helmfile diff/apply don't see changes to secrets

[anorm]

If changes are made to a release which results in a kubernetes secret being changed, helmfile diff doesn't see the change causing helmfile apply to do nothing.

Running helmfile apply --show-secrets --suppress-secrets makes helmfile act as expected, upgrading the release without outputting the secret value to stdout.

I expected that:

• Running helmfile apply would detect the changed secret and upgrade the release regardless of the --show-secrets and --suppress-secrets flags
• The --show-secrets and --suppress-secrets flags would not affect the behavior of helmfile other than changing what is printed to stdout

Versions

❯ helmfile -v
helmfile version v0.144.0
❯ helm version
version.BuildInfo{Version:"v3.8.2", GitCommit:"6e3701edea09e5d55a8ca2aae03a68917630e91b", GitTreeState:"clean", GoVersion:"go1.17.5"}
❯ helm plugin list
NAME            VERSION DESCRIPTION
diff            3.4.2   Preview helm upgrade changes as a diff

[arkadius]

Have you change secret using stringData or data? stringData is "write only" so changes are not visible in diff. If you switch do data everything should work as expected. Important thing is that using data you need to encode values via base 64: password: {{ "foo" | b64enc }}

[anorm]

Oops, forgot to answer. Yes, this was indeed the problem. Thank you :-)