Is there any way to retrieve secrets for the Helm Chart from the GCP Secret Manager during the chart deployment CI/CD pipeline? Or is better to use CI/CD secret manager and then there pull credentials for the chart deployment?
Asked
Active
Viewed 2,634 times
2 Answers
2
There are some information regarding using Google Secret Manager in GKE and best practices in this doc.
You should be able to use it like mentioned here or you can also try plugin like helm-secrets.
There's similar questions with answers that could be helpful 1, 2.
Sergiusz
- 1,175
- 4
- 13
-
Secrets Store CSI driver looks promising but it is not supported way and code state is not stable. `secrets-init` looks minimalistic and easy to use but is going to work on docker images which you own nothing pulled from the docker hub. On another hand `helm-secret` may do the job for such of images but example for GCP is not clear. – JackTheKnife Sep 30 '21 at 19:48
-
Just got an info on `helm-secrets` project that they are still working on GCP Secret Manager implementation so currently I'm limited to the `secrets-init` – JackTheKnife Sep 30 '21 at 21:12
0
Follow the following steps to read secrets from GCP secrets.
Install helm secrets Plugin by running the following command.
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.1
Install vals
Make sure the user on your workstation or CI/CD automation (service Account) tool has access to read google secrets from the project.
Update your parameters in value.yaml as for following example.
mysqlpassword: ref+gcpsecrets://my-gcp-project/mysql-password
Run the following command to apply the changes.
helm secrets --evaluate-templates upgrade --install chart-name . --namespace=custom-namespace -f values.yaml
Avinash Singh
- 1,006
- 9
- 10