fix(ci): secrets 파일 덮어쓰기 방지 (write_kv 사용)

scripts/deploy-remote.sh

@@ -52,10 +52,19 @@ if [ -r "$SECRETS_FILE" ]; then
 fi
 POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-$(openssl rand -hex 24)}"
 JWT_SECRET="${JWT_SECRET:-$(openssl rand -hex 32)}"
-cat > "$SECRETS_FILE" <<EOF
+
-POSTGRES_PASSWORD=$POSTGRES_PASSWORD
+# 기존 secret 파일의 다른 키들은 보존하고 이 두 값만 갱신
-JWT_SECRET=$JWT_SECRET
+write_kv() {
-EOF
+  local key="$1" val="$2" file="$3"
+  if [ -f "$file" ]; then
+    grep -v "^${key}=" "$file" > "${file}.tmp" || true
+    mv "${file}.tmp" "$file"
+  fi
+  echo "${key}=${val}" >> "$file"
+}
+touch "$SECRETS_FILE"
+write_kv POSTGRES_PASSWORD "$POSTGRES_PASSWORD" "$SECRETS_FILE"
+write_kv JWT_SECRET "$JWT_SECRET" "$SECRETS_FILE"
 chmod 600 "$SECRETS_FILE"
 
 kubectl -n insurance create secret generic postgres-credentials \