Skip to main content

Secrets

Sensitive values (like database passwords) can be securely stored for MijnBureau using helm-secrets. You can store secrets in different ways. Some companies use secret managers like hashicorp vault or encryption tools like SOPS or vals. We have added secrets handling into account for MijnBureau. We prepared SOPS with a example file. The same can be done for Vals

./helmfile/environments/{environment}/example.secrets.yaml

SOPS

In this part we describe how to use SOPS. First install SOPS and AGE

  1. Generate an Age key pair:
age-keygen -o mykey.txt

  1. Update .sops.yaml: Replace the sample age: entry with your public key.

  2. Encrypt a file:

add some values in the example.secrets.yaml and encrypt it.

helm secrets encrypt -i ./helmfile/environments/{environment}/example.secrets.yaml
  1. Decrypt for local use:
export SOPS_AGE_KEY_FILE=./mykey.txt
helm secrets decrypt -i ./helmfile/environments/{environment}/example.secrets.yaml
  1. Use with helmfile
export MIJNBUREAU_MASTER_PASSWORD=changethis
export SOPS_AGE_KEY_FILE=./mykey.txt
helmfile template
helmfile apply