jkroepke · jkroepke · May 6, 2020 · May 6, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+* Add Vault support (https://github.com/jkroepke/helm-secrets/pull/22)
 * Secret driver to gain secrets from other sources then sops. (https://github.com/jkroepke/helm-secrets/pull/16)
+* Remove name restriction (https://github.com/jkroepke/helm-secrets/pull/23)
 
 ### Changed
 

diff --git a/USAGE.md b/USAGE.md
@@ -22,6 +22,8 @@ Available Commands:
 
 By convention, files containing secrets are named `secrets.yaml`, or anything beginning with "secrets" and ending with ".yaml". E.g. `secrets.test.yaml`, `secrets.prod.yaml` `secretsCOOL.yaml`.
 
+**But unlike zendesk/helm-secrets, you can name your secret file as you want**
+
 Decrypted files have the suffix ".yaml.dec" by default. This can be changed using the `HELM_SECRETS_DEC_SUFFIX` environment variable.
 
 ## Basic commands:

diff --git a/scripts/commands/clean.sh b/scripts/commands/clean.sh
@@ -27,5 +27,5 @@ clean() {
         exit 1
     fi
 
-    find "$basedir" -type f -name "secrets*${DEC_SUFFIX}" -exec rm -v {} \;
+    find "$basedir" -type f -name "*${DEC_SUFFIX}" -exec rm -v {} \;
 }
diff --git a/scripts/commands/helm.sh b/scripts/commands/helm.sh
@@ -10,7 +10,7 @@ helm_command_usage() {
 helm secrets $1 [ --driver <driver> | -d <driver> ] [ --quiet | -q ]
 
 This is a wrapper for "helm [command]". It will detect -f and
---values options, and decrypt any secrets*.yaml files before running "helm
+--values options, and decrypt any encrypted *.yaml files before running "helm
 [command]".
 
 Example:

diff --git a/scripts/commands/view.sh b/scripts/commands/view.sh
@@ -6,7 +6,7 @@ view_usage() {
     cat <<EOF
 helm secrets view [ --driver <driver> | -d <driver> ] <path to file>
 
-View specified secrets[.*].yaml file
+View specified encrypted yaml file
 
 Typical usage:
   $ helm secrets view secrets/myproject/nginx/secrets.yaml | grep basic_auth

diff --git a/scripts/drivers/noop.sh b/scripts/drivers/noop.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env sh
 
 driver_is_file_encrypted() {
-    false
+    true
 }
 
 driver_encrypt_file() {

diff --git a/scripts/run.sh b/scripts/run.sh
@@ -36,7 +36,7 @@ Available Commands:
   view    Print secrets decrypted
   edit    Edit secrets file and encrypt afterwards
   clean   Remove all decrypted files in specified directory (recursively)
-  <cmd>   wrapper that decrypts secrets[.*].yaml files before running helm <cmd>
+  <cmd>   wrapper that decrypts encrypted yaml files before running helm <cmd>
 
