Helm plugin support - Githubissues

Hi! Thanks for your interest.

It's required to rewrite aptomi helm plugin to run helm binary to support helm plugins. It's doable for sure. For your use case, I think main issue is in the approach. You're going to run Aptomi in K8s or somewhere else, where you'll not have GPG keys. So, I think it's more about thinking what will be more clear way to support encrypting values.

TL;DR

That's true, golang helm client approach isn't working with helm plugins, as they are fully working on client side. We're considering to support binary execution in future is there will be no other options. In general, most of the plugins are targeted to help using Helm CLI and not really required for charts installation.

Your example with helm-secrets is actually a good example of very useful chart installation plugin. There are few issues with using it directly with Aptomi:

Aptomi will not be running locally most probably and that means that there will be no keys to decrypt data on it even if we'll be running helm binary with this plugin
Helm charts values are going to be passed as part of the Service Component definition or as part of the Dependency labels (most useful option), so, it means you'll need to encrypt a bit different objects comparing to what is supported by helm-secrets now

So, I think that more clear way for implementing it - using some wrapper for aptomictl or implement same kind of encryption functionality into the Aptomi itself.

There are multiple reasons for not calling helm as binary:

it's difficult to parse state and errors from binary output
it'll require managing helm binaries for different OS and Arch
helm plugins are just bash scripts, so, they could require different 3rd party utilities and access

Aptomi / k8s-app-engine

Helm plugin support #248