Sensitive data such as login credentials should not be rendered in a ConfigMap, as cluster operators are often more lenient granting applications read permissions for them.
This PR moves SMTP_LOGIN and SMTP_PASSWORD env vars to a new secret secret-smtp.yaml, unless .Values.mastodon.smtp.existingSecret is defined. In this case, no secret is created and sidekiq will source the login and password variables from .Values.mastodon.smtp.existingSecret.
Porting https://github.com/mastodon/mastodon/pull/19919 to the new repo.
Sensitive data such as login credentials should not be rendered in a
ConfigMap
, as cluster operators are often more lenient granting applications read permissions for them.This PR moves
SMTP_LOGIN
andSMTP_PASSWORD
env vars to a new secretsecret-smtp.yaml
, unless.Values.mastodon.smtp.existingSecret
is defined. In this case, no secret is created and sidekiq will source thelogin
andpassword
variables from.Values.mastodon.smtp.existingSecret
.This change is backwards-compatible.