 EOF
 }

diff --git a/tests/assets/values/noop/some-secrets.yaml b/tests/assets/values/noop/some-secrets.yaml
@@ -0,0 +1,22 @@
+global_secret: global_bar
+key: |-
+    -----BEGIN PGP MESSAGE-----
+
+    wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P
+    PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI
+    3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY
+    c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj
+    yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE
+    PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9
+    GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i
+    yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0
+    GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1
+    K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr
+    DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS
+    4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi
+    EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h
+    EzAA
+    =jf7D
+    -----END PGP MESSAGE-----
+service:
+    port: 83
diff --git a/tests/assets/values/sops/some-secrets.dec.yaml b/tests/assets/values/sops/some-secrets.dec.yaml
@@ -0,0 +1,23 @@
+global_secret: global_bar
+key: |-
+    -----BEGIN PGP MESSAGE-----
+
+    wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P
+    PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI
+    3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY
+    c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj
+    yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE
+    PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9
+    GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i
+    yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0
+    GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1
+    K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr
+    DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS
+    4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi
+    EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h
+    EzAA
+    =jf7D
+    -----END PGP MESSAGE-----
+service:
+    port: 83
+
diff --git a/tests/assets/values/sops/some-secrets.yaml b/tests/assets/values/sops/some-secrets.yaml
@@ -0,0 +1,28 @@
+global_secret: ENC[AES256_GCM,data:QSuqKj9jUft+Ug==,iv:CXfhR2O5l6IF8KI5SSDxMiWQ7kghfHHb1wASAJ7JMPw=,tag:g/n7/KeltD1ODvolNCLD1w==,type:str]
