The SonarQube Helm Chart provides a way of passing sonarSecretKey, containing a file sonar-secret.txt with your AES-256 encryption key that can be used to Encrypt/Decrypt sonar properties. However, it is not clear how this is intended to be used with the Helm Chart.
According to the docs, the Key needs to be generated in the SonarQube UI. Also, you'd need to use the UI to first encode your property values before they could be used. So if my understanding is correct, this creates a chicken or the egg problem.
Is the idea that your first stand up SonarQube, generate Key, then in subsequent deployments pass this Key to sonarSecretKey? Is it possible to generate this Key outside of the SonarQube UI? Possibly with openssl (ie. openssl enc -aes-256-gcm -k secret -P -md sha1)?
IMO, a short blurb in the README should be added to cover this.
The SonarQube Helm Chart provides a way of passing
sonarSecretKey, containing a filesonar-secret.txtwith your AES-256 encryption key that can be used to Encrypt/Decrypt sonar properties. However, it is not clear how this is intended to be used with the Helm Chart.According to the docs, the Key needs to be generated in the SonarQube UI. Also, you'd need to use the UI to first encode your property values before they could be used. So if my understanding is correct, this creates a chicken or the egg problem.
Is the idea that your first stand up SonarQube, generate Key, then in subsequent deployments pass this Key to
sonarSecretKey? Is it possible to generate this Key outside of the SonarQube UI? Possibly with openssl (ie.openssl enc -aes-256-gcm -k secret -P -md sha1)?IMO, a short blurb in the README should be added to cover this.