How about deployment? Image a CI-CD pipeline: 1. build my application incl. unit tests 2. deploy to e.g. pre-prod How does the second step look like? * within a container (or build agent) with sops installed ** checkout code (if not already) ** decrypt the values file (and store it???) ** deploy the helm chart ** clean up
Hi @martinlemnian2472, To integrate this in your CI/CD pipeline you can simply leverage the capability of helm plugin secrets for decrypting the secrets with Skaffold or any other CI/CD tool such as Jenkins, Harness, GitHub A., GitLab etc. You create your helm chart and pass secrets and values.yaml configuration as a key-value pair inside the config map on the fly. While KMS is restricted via IAM users or roles so no devs can encrypt or decrypt the secrets. And, via RBAC you can control the permission and don't share the environment variables mounted via CM (ConfigMap) on the pod so the users can't see any of those secrets. skaffold.dev/ kubernetes.io/docs/concepts/configuration/configmap/#configmaps-and-pods github.com/jkroepke/helm-secrets
Hi @martin, anyone can do the task in anyway. All it matters what’s the best way to secure your confidential environment variables. Most of the companies workflow is around like All the charts templates goes under one folder. And the all values goes under another folder, where you can create sub folder with different environment and create different secret files and secret keys. For build and deploy. Skaffold would be the ideal tool should anyone use. Based on the profile you selected it will deploy the code and fetch those secrets for you.
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
straight forward explanation and demo. Thanks for the video!
How about deployment?
Image a CI-CD pipeline:
1. build my application incl. unit tests
2. deploy to e.g. pre-prod
How does the second step look like?
* within a container (or build agent) with sops installed
** checkout code (if not already)
** decrypt the values file (and store it???)
** deploy the helm chart
** clean up
Hi @martinlemnian2472,
To integrate this in your CI/CD pipeline you can simply leverage the capability of helm plugin secrets for decrypting the secrets with Skaffold or any other CI/CD tool such as Jenkins, Harness, GitHub A., GitLab etc.
You create your helm chart and pass secrets and values.yaml configuration as a key-value pair inside the config map on the fly. While KMS is restricted via IAM users or roles so no devs can encrypt or decrypt the secrets. And, via RBAC you can control the permission and don't share the environment variables mounted via CM (ConfigMap) on the pod so the users can't see any of those secrets.
skaffold.dev/
kubernetes.io/docs/concepts/configuration/configmap/#configmaps-and-pods
github.com/jkroepke/helm-secrets
Hi @martin, anyone can do the task in anyway. All it matters what’s the best way to secure your confidential environment variables.
Most of the companies workflow is around like
All the charts templates goes under one folder. And the all values goes under another folder, where you can create sub folder with different environment and create different secret files and secret keys.
For build and deploy. Skaffold would be the ideal tool should anyone use. Based on the profile you selected it will deploy the code and fetch those secrets for you.
How does the deployment operator decrypt the environmental variables on Kubernetes. I am sorry but the title does not match the content.
Using vs code as a terminal to start vi, that’s how you do it ,)
You showed how to create and store them, but not how to retrieve and use them.
its coming in the new video