How to pass the contents of a dynamically created file as an env variable in helm charts

[MSP85]

Output of helm version: version.BuildInfo{Version:"v3.12.1+11.el8", GitCommit:"8cc4ba6fcc61d4c2ad2084c214dda40124bf5d32", GitTreeState:"clean", GoVersion:"go1.19.10"}

Output of kubectl version:

Cloud Provider/Platform (AKS, GKE, Minikube etc.): Openshift

I'm trying to retrieve a secret from hashicorp vault using annotations and pass it as an env variable in the below helm chart. The annotations write the password into a file named myconfig.cfg and then this file is read using {{ .Files.Get}} , However I get an error "<.Files.Get>: nil pointer evaluating interface {}.Get". how do I pass the password as an env variable inside the chart?

{{- range .Values.statefulsets.ttg.controllers }}
{{- $name := printf "%s-%s" $.Values.statefulsets.ttg.name .name | trunc 63 | lower -}}
{{- $config := printf "%s-%s-config" $.Values.statefulsets.ttg.name .name | trunc 63 | lower -}}
{{- $secret := .auth.secretName | trunc 63 | lower -}}
apiVersion: "v1"
kind: ConfigMap
metadata:
  name: {{ $config }}
data:
  APP_LOG_LEVEL: {{ default "INFO" .logLevel | quote }}
  APP_SDK_LOGGING_LEVEL: {{ default "INFO" .logLevel | quote }}
  APP_GROUP_BY_COMPONENT_TYPE: "0"
  APP_ALERT_THRESHOLD: "10"
  APP_INIT_TIMEOUT: "0"
  KAFKA_BROKER: {{ $.Values.deployments.kafka.internalServiceName | quote }}
  KAFKA_CONSUME_TIMEOUT: "1000"
  KAFKA_SECURITY_PROTOCOL: "plaintext"
  APP_NAME: {{ .name | quote }}
  APP_HOST: {{ .hostname | quote }}
  APP_PORT: {{ .port | quote }}
  APP_ACCOUNT: {{ .auth.account | quote }}
  APP_ACCESS_KEY: {{ .auth.accessKey | quote }}
  APP_ACCOUNT_ID: {{ .auth.accountId | quote }}
  APP_REST_OAUTH: {{ default "0" .auth.useOauth | quote }}
  APP_USERNAME: {{ default "" .auth.username | quote }}
  APP_USE_SSL: {{ default "0" .auth.useSsl | quote }}
  APP_SAAS: {{ default "0" .auth.saas | quote }}
  {{- if hasKey .auth "certName" }}
  APP_SDK_CONTROLLER_CERTIFICATE_DIR: "/var/certs/"
  APP_SDK_CONTROLLER_CERTIFICATE_FILE: "/var/certs/{{ .auth.certName }}"
  {{- end }}
  {{- if hasKey . "proxy" }}
  APP_PROXY_HOST: {{ default "" .proxy.host | quote }}
  APP_PROXY_PORT: {{ default "" .proxy.port | quote }}
  {{- end }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ $name }}
  labels:
    app: {{ $name }}
spec:
  serviceName: {{ $name }}
  replicas: {{ default "1" .replicas }}
  selector:
    matchLabels:
      app: {{ $name }}
  template:
    metadata:
      labels:
        app: {{ $name }}
      annotations:
        [vault.hashicorp.com/agent-inject:](http://vault.hashicorp.com/agent-inject:) "true"
        [vault.hashicorp.com/ca-cert:](http://vault.hashicorp.com/ca-cert:) /certs/dev.pem
        [vault.hashicorp.com/namespace:](http://vault.hashicorp.com/namespace:) org
        [vault.hashicorp.com/role:](http://vault.hashicorp.com/role:) vault-service-role
        [vault.hashicorp.com/agent-service-account-token-volume-name:](http://vault.hashicorp.com/agent-service-account-token-volume-name:) 'k8s-cluster'
        [vault.hashicorp.com/secret-volume-path:](http://vault.hashicorp.com/secret-volume-path:) '/secrets'
        [vault.hashicorp.com/agent-pre-populate-only:](http://vault.hashicorp.com/agent-pre-populate-only:) "true"
        [vault.hashicorp.com/agent-inject-secret-myconfig.cfg:](http://vault.hashicorp.com/agent-inject-secret-myconfig.cfg:) 'path/to/secret'
        [vault.hashicorp.com/agent-inject-template-myconfig.cfg:](http://vault.hashicorp.com/agent-inject-template-myconfig.cfg:) |
          {{`{{- with secret "path/to/secret" -}}
          {{ .Data.data.app_password }}
          {{- end -}}`}}  
 
    spec:
{{- if hasKey $.Values.default "imagePullSecrets" }}
      imagePullSecrets:
        - name: {{ $.Values.default.imagePullSecrets }}
{{- end }}
      containers:
        - name: {{ $name }}
          image: "{{ default $.Values.default.imageRepository $.Values.statefulsets.ttg.imageRepository }}/{{ $.Values.statefulsets.ttg.image }}"
         imagePullPolicy: {{ default $.Values.default.imagePullPolicy $.Values.statefulsets.ttg.imagePullPolicy }}
         
          resources:
{{ toYaml ( default $.Values.default.resources $.Values.statefulsets.ttg.resources ) | indent 12 }}
          volumeMounts:
          - mountPath: "/var/certs"
            name: {{ $secret }}
            readOnly: true
          # Create the environment variables from the config map
          envFrom:
            - configMapRef:
                name: {{ $config }}
          env:
            - name: APP_PASSWORD
              value: |-
                {{ .Files.Get "/secrets/myconfig.cfg" }}               
            - name: KAFKA_CLIENT_ID
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
          livenessProbe:
            exec:
              command:
              - "nc"
              - "-z"
              - "-w"
              - "5"
              - {{ $.Values.deployments.kafka.internalServiceName | quote }}
              - {{ $.Values.deployments.kafka.internalServicePort | quote }}
            periodSeconds: 1
      volumes:
        - name: {{ $secret }}
          secret:
            secretName: {{ $secret }}
---
{{- end }}