+key: ENC[AES256_GCM,data:9nAQWTLrA71vJ82ebiEWOP/bt3B3AjCllGRiAU1szxcN95papkFeNRl3mBJT0fqhbsMD/B3hmO+kRbxxzoDAezXI0gDIrlo9fyxoSwzsRxYBzHqg4USFs6iI+THFQLkxDaCu45Ku2cxksdBTBFpswkyk0ZBFhASLfT59GhWji4+n19MXPwb0tyGiCyIpgteXBA7FdMCiLc4ZRTZechZVpvfu1EJf5UgDT39dBAn9+Rwn0oQpDKTHij908VLsH18XcCgISYnixyoShqQxtmFbLipi1Blzs5zqgYFE7BbZ6ZgdCm69/WSXBiLabG+KYMPeEYXI6IRMbf+5qteWqEriRLmjKKbRFRjIdPI3+6ysySje0xYSUHOD3YjpzzeiQPT0OqzPJ/H7LZAO+/MUhel7h83HxzWYR33ieJLE/MghpQYN4zPgqzK4XQpb5ERHtpGrXSbzcSIcICTDrlNf9T7r3SzmHXulUMAIx/AH0s3Kyuv0BzUKWYNNgwj9j99FxofQsdJHx16qph0vu7y1iKu9/Jy89rPWn/LOh8llCGztQj+TXygnUyUfMHXMBAe0X+abCu7WcWuij9ow+adA9HxCA8ezue1pPPDoPTk0OnM7FUxVdgLgEBZu0gEl3jkhVEhouLIka08fE6eJL/iNmepqFb+x815pPVVsJkDDeKxjxt+YwAYgm3BX+ZZdLZVtg93AIEPUeBgZRGw4bYQWvsKwmC8zZhLvMsyX4NwKTj+gViXsCrSv92i1epZZwrzj+xszExz3k3633VdwMOqNtK0/c9GhzSNSktkw9yKMSGTEp4O8TYepovjM/Vei0M9FQ0+rQfLEaRyPMeCIhysh2ggXxIWr5kQdEH3KCIm1aJDRA9QVOvUeXcenfN7x9pG9mqMNkumVu4ops4rDCOy/NlSvJW+n7vk+wHqSIKtwWZxNX+HRQgSmHZmvQS8IEyK5vQOxD8rQD2Er+w6Io6PvLm2F1Op1mV7ea+Lvg2pStFkQVCgRP/TbejN7gNBEsNTkel1D1uEgT2wvN+j2iFvNyEhUFUylaeUBYmDHJ9ZjQqJ2/3QZzR2yN2i+HN9sVZGdHm6bBH08GtDmjliqh8CKRjh0OMJfCZ1ZcoSBz1/m0E5zAZl3ZMuTDZaW70QsO4FoxA0oUqD14c4nxhqL3B9SxA6ErrYWY1+j3vo/ws6sBzWWzLXC59SwlwMg3PytxNWLpw==,iv:w0KBImdBsS63co+HyQVOYOxOFI/tLeRYnr+L+lCcNo8=,tag:ReQ99Km7LDQwEnlN/ppmxg==,type:str]
+service:
+    port: ENC[AES256_GCM,data:KVc=,iv:chJgrn3o4I9D8njAeHPJRfVehfYpOcIWdcVfODvUDp8=,tag:KQH65Yuys5EuzyYJzER/cg==,type:int]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    lastmodified: '2020-05-06T21:50:37Z'
+    mac: ENC[AES256_GCM,data:ZDosePjT2f1T172mFm/zb6znA/uhv3e5cNrlC9krjRXtLBw8GWwn6Zd7OgJ2h38cDuaLpvl56uGmdCSx0rVzRZUwMfkrbQLHOLnwkxeKEPPqhqsKCVIcuHNwlkrTpVfIlfFy4zAiA4UdoSWZtMY2HdA6Ol/D5HZDqQCYSUbWpV0=,iv:V9O/qgUN4PGDB30QKi1A6DYW0Fb9AVfWmzAnRexyzKw=,tag:TBl02haJuEbBd0PYyXEPKQ==,type:str]
+    pgp:
+    -   created_at: '2020-05-06T20:54:30Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA9ce5qCwOO4MAQgAhLFu+zlo/fPrfAVGeQVEIEttihpMzo7CSRJDGYqSqgOO
+            g/NbA/hDVWkE9jzGnxDY01W9RR4FOss+yd1SHlNzsPDDfkXi8e2PA8tNR6XKyoSq
+            aCMYE4TP8JnH2hplxWucib5va2EUkgwAF+86I/ISlMLIXqeVE6xKJAuGcPQ8UwDG
+            YUO5KzcLF8oTyoRGxvakIiCAfCWrzz7wBkT8KG5t8pQvucTtvzOpiexRL/9OU+SA
+            Spgp8WPds+A9WArkLVQ7lcZhI0XiMxITmZdBgXGIG+1pMoGjajXUk2SA5FXeHkgH
+            kgfAhsDlEI3mfSwYMwuFP5/659Wl3gWkMIlTpfBY2NJeAUeCmOKYRwTHR8UFa2Gg
+            wF7wB+aj71S6v4kO932ZFHNNL0JS8OGqg/IigOhgjIC/7ozHehhKNIxCUre2g1Ws
+            dj7U81vziuDuH/sOrgwYdqfQHa6ytoomZbiYLQl4wg==
+            =5Jl6
+            -----END PGP MESSAGE-----
+        fp: D6174A02027050E59C711075B430C4E58E2BBBA3
+    unencrypted_suffix: _unencrypted
+    version: 3.5.0
diff --git a/tests/assets/values/vault/seed.sh b/tests/assets/values/vault/seed.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-vault kv put secret/production global_secret=global_bar port=81
+vault kv put secret/production global_secret=global_bar port=81 port2=83
 
