# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
  pkgs,
  stdenv,
  runCommand,
  ...
}:
let
  to_yaml_file = ((import ../../../functions/to_yaml.nix) {inherit pkgs;}).to_yaml_file;
  kube_encryption_key = runCommand "kube_encryption_key" { } ''
    head -c 32 /dev/urandom | base64 | tee $out
  '';
  kube_encryption_config = {
    kind = "EncryptionConfig";
    apiVersion = "v1";
    resources = [
      {
        resources = [ "secrets" ];
        providers = [
          {
            aescbc = {
              keys = [
                {
                  name = "key1";
                  secret = (builtins.readFile "${kube_encryption_key}");
                }
              ];
            };
          }
          { identity = { }; }
        ];
      }
    ];
  };
  kube_encryption_config_yaml = (to_yaml_file "encryption-config.yaml" kube_encryption_config);
in
stdenv.mkDerivation (finalAttrs: {
  name = "k8s-encryption-key";
  nativeBuildInputs = [ ];
  buildInputs = [ ];

  unpackPhase = "true";

  installPhase = ''
    mkdir "$out"
    cp "${kube_encryption_config_yaml}" $out/encryption-config.yaml
  '';
})