Improve secret handling #34
Description
Currently we have
createSecret: true
JICOFO_AUTH_PASSWORD: ""
JICOFO_COMPONENT_SECRET: ""
JVB_AUTH_PASSWORD: ""With either requires an external secret to be created/managed or those 3 values to be provided with secrets. #6 did this because we were getting in situations where the secrets were changing every deploy but only some deployables were being restarted (and so picking up the new secret values) leading to situations where the running deployables were using different password values.
Look at https://helm.sh/docs/topics/charts_hooks/ to see if that will help with secret generation inside the chart again. But more generally we should look at specifying a secret name & key that contains these values, e.g. the Bitnami redis chart has:
| Value | Description | Default |
|---|---|---|
| auth.password | Redis® password | "" |
| auth.existingSecret | The name of an existing secret with Redis® credentials | "" |
| auth.existingSecretPasswordKey | Password key to be retrieved from existing secret | "" |
Using the above scheme we could generate a password on initial install only if neither of the top 2 is set