Support existing secrets #242
Comments
|
@ErikLundJensen I support to not have secrets in plaintext in yaml files in repository. This can be fixed with using helm secrets plugin. This allows to use yaml files with encrypted values and keep encrypted files in repositories and only decrypt when running helm install. See: https://github.com/jkroepke/helm-secrets Maybe this fixes the problem for you. |
|
I have an in-house CRD for pulling secrets from AWS SSM into namespaces, and as I'm trying to go to production with this chart I'm hitting similar issues. I want to use this chart as a dependency and then bring my own templates for secrets. Is there any interest in taking PR's that loosen some of the constraints where secrets come from? |
|
The fix would be to add: The following snippet in values.yaml The following snippet in templates/statefulset.yaml under spec.template.spec And just eliminate the file templates/secret.registry.yaml . |
|
I know this hasn't been touched in about a year, but I would still really like an existing secret for the initially provisioned users, as right now, you have to pass in plain text passwords for users, which makes the cockroachdb helm chart unusable for me at this time. This would be a good feature for those who cannot pass in plain text passwords to any repos. This is required for some security compliance. It looks like the work was already started here: https://github.com/cockroachdb/helm-charts/pull/272/files |
Real secrets should never be in clear text in value.yaml files. Therefore it would be preferrable if existing secrets could be used in the helm chart.
For example using existing imagePullSecrets instead of the secrets generated by the chart:
helm-charts/cockroachdb/templates/statefulset.yaml
Line 46 in 2ee4799
The text was updated successfully, but these errors were encountered: