Support existingSecret refs in values file

[michaelfedell]

Currently, the values.yaml for both helm charts requires sensitive values such as .Values.env.aws_secret_access_key, ...secre_key, ...pgdb_remote_url, etc. All of these values must be committed to a git repository if you are managing your deployment via GitOps (ArgoCD, FluxCD, etc.) which is not a good solution for anybody.

Many Helm charts solve this problem by supporting an existingSecret value so that any sensitive values can be passed directly to the helm chart (where they are often used to create a Secret), or can be set up in an existing secret (e.g. managed by External Secrets Operator, and simply referenced in the Helm values.

Here are a few examples of charts which do this well:

• Grafana Mimir
• Grafana
• Kafka

[michaelfedell]

Actually, it looks like a lot of this work has already begun on the external-secrets branch. Does anyone have context on the state of that effort? it looks to be largely complete but only exists on the plane-ce version
develop...external-secrets

[theparthacus]

@mguptahub, could you see this, too? be good to ship this too in the next two weeks.

[mguptahub]

@michaelfedell

This is a good one to be added. Thanks for bringing it up. Will update you as we are ready to ship.