-
-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm values file is unable to recognize the secret file which is encrypted using sops #457
Comments
tbh. it's not easy to debug from my side, but I feel one thing a bit strange:
An age encrypted file looks like this: helm-secrets/tests/assets/values/sops/secrets.age.yaml Lines 1 to 4 in e473cb3
Even the files are not decrypted by help, the keys should be still present, but the values should be encrypted only. Could you confirm that this:
is not return any errors? |
Hi jkroepke, Yes, we are seeing the error. Have attached it for your reference. |
If
returns the same error, then the keys |
Hi jkroepke, Thanks for your response. Please find below the different error message for 2 scenarios of passing the encrypted file. Scenario1: helm:
Scenario2: helm:
But the keys are correct we did verify by decrypting them. Could you please check and let us know your thoughts. Thanks! |
Could it be possible that you miss an additional value property which is required in addition? Since, we can see a difference between encrypted an non-encrypted. I expected that encryption works as expected. |
Current Behavior
We are trying to deploy our changes using helm in Argo CD. Our Application file has reference to both the values.yaml and the secret which is encrypted using sops like below. But its not getting deployed, saying the fields referenced through the encrypted file are not set.
helm:
valueFiles:
- values.yaml
- secrets+age-import:///helm-secrets-private-keys/key.txt?accessToken.enc.yaml
Have verified manually that the encryption is working properly by decrypting the values and was able to deploy the helm manually with the same secret fields. Also in order to debug tried passing one of the field value directly inside the values.yaml and that error is not seen now. We would require your help to resolve this issue. Thanks!
Expected Behavior
We are trying to deploy our changes using helm in Argo CD. Our Application file has reference to both the values.yaml and the secret which is encrypted using sops like below.
helm:
valueFiles:
- values.yaml
- secrets+age-import:///helm-secrets-private-keys/key.txt?accessToken.enc.yaml
We are expecting the values.yaml file recognises the accessToken.enc.yaml and deploy the changes.
Steps To Reproduce
No response
Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: