nodeKey.vaultPath | squote }}
+          vault.hashicorp.com/agent-inject-template-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: |
+              {{`{{ with secret "`}}{{ $.Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $.Values.node.vault.nodeKey.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
+            {{- end }}
+          {{- else }}
+          vault.hashicorp.com/agent-inject-secret-{{ .Values.node.vault.nodeKey.name }}: {{ .Values.node.vault.nodeKey.vaultPath | squote }}
+          vault.hashicorp.com/agent-inject-template-{{ .Values.node.vault.nodeKey.name }}: |
+            {{`{{ with secret "`}}{{ .Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ .Values.node.vault.nodeKey.vaultKey }}{{` }}{{ end }}`}}
           {{- end }}
-        {{- else }}
-        vault.hashicorp.com/agent-inject-secret-{{ .Values.node.vault.nodeKey.name }}: {{ .Values.node.vault.nodeKey.vaultPath | squote }}
-        vault.hashicorp.com/agent-inject-template-{{ .Values.node.vault.nodeKey.name }}: |
-          {{`{{ with secret "`}}{{ .Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ .Values.node.vault.nodeKey.vaultKey }}{{` }}{{ end }}`}}
         {{- end }}
-      {{- end }}
       {{- if or .Values.node.vault.keys .Values.node.vault.nodeKey }}
         vault.hashicorp.com/agent-inject: 'true'
         vault.hashicorp.com/agent-init-first: 'true'
diff --git a/charts/node/values.yaml b/charts/node/values.yaml
index 515eb8d..89df289 100644
--- a/charts/node/values.yaml
+++ b/charts/node/values.yaml
@@ -421,11 +421,13 @@ node:
       #   vaultPath: kv/secret/grankey
       #   vaultKey: gran
       #   extraDerivation: //
+      #   vaultKeyAppendPodIndex: false
       # - name: babekey
       #   type: type
       #   scheme: scheme
       #   vaultPath: kv/secrets/babeKey
       #   vaultKey: babe
+      #   vaultKeyAppendPodIndex: false
 
     # -- Node key to use via vault
     nodeKey: {}

From 2f679a1e3318b8f717d2e28bd6806c41451aab9a Mon Sep 17 00:00:00 2001
From: eduardspa <eduard@parity.io>
Date: Tue, 3 Mar 2026 17:17:53 +0200
Subject: [PATCH 3/5] fix: correct annotation indentation for vault keys and
 nodeKey

The output lines for vault.hashicorp.com annotations were indented
2 spaces too deep, causing YAML parse errors. Outdent to match the
original 8-space indentation.
---
 charts/node/templates/statefulset.yaml | 34 +++++++++++++-------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/charts/node/templates/statefulset.yaml b/charts/node/templates/statefulset.yaml
index f9219c6..0300120 100644
--- a/charts/node/templates/statefulset.yaml
+++ b/charts/node/templates/statefulset.yaml
@@ -43,29 +43,29 @@ spec:
         {{- range $keys := .Values.node.vault.keys }}
           {{- if .vaultKeyAppendPodIndex }}
             {{- range $index := until ($.Values.node.replicas | int) }}
-          vault.hashicorp.com/agent-inject-secret-{{ $keys.name }}-{{ $index }}: {{ $keys.vaultPath | squote }}
-          vault.hashicorp.com/agent-inject-template-{{ $keys.name }}-{{ $index }}: |
-              {{`{{ with secret "`}}{{ $keys.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $keys.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
+        vault.hashicorp.com/agent-inject-secret-{{ $keys.name }}-{{ $index }}: {{ $keys.vaultPath | squote }}
+        vault.hashicorp.com/agent-inject-template-{{ $keys.name }}-{{ $index }}: |
+            {{`{{ with secret "`}}{{ $keys.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $keys.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
             {{- end }}
           {{- else }}
-          vault.hashicorp.com/agent-inject-secret-{{ .name }}: {{ .vaultPath | squote }}
-          vault.hashicorp.com/agent-inject-template-{{ .name }}: |
-            {{`{{ with secret "`}}{{ .vaultPath }}{{`" }}{{ .Data.data.`}}{{ .vaultKey }}{{` }}{{ end }}`}}
+        vault.hashicorp.com/agent-inject-secret-{{ .name }}: {{ .vaultPath | squote }}
+        vault.hashicorp.com/agent-inject-template-{{ .name }}: |
+          {{`{{ with secret "`}}{{ .vaultPath }}{{`" }}{{ .Data.data.`}}{{ .vaultKey }}{{` }}{{ end }}`}}
           {{- end }}
         {{- end }}
-        {{- if .Values.node.vault.nodeKey }}
-          {{- if .Values.node.vault.nodeKey.vaultKeyAppendPodIndex }}
-            {{- range $index := until (.Values.node.replicas | int) }}
-          vault.hashicorp.com/agent-inject-secret-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: {{ $.Values.node.vault.nodeKey.vaultPath | squote }}
-          vault.hashicorp.com/agent-inject-template-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: |
-              {{`{{ with secret "`}}{{ $.Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $.Values.node.vault.nodeKey.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
-            {{- end }}
-          {{- else }}
-          vault.hashicorp.com/agent-inject-secret-{{ .Values.node.vault.nodeKey.name }}: {{ .Values.node.vault.nodeKey.vaultPath | squote }}
-          vault.hashicorp.com/agent-inject-template-{{ .Values.node.vault.nodeKey.name }}: |
-            {{`{{ with secret "`}}{{ .Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ .Values.node.vault.nodeKey.vaultKey }}{{` }}{{ end }}`}}
+      {{- if .Values.node.vault.nodeKey }}
+        {{- if .Values.node.vault.nodeKey.vaultKeyAppendPodIndex }}
+          {{- range $index := until (.Values.node.replicas | int) }}
+        vault.hashicorp.com/agent-inject-secret-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: {{ $.Values.node.vault.nodeKey.vaultPath | squote }}
+        vault.hashicorp.com/agent-inject-template-{{ $.Values.node.vault.nodeKey.name }}-{{ $index }}: |
+            {{`{{ with secret "`}}{{ $.Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ printf "%s_%s" $.Values.node.vault.nodeKey.vaultKey ($index | toString) }}{{` }}{{ end }}`}}
           {{- end }}
+        {{- else }}
+        vault.hashicorp.com/agent-inject-secret-{{ .Values.node.vault.nodeKey.name }}: {{ .Values.node.vault.nodeKey.vaultPath | squote }}
+        vault.hashicorp.com/agent-inject-template-{{ .Values.node.vault.nodeKey.name }}: |
+          {{`{{ with secret "`}}{{ .Values.node.vault.nodeKey.vaultPath }}{{`" }}{{ .Data.data.`}}{{ .Values.node.vault.nodeKey.vaultKey }}{{` }}{{ end }}`}}
         {{- end }}
+      {{- end }}
       {{- if or .Values.node.vault.keys .Values.node.vault.nodeKey }}
         vault.hashicorp.com/agent-inject: 'true'
         vault.hashicorp.com/agent-init-first: 'true'

From 0d1e3471e848421daf84a1704e9a00446248add6 Mon Sep 17 00:00:00 2001
From: eduardspa <eduard@parity.io>
Date: Tue, 3 Mar 2026 17:25:55 +0200
Subject: [PATCH 4/5] bump chart version to 5.17.0

---
 charts/node/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/node/Chart.yaml b/charts/node/Chart.yaml
index 710baa6..7e5a391 100644
--- a/charts/node/Chart.yaml
+++ b/charts/node/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: node
 description: A Helm chart to deploy Substrate/Polkadot nodes
 type: application
-version: 5.16.0
+version: 5.17.0
 maintainers:
   - name: Parity
     url: https://github.com/paritytech/helm-charts

From 6b61a1f26435083216eef5792ff92db3df114e82 Mon Sep 17 00:00:00 2001
From: eduardspa <eduard@parity.io>
Date: Tue, 3 Mar 2026 17:54:59 +0200
Subject: [PATCH 5/5] update helm-docs generated README

---
 charts/node/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/node/README.md b/charts/node/README.md
index 08f7bd5..3b10030 100644
--- a/charts/node/README.md
+++ b/charts/node/README.md
@@ -18,7 +18,7 @@ This is intended behaviour. Make sure to run `git add -A` once again to stage ch
 
 # Substrate/Polkadot node Helm chart
 
-![Version: 5.16.0](https://img.shields.io/badge/Version-5.16.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 5.17.0](https://img.shields.io/badge/Version-5.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 ## Overview
 The Polkadot Helm Chart provides a convenient way to deploy and manage a Polkadot blockchain node in a Kubernetes cluster.
@@ -563,4 +563,4 @@ If you're running a collator node:
 | wsHealthExporter.resources | object | `{}` | Resource limits & requests |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)