faridco
commented
1 week ago there is set_sensitive
for example
resource "helm_release" "mod" {
chart = "aidbox"
create_namespace = true
name = "aidbox"
namespace = "aidbox"
repository = "https://aidbox.github.io/helm-charts"
values = [yamlencode({
host = "aidbox.local"
protocol = "http"
config = {
AIDBOX_ADMIN_ID = "admin"
AIDBOX_CLIENT_ID = "admin"
AIDBOX_FHIR_VERSION = "4.0.1"
PGDATABASE = "aidbox"
PGHOST = "aidboxdb.postgres.svc"
PGUSER = "postgres"
}
})]
set_sensitive {
name = "config.AIDBOX_ADMIN_PASSWORD"
value = "<secret-value>"
}
set_sensitive {
name = "config.AIDBOX_CLIENT_SECRET"
value = "<secret-value>"
}
set_sensitive {
name = "config.AIDBOX_LICENSE"
value = "<license-content-here>"
}
set_sensitive {
name = "config.PGPASSWORD"
value = "<secret-value>"
}
}sample output when updating
- {
- app_version = "edge"
- chart = "aidbox"
- first_deployed = 1726221148
- last_deployed = 1726221148
- name = "aidbox"
- namespace = "aidbox"
- notes = ""
- revision = 1
- values = jsonencode(
{
- config = {
- AIDBOX_ADMIN_ID = "admin"
- AIDBOX_ADMIN_PASSWORD = "(sensitive value)"
- AIDBOX_CLIENT_ID = "admin"
- AIDBOX_CLIENT_SECRET = "(sensitive value)"
- AIDBOX_FHIR_VERSION = "4.0.1"
- AIDBOX_LICENSE = "(sensitive value)"
- PGDATABASE = "aidbox"
- PGHOST = "aidboxdb.postgres.svc"
- PGPASSWORD = "(sensitive value)"
- PGUSER = "postgres"
}
- host = "aidbox.local"
- protocol = "http"
}
)
- version = "0.1.13"
},
] -> (known after apply)
snowsky
When helm release is updated by Terraform,
configsection will show sensitive data in plain text. This is to allow secret to be used for required environment variables.