-
-
Notifications
You must be signed in to change notification settings - Fork 128
Values
helm-secrets natively support all values that are support by helm, including downloader plugins.
When curl or wget is available, helm-secrets is able to fetch value files from various remote locations.
helm template -f secrets://https://raw.githubusercontent.com/jkroepke/helm-secrets/main/examples/sops/secrets.yamlWhile helm does not support any authentication mechanism, helm-secret does support at least basic auth.
helm template -f secrets://https://user:[email protected]/jkroepke/helm-secrets/main/examples/sops/secrets.yamlAdditionally, the authentication details can be provided by environment variables or from a file system using the .netrc standard this is useful inside CD systems.
Note: is feature is disabled by default and requires the environment variables HELM_SECRETS_URL_VARIABLE_EXPANSION=true.
# can be also defined via kubernetes PodSpec or CI secrets
export HELM_SECRETS_URL_VARIABLE_EXPANSION=true
export GH_TOKEN=ghp_xxxxxx
helm template -f secrets://https://${GH_TOKEN}@raw.githubusercontent.com/jkroepke/helm-secrets/main/examples/sops/secrets.yamlTo enable this feature, an environment NETRC needs to defined which holds the path to the .netrc file. This is required
even the standard location ~/.netrc is used. The .netrc file can hold multiple credentials for different hostnames.
The wget command on alpine linux does not support .netrc and curl is required and automatically preferred over wget.
Example .netrc file:
# cat .netrc
machine raw.githubusercontent.com
login ghp_xxxxxx
password
Then run
export NETRC="${PWD}/.netrc" # needs to be defined
helm template -f secrets://https://raw.githubusercontent.com/jkroepke/helm-secrets/main/examples/sops/secrets.yamlhelm-secrets supports helm-git. With this combination, you can fetch secret from other git repositories.
helm template -f secrets://git+https://[provider.com]/[user]/[repo]@[path/to/charts][?[ref=git-ref][&sparse=0][&depupdate=0]]Other plugins like helm-s3, helm-gcs are supported as well.
This wiki is synced with the docs folder from the code repository! To improve the wiki, create a pull request against the code repository with the suggested changes.