From 00ea917fc094ef7efaf574db4cdbb3dea97d106f Mon Sep 17 00:00:00 2001
From: Celes Renata <celes@frameshift.net>
Date: Thu, 16 Apr 2026 01:25:54 +0000
Subject: [PATCH] fix: add broker secrets to ingestion worker deployment

The ingestion worker creates an AlpacaBrokerAdapter but the pod
didn't have BROKER_API_KEY/BROKER_API_SECRET env vars, causing
401 Unauthorized on every broker source fetch. Added
stonks-broker-secrets to the ingestion service's secrets list.
---
 infra/helm/stonks-oracle/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/helm/stonks-oracle/values.yaml b/infra/helm/stonks-oracle/values.yaml
index e1f6745..580688a 100644
--- a/infra/helm/stonks-oracle/values.yaml
+++ b/infra/helm/stonks-oracle/values.yaml
@@ -46,7 +46,7 @@ services:
     image: ingestion
     command: "python -m services.ingestion.worker"
     tier: ingestion
-    secrets: [stonks-core-secrets, stonks-market-secrets]
+    secrets: [stonks-core-secrets, stonks-market-secrets, stonks-broker-secrets]
     resources:
       requests: { cpu: 100m, memory: 128Mi }
       limits: { cpu: 500m, memory: 256Mi }