You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking to replace Secret with SealedSecret to help ensure secrets are never leaked by helm. Currently helm's --dry-run and --debug flags cause secrets to be logged. See helm/helm#7275. Perhaps someday helm will provide masking via a --set-secret option but this is not in the current list of options.
The SealedSecret templates would look very similar to the existing Secret templates and a feature flag could enable the SealedSecret templates while disabling the Secret templates.
If there's not currently an appetite to include the SealedSecret templates in the chart, then simply providing a feature flag to disable the Secret templates would allow the chart to be extended by a chart providing the SealedSecret templates.
Below is an example with a sealedSecret.enabled feature flag and a configmap-sealedsecret.yaml template. The feature flag would also be added to configmap-secret.yaml.
Looking to replace Secret with SealedSecret to help ensure secrets are never leaked by helm. Currently helm's
--dry-run
and--debug
flags cause secrets to be logged. See helm/helm#7275. Perhaps someday helm will provide masking via a--set-secret
option but this is not in the current list of options.The SealedSecret templates would look very similar to the existing Secret templates and a feature flag could enable the SealedSecret templates while disabling the Secret templates.
If there's not currently an appetite to include the SealedSecret templates in the chart, then simply providing a feature flag to disable the Secret templates would allow the chart to be extended by a chart providing the SealedSecret templates.
Below is an example with a
sealedSecret.enabled
feature flag and aconfigmap-sealedsecret.yaml
template. The feature flag would also be added toconfigmap-secret.yaml
.values
configmap-sealedsecret.yaml
The text was updated successfully, but these errors were encountered: