Skip to content

add support for optional secrets using flag optional-secrets #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

add support for optional secrets using flag optional-secrets #160

wants to merge 6 commits into from

Conversation

@manherna
Copy link
Contributor

@manherna manherna commented Nov 21, 2024

Add support for optional secrets which are not required by default.

related to #152

@manherna
Copy link
Contributor Author

manherna commented Nov 25, 2024

Hi @arttor! It took me a while, but I found time to push this PR. What do you think? Does it suit the project scope? Does it lack anything?

arttor
arttor requested changes Nov 28, 2024
View reviewed changes
Copy link
Owner

@arttor arttor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hi, thank you for this proposal.
Can you please explain how optional secrets will be used?

I am asking only because i had different understanig based on our disucssion in #152.
My understanding was that:

  1. User provides list of secret names as flag. These secrets should be created externally and not be a part of Helm chart.
  2. Helmify will ignore listed secrets entirely and will not create any templates for these secrets
  3. Helmify will find secret usages in other resoruces like Pod and replace it with a name of external secret, which will be stored in values.yaml as 
    externalSecrets:
    <secret_name>: "<secret_name>"

@manherna
Copy link
Contributor Author

manherna commented Jan 9, 2025

Hi @arttor what do you think? Can this be merged?

@arttor
Copy link
Owner

arttor commented Feb 8, 2025

sorry for not responding. But i am a bit struggling to understand the feature by looking at the code. Can you please explain what it does and what is the use-case?

@manherna
Copy link
Contributor Author

manherna commented May 29, 2025

Hi @arttor sorry, this went over my head.
The aim of this MR is to be able to decide wether a specific secret in the kustomize manifests is optional.
An optional secret, as per my view, is one that will be only created if its value is passed during installation and it is not null.

Imagine a registryCredentials secret. With this approach, the user installing the chart could decide to either install the chart with the value .Values.regisgtryCredentials.token and then the secret myhelmchart-registrycredentials would be created.
If, on the other hand, they would decide to leave that value empty or not define it, the secret myhelmchart-registrycredentials would not be created.

In my opinion this is useful because it allows users to either have the comfort of having a secret created upon install, or if they want they can define the secret themselves and maybe use something like ExternalSecrets to manage it.

@manherna manherna requested a review from arttor May 29, 2025 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arttor arttor Awaiting requested review from arttor

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@manherna @arttor