Helm chart - secret #1483
Labels
question
Further information is requested
Comments
|
Added a PR for this - #1484 |
|
Good idea to add an option to use existing backend secret, that option will handle will handle smtp passwords and Django secret key too. I will check to implement that option soon, before official helm publishing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem statement
The helm chart has config available for providing secret values for smtp password.
Eg. backend.config.smtp.primary.password
which allows providing a password for SMTP. It is not secure to pass in this value in the values file, especially when using a CD tool such as ArgoCD for deployments as it would require committing this secret into a git repo.
The secret.yaml template correctly checks if the value is present before creating a secret, however in the deployment.yaml it has the following
{{- if .Values.backend.config.smtp.primary.password }}
- name: EMAIL_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "ciso-assistant.fullname" . }}-backend
key: email-primary-password
{{- end }}
I would expect to create this secret externally and securely via another means for eg. using external secrets operator, however the chart should then allow me to provide an external secret to reference.
This is currently already done for the postgres password (providing an existing secret)
Expected behavior
Allow providing an existing secret for smtp primary/rescue passwords.
The text was updated successfully, but these errors were encountered: