Update naming convention of the global secret key and related comments

Author: BorisPolonsky

charts/dify/templates/credentials.tpl

@@ -2,7 +2,7 @@
 # A secret key that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`.
 SECRET_KEY: {{ .Values.api.secretKey | default .Values.global.appSecretKey | b64enc | quote }}
 {{- if .Values.sandbox.enabled }}
-CODE_EXECUTION_API_KEY: {{ .Values.sandbox.auth.apiKey | default .Values.global.innerApiKey | b64enc | quote }}
+CODE_EXECUTION_API_KEY: {{ .Values.sandbox.auth.apiKey | default .Values.global.internalApiKey | b64enc | quote }}
 {{- end }}
 {{- include "dify.db.credentials" . }}
 # The configurations of redis connection.
@@ -14,8 +14,8 @@ CODE_EXECUTION_API_KEY: {{ .Values.sandbox.auth.apiKey | default .Values.global.
 {{ include "dify.vectordb.credentials" . }}
 {{ include "dify.mail.credentials" . }}
 {{- if .Values.pluginDaemon.enabled }}
-PLUGIN_DAEMON_KEY: {{ .Values.pluginDaemon.auth.serverKey | default .Values.global.innerApiKey | b64enc | quote }}
-INNER_API_KEY_FOR_PLUGIN: {{ .Values.pluginDaemon.auth.difyApiKey | default .Values.global.innerApiKey | b64enc | quote }}
+PLUGIN_DAEMON_KEY: {{ .Values.pluginDaemon.auth.serverKey | default .Values.global.internalApiKey | b64enc | quote }}
+INNER_API_KEY_FOR_PLUGIN: {{ .Values.pluginDaemon.auth.difyApiKey | default .Values.global.internalApiKey | b64enc | quote }}
 {{- end }}
 {{- if and .Values.api.otel.enabled (not .Values.externalSecret.enabled) }}
 OTLP_API_KEY: {{ .Values.api.otel.apiKey | b64enc | quote }}
@@ -38,8 +38,8 @@ SECRET_KEY: {{ .Values.api.secretKey | default .Values.global.appSecretKey | b64
 {{ include "dify.vectordb.credentials" . }}
 {{ include "dify.mail.credentials" . }}
 {{- if .Values.pluginDaemon.enabled }}
-PLUGIN_DAEMON_KEY: {{ .Values.pluginDaemon.auth.serverKey | default .Values.global.innerApiKey | b64enc | quote }}
-INNER_API_KEY_FOR_PLUGIN: {{ .Values.pluginDaemon.auth.difyApiKey | default .Values.global.innerApiKey | b64enc | quote }}
+PLUGIN_DAEMON_KEY: {{ .Values.pluginDaemon.auth.serverKey | default .Values.global.internalApiKey | b64enc | quote }}
+INNER_API_KEY_FOR_PLUGIN: {{ .Values.pluginDaemon.auth.difyApiKey | default .Values.global.internalApiKey | b64enc | quote }}
 {{- end }}
 {{- if and .Values.api.otel.enabled (not .Values.externalSecret.enabled) }}
 OTLP_API_KEY: {{ .Values.api.otel.apiKey | b64enc | quote }}
@@ -213,15 +213,15 @@ SMTP_PASSWORD: {{ .Values.api.mail.smtp.password | b64enc | quote }}
 {{- end }}
 
 {{- define "dify.sandbox.credentials" -}}
-API_KEY: {{ .Values.sandbox.auth.apiKey | default .Values.global.innerApiKey | b64enc | quote }}
+API_KEY: {{ .Values.sandbox.auth.apiKey | default .Values.global.internalApiKey | b64enc | quote }}
 {{- end }}
 
 {{- define "dify.pluginDaemon.credentials" -}}
 {{ include "dify.db.credentials" . }}
 {{ include "dify.redis.credentials" . }}
 {{ include "dify.pluginDaemon.storage.credentials" . }}
-SERVER_KEY: {{ .Values.pluginDaemon.auth.serverKey | default .Values.global.innerApiKey | b64enc | quote }}
-DIFY_INNER_API_KEY: {{ .Values.pluginDaemon.auth.difyApiKey | default .Values.global.innerApiKey | b64enc | quote }}
+SERVER_KEY: {{ .Values.pluginDaemon.auth.serverKey | default .Values.global.internalApiKey | b64enc | quote }}
+DIFY_INNER_API_KEY: {{ .Values.pluginDaemon.auth.difyApiKey | default .Values.global.internalApiKey | b64enc | quote }}
 {{- end }}
 
 {{- define "dify.pluginDaemon.storage.credentials" -}}

charts/dify/values.schema.json

@@ -60,7 +60,7 @@
       "properties": {
         "edition": { "type": "string" },
         "appSecretKey": { "type": "string" },
-        "innerApiKey": { "type": "string" },
+        "internalApiKey": { "type": "string" },
         "consoleApiDomain": { "type": "string" },
         "consoleWebDomain": { "type": "string" },
         "serviceApiDomain": { "type": "string" },

charts/dify/values.yaml

@@ -7,10 +7,9 @@ global:
   edition: "SELF_HOSTED"
   # A secret key that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`.
   appSecretKey: "sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U"
-  # A global secret key for inter-component API calls (e.g. `api`, `sandbox` and `pluginDaemon`). You can generate a strong key using `openssl rand -base64 42`.
-  # Used as fallback for component-specific inter-component API keys (e.g., pluginDaemon.auth.serverKey, pluginDaemon.auth.difyApiKey).
-  # Component-specific values take precedence over this global value. If component-specific value is empty, this global value is used.
-  innerApiKey: ""
+  # A global secret key for all inter-component API calls among Dify containers (e.g. `api`, `sandbox` and `pluginDaemon`). You can generate a strong key using `openssl rand -base64 42`.
+  # Takes no effect when left empty. Can be overridden by component-specific values.
+  internalApiKey: ""
   # The backend domain of the console API, used to concatenate the authorization callback.
   # If empty, it is the same domain. Example: console.dify.ai
   consoleApiDomain: ""
@@ -713,7 +712,7 @@ sandbox:
     clusterIP: ""
   auth:
     # API key for sandbox code execution service. You can generate a strong key using `openssl rand -base64 42`.
-    # If not set, uses global.innerApiKey
+    # If not set, uses global.internalApiKey
     apiKey: ""
 
   ## Sandbox ServiceAccount configuration