devspace-sh
Support helm secrets plugin
Is your feature request related to a problem?
No
Which solution do you suggest?
Support for the plugin helm secrets https://github.com/futuresimple/helm-secrets
helm secrets is a wrapper for the helm commands, allowing to use encrypted values files, using sops, and decrypting the files on the fly.
/kind feature
@igoooor thanks for opening this issue! We usually try to avoid implementing support for specific plugins, however I definitively see the use case and think we could add a more general solution for use cases like this:
deployments:
- name: mydeployment
helm:
chart: ...
cli:
enabled: true
path: path/to/my/helm (optional)
upgradeArgs: ...
deleteArgs: ...
templateArgs: ...
This would allow you to use any helm wrapper and custom flags for deployment, purge and template. What do you think about this?
That sounds really great! A workaround I've used meanwhile is to use a hook and manually decrypt the secret file, and use the decrypted file as valuesFiles: []
using hooks works perfectly for deployment but there is no hook for render so if I run devspace render while secrets are not decrypted yet - it shows warning and falls back to default values for secrets.
Found another workaround by using upgradeArgs/templateArgs:
helm:
chart:
name: ./chart
valuesFiles:
- chart/values.yaml
upgradeArgs:
- --values
- secrets://chart/secrets.yaml
templateArgs:
- --values
- secrets://chart/secrets.yaml
would be nice to have first-class support for helm secrets as for example in skaffold. perhaps something like:
helm:
valuesFiles:
- chart/values.yaml
secretsFiles:
- chart/secrets.yaml
Thanks @aliusmiles for your secrets:// workaround, I've been chasing this issue all night trying to figure this out! Agreed though, it would be great to get better support for helm-secrets!
