Plaintext secrets in values.yaml

[YaMoef]

Hi I would like to commit my umbrella helm chart of kubernetes-zfs-provisioner to git so ArgoCD can manage it. To do this I of course cannot commit my ssh key since that is a big no-no. Is there a way I can omit this from values.yaml by either using secrets or something else to load the key?

[ccremer]

Hi, I'm not quite sure what you mean. In the chart, the ssh.externalSecretName parameter allows you to bring-your-own-secret, which you can provide from your favorite secrets provider. Is that not sufficient?

In my case, I'm using helmfile with the helm-secrets plugin, which itself is backed by SOPS. SOPS allows you to encrypt yaml files using various secrets provider, e.g. Azure, GCP, AWS, or GPG, which would be safe enough to commit.

[YaMoef]

Hi this is the solution I am looking for. Didn't know this existed. Thanks!