[Helm chart] Configuring sensitive values via secrets

[cyrilcros]

Hi,
Would it be possible to set the sensitive values in the Helm chart (like components.server.sessionSecret for ex., but also db password and oauth info) via either an existingSecret secret reference or setting an environment variable?
Right now the values.yaml has sensitive information in it which is an issue for “gitops-style” management of Kubernetes.
Thanks!

[csweichel]

That makes perfect sense. We could adopt a pattern akin to how we handle the HTTPS certificates, except that one could still provide the value directly if necessary, e.g.:

server:
  sessionSecret:
    secretName: some-preexisting-secret
    key: data-in-the-secret

but also:

server:
  sessionSecret:
    value: "enter value here directly"

We would do that for:

• db.password
• messagebus.password
• minio.accessKey
• minio.secretKey
• server.sessionSecret

[cyrilcros]

Thanks you for considering this feature! You can even autogenerate those if you are willing to drop / have dropped Helm 2 support: https://github.com/helm/charts/issues/5167#issuecomment-619137759
I would say the OAuth also needs it, but it might be more complicated if you have a list of possible clients rather than a single one.