If we are using Helm Secrets to inject sensible environments variables to our application, is it possible to add the logic using Okteto?
How would I use those variables in my Manifest?
1 Like
Maybe you are using helm secrets to inject sensible environment variables to your deployments.
If that is your case, this is an example of how to integrate it with Okteto!
This tutorial is assuming that you have all components already installed and configured.
1. Create Key Pair
For this example Im going to use gpg but you can use what ever you want to generate the private and public key for your encryption.
> gpg --gen-key
Follow the installation steps including adding passphrase and check that check that you create the keys:
> gpg --list-keys
pub rsa4096 2024-01-20 [SC] [expires: 2028-01-19]
${FINGERPRINT}
uid UID
sub rsa4096 2024-01-20 [E] [expires: 2028-01-19]
2. Create Secret
To do this, we are going to use sops, which should be installed by default when you install the helm secret plugin.
sops -p ${FINGERPRINT} secrets.yaml
Add then the variables needed:
dbpassword: secret1
3. Add K8s Secret
The file is now encrypted with the data we added, but we can always check the content with helm secrets and the passphrase we added before.
helm secrets view secrets.yaml
Now you can add to your Helm Chart your Kubernetes Secrets using the same name you added to the secret key. In our case something like:
apiVersion: v1
kind: Secret
metadata:
name: example
data:
pass: {{ .Values.dbpassword | b64enc | quote }}
4. Adding it to Okteto Workflow
Now you need to automate this to your development environments!
Create your decrypt secret in the Admin (if it is for all developers) or Settings (if every developer has access to specific variables) view.
For example as : OKTETO_SECRET_KEY
And add it to your manifest deploy section:
deploy:
- helm secrets upgrade --install app ./applocation
--password {OKTETO_SECRET_KEY}