How do I use Helm Secrets with Okteto

If we are using Helm Secrets to inject sensible environments variables to our application, is it possible to add the logic using Okteto?

How would I use those variables in my Manifest?

1 Like

Maybe you are using helm secrets to inject sensible environment variables to your deployments.

If that is your case, this is an example of how to integrate it with Okteto!

This tutorial is assuming that you have all components already installed and configured.

1. Create Key Pair

For this example Im going to use gpg but you can use what ever you want to generate the private and public key for your encryption.

> gpg --gen-key

Follow the installation steps including adding passphrase and check that check that you create the keys:

> gpg --list-keys

pub   rsa4096 2024-01-20 [SC] [expires: 2028-01-19]
uid        UID
sub   rsa4096 2024-01-20 [E] [expires: 2028-01-19]

2. Create Secret

To do this, we are going to use sops, which should be installed by default when you install the helm secret plugin.

sops -p ${FINGERPRINT} secrets.yaml

Add then the variables needed:

dbpassword: secret1

3. Add K8s Secret
The file is now encrypted with the data we added, but we can always check the content with helm secrets and the passphrase we added before.

helm secrets view secrets.yaml

Now you can add to your Helm Chart your Kubernetes Secrets using the same name you added to the secret key. In our case something like:

apiVersion: v1
kind: Secret
  name: example
  pass: {{ .Values.dbpassword | b64enc | quote }}

4. Adding it to Okteto Workflow

Now you need to automate this to your development environments!

Create your decrypt secret in the Admin (if it is for all developers) or Settings (if every developer has access to specific variables) view.

For example as : OKTETO_SECRET_KEY

And add it to your manifest deploy section:

  - helm secrets upgrade --install app ./applocation
    --password {OKTETO_SECRET_KEY}