adebaumann/shorefront
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: remove secrets block from Helm values

Browse Source 
Remove the secrets: block from values.yaml so no plaintext credentials
live in the chart or git history. Update values-prod.yaml to replace the
--set secrets.* instructions with a pointer to the create-secrets.sh script.
This commit is contained in:
Adrian A. Baumann
2026-02-28 23:08:48 +01:00
parent a8e30fa7c4
commit 3278ef63b3
2 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
helm/shorefront/values-prod.yaml
View File

@@ -1,8 +1,9 @@
ingress: ingress:
host: shorefront.yourdomain.com host: shorefront.yourdomain.com
# Override secrets at deploy time: # Secrets are NOT managed by Helm. Run scripts/create-secrets.sh before
# helm upgrade --install shorefront ./helm/shorefront \ # the first helm install/ArgoCD sync:
# --values helm/shorefront/values-prod.yaml \ #
# --set secrets.postgresPassword=<real-password> \ # export POSTGRES_PASSWORD=<real-password>
# --set secrets.jwtSecretKey=<real-jwt-secret> # export JWT_SECRET_KEY=<real-jwt-secret>
# bash scripts/create-secrets.sh

4
helm/shorefront/values.yaml
View File

@@ -33,7 +33,3 @@ nfs:
ingress: ingress:
host: shorefront.example.com host: shorefront.example.com
ingressClassName: traefik ingressClassName: traefik
secrets:
postgresPassword: changeme-in-prod
jwtSecretKey: changeme-in-prod