What new feature or improvement would you like to see?

The config-setup.yaml Job template in the quick-start chart hardcodes global.objectStorage.accessKeyId and global.objectStorage.accessKey as plain value: environment variables. This requires storing S3 credentials in values.yaml, which is not ideal for production deployments where secrets should be managed via Kubernetes Secrets.

Current behavior

In deployments/charts/quick-start/templates/config-setup.yaml#L274-L278:

- name: OBJECT_STORAGE_ACCESS_KEY_ID
  value: {{ .Values.global.objectStorage.accessKeyId | quote }}
- name: OBJECT_STORAGE_ACCESS_KEY
  value: {{ .Values.global.objectStorage.accessKey | quote }}

This means credentials must be passed as plain text Helm values, which end up stored in Helm release secrets and potentially committed to Git in values files.

Desired behavior

It would be great to support an option to reference credentials from an existing Kubernetes Secret, for example:

global:
  objectStorage:
    existingSecret:
      name: my-s3-secret
      accessKeyIdKey: access-key-id
      accessKeyKey: access-key

Which would render as:

- name: OBJECT_STORAGE_ACCESS_KEY_ID
  valueFrom:
    secretKeyRef:
      name: my-s3-secret
      key: access-key-id
- name: OBJECT_STORAGE_ACCESS_KEY
  valueFrom:
    secretKeyRef:
      name: my-s3-secret
      key: access-key

Why is this needed?

This helps avoid setting secret in Kubernetes YAML files as plain text. Thanks! ☺️

Code of Conduct

• I agree to follow NVIDIA OSMO's Code of Conduct
• I have searched the open feature requests and have found no duplicates for this feature request