Secrets

Sensitive values, such as database passwords, can be securely stored for MijnBureau using helm-secrets. Secrets can be managed in various ways, including secret managers like HashiCorp Vault or encryption tools like SOPS and Vals. MijnBureau supports secrets handling and provides an example configuration for SOPS. A similar setup can be created for Vals.

Example Secrets File

./helmfile/environments/{environment}/example.secrets.yaml

SOPS

This section explains how to use SOPS for managing secrets. First, install SOPS and AGE.

Steps to Use SOPS

Generate an AGE Key Pair:

Run the following command to generate a key pair:
```
age-keygen -o mykey.txt
```
Update .sops.yaml:

Replace the age: entry in .sops.yaml with your public key.

Encrypt a File:

Add values to example.secrets.yaml and encrypt it:

helm secrets encrypt -i ./helmfile/environments/{environment}/example.secrets.yaml

Decrypt for Local Use:

Decrypt the file for local use by running:

export SOPS_AGE_KEY_FILE=./mykey.txt
helm secrets decrypt -i ./helmfile/environments/{environment}/example.secrets.yaml

Use with Helmfile:

Export the required environment variables and run Helmfile commands:

export MIJNBUREAU_MASTER_PASSWORD=changethis
export SOPS_AGE_KEY_FILE=./mykey.txt
helmfile template
helmfile apply

Example Secrets File​

SOPS​

Steps to Use SOPS​

Example Secrets File

SOPS

Steps to Use SOPS