 vault kv put secret/gpg key="-----BEGIN PGP MESSAGE-----
 

diff --git a/tests/assets/values/vault/some-secrets.yaml b/tests/assets/values/vault/some-secrets.yaml
@@ -0,0 +1,4 @@
+global_secret: !vault secret/production#global_secret
+key: !vault secret/gpg#key
+service:
+  port: !vault secret/production#port2
diff --git a/tests/it/diff.bats b/tests/it/diff.bats
@@ -36,7 +36,7 @@ load '../bats/extensions/bats-file/load'
     assert [ ! -f "${FILE}.dec" ]
 }
 
-@test "diff: helm diff upgrade w/ chart + secret file" {
+@test "diff: helm diff upgrade w/ chart + secrets.yaml" {
     helm_plugin_install "diff"
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="diff-$(date +%s)-${SEED}"
@@ -51,7 +51,22 @@ load '../bats/extensions/bats-file/load'
     assert [ ! -f "${FILE}.dec" ]
 }
 
-@test "diff: helm diff upgrade w/ chart + secret file + helm flag" {
+@test "diff: helm diff upgrade w/ chart + some-secrets.yaml" {
+    helm_plugin_install "diff"
+    FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml"
+    RELEASE="diff-$(date +%s)-${SEED}"
+
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets diff upgrade --no-color --allow-unreleased "${RELEASE}" "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "port: 83"
+    assert_output --partial "[helm-secrets] Removed: ${FILE}.dec"
+    assert [ ! -f "${FILE}.dec" ]
+}
+
+@test "diff: helm diff upgrade w/ chart + secrets.yaml + helm flag" {
     helm_plugin_install "diff"
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="diff-$(date +%s)-${SEED}"
@@ -67,7 +82,7 @@ load '../bats/extensions/bats-file/load'
     assert [ ! -f "${FILE}.dec" ]
 }
 
-@test "diff: helm diff upgrade w/ chart + pre decrypted secret file" {
+@test "diff: helm diff upgrade w/ chart + pre decrypted secrets.yaml" {
     helm_plugin_install "diff"
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="diff-$(date +%s)-${SEED}"
@@ -85,7 +100,7 @@ load '../bats/extensions/bats-file/load'
     assert_success
 }
 
-@test "diff: helm diff upgrade w/ chart + secret file + q flag" {
+@test "diff: helm diff upgrade w/ chart + secrets.yaml + q flag" {
     helm_plugin_install "diff"
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="diff-$(date +%s)-${SEED}"
@@ -100,7 +115,7 @@ load '../bats/extensions/bats-file/load'
     assert [ ! -f "${FILE}.dec" ]
 }
 
-@test "diff: helm diff upgrade w/ chart + secret file + quiet flag" {
+@test "diff: helm diff upgrade w/ chart + secrets.yaml + quiet flag" {
     helm_plugin_install "diff"
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="diff-$(date +%s)-${SEED}"
@@ -115,7 +130,7 @@ load '../bats/extensions/bats-file/load'
     assert [ ! -f "${FILE}.dec" ]
 }
 
-@test "diff: helm diff upgrade w/ chart + secret file + special path" {
+@test "diff: helm diff upgrade w/ chart + secrets.yaml + special path" {
     helm_plugin_install "diff"
     FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="diff-$(date +%s)-${SEED}"

diff --git a/tests/it/install.bats b/tests/it/install.bats
@@ -33,7 +33,7 @@ load '../bats/extensions/bats-file/load'
     assert_success
 }
 
-@test "install: helm install w/ chart + secret file" {
+@test "install: helm install w/ chart + secrets.yaml" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="install-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -50,7 +50,24 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 81"
 }
 
-@test "install: helm install w/ chart + secret file + helm flag" {
+@test "install: helm install w/ chart + some-secrets.yaml" {
+    FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml"
+    RELEASE="install-$(date +%s)-${SEED}"
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets install "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "STATUS: deployed"
+    assert_output --partial "[helm-secrets] Removed: ${FILE}.dec"
+    assert [ ! -f "${FILE}.dec" ]
+
+    run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
+    assert_success
+    assert_output --partial "port: 83"
+}
+
+@test "install: helm install w/ chart + secrets.yaml + helm flag" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="install-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -68,7 +85,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "type: NodePort"
 }
 
-@test "install: helm install w/ chart + pre decrypted secret file" {
+@test "install: helm install w/ chart + pre decrypted secrets.yaml" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="install-$(date +%s)-${SEED}"
     printf 'service:\n  port: 82' > "${FILE}.dec"
@@ -88,7 +105,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 82"
 }
 
-@test "install: helm install w/ chart + secret file + q flag" {
+@test "install: helm install w/ chart + secrets.yaml + q flag" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="install-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -105,7 +122,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 81"
 }
 
-@test "install: helm install w/ chart + secret file + quiet flag" {
+@test "install: helm install w/ chart + secrets.yaml + quiet flag" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="install-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -122,7 +139,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 81"
 }
 
-@test "install: helm install w/ chart + secret file + special path" {
+@test "install: helm install w/ chart + secrets.yaml + special path" {
     FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="install-$(date +%s)-${SEED}"
     create_chart "${SPECIAL_CHAR_DIR}"

diff --git a/tests/it/upgrade.bats b/tests/it/upgrade.bats
@@ -33,7 +33,7 @@ load '../bats/extensions/bats-file/load'
     assert_success
 }
 
-@test "upgrade: helm upgrade w/ chart + secret file" {
+@test "upgrade: helm upgrade w/ chart + secrets.yaml" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="upgrade-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -50,7 +50,24 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 81"
 }
 
-@test "upgrade: helm upgrade w/ chart + secret file + helm flag" {
+@test "upgrade: helm upgrade w/ chart + some-secrets.yaml" {
+    FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml"
+    RELEASE="upgrade-$(date +%s)-${SEED}"
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets upgrade -i "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "STATUS: deployed"
+    assert_output --partial "[helm-secrets] Removed: ${FILE}.dec"
+    assert [ ! -f "${FILE}.dec" ]
+
+    run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
+    assert_success
+    assert_output --partial "port: 83"
+}
+
+@test "upgrade: helm upgrade w/ chart + secrets.yaml + helm flag" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="upgrade-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -68,7 +85,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "type: NodePort"
 }
 
-@test "upgrade: helm upgrade w/ chart + pre decrypted secret file" {
+@test "upgrade: helm upgrade w/ chart + pre decrypted secrets.yaml" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="upgrade-$(date +%s)-${SEED}"
     printf 'service:\n  port: 82' > "${FILE}.dec"
@@ -88,7 +105,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 82"
 }
 
-@test "upgrade: helm upgrade w/ chart + secret file + q flag" {
+@test "upgrade: helm upgrade w/ chart + secrets.yaml + q flag" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="upgrade-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -105,7 +122,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 81"
 }
 
-@test "upgrade: helm upgrade w/ chart + secret file + quiet flag" {
+@test "upgrade: helm upgrade w/ chart + secrets.yaml + quiet flag" {
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="upgrade-$(date +%s)-${SEED}"
     create_chart "${TEST_TEMP_DIR}"
@@ -122,7 +139,7 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial "port: 81"
 }
 
-@test "upgrade: helm upgrade w/ chart + secret file + special path" {
+@test "upgrade: helm upgrade w/ chart + secrets.yaml + special path" {
     FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
     RELEASE="upgrade-$(date +%s)-${SEED}"
     create_chart "${SPECIAL_CHAR_DIR}"

diff --git a/tests/lib/helper.bash b/tests/lib/helper.bash
@@ -1,7 +1,7 @@
 GIT_ROOT="$(git rev-parse --show-toplevel)"
 TEST_DIR="${GIT_ROOT}/tests"
 HELM_SECRETS_DRIVER="${HELM_SECRETS_DRIVER:-"sops"}"
-HELM_CACHE="${TEST_DIR}/.tmp/cache/helm"
+HELM_CACHE="${TEST_DIR}/.tmp/cache/$(uname)/helm"
 REAL_HOME="${HOME}"
 
 _shasum() {
@@ -80,6 +80,9 @@ setup() {
         _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/secrets.yaml' "${TEST_TEMP_DIR}")"
         _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/secrets.yaml' "${SPECIAL_CHAR_DIR}")"
 
+        _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/some-secrets.yaml' "${TEST_TEMP_DIR}")"
+        _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/some-secrets.yaml' "${SPECIAL_CHAR_DIR}")"
+
         sh "${TEST_TEMP_DIR}/values/vault/seed.sh"
         ;;
     esac
-Original file line number
+Diff line change
@@ Expand Up / @@ -27,5 +27,5 @@ clean() { @@
             exit 1
         fi
-        find "$basedir" -type f -name "secrets*${DEC_SUFFIX}" -exec rm -v {} \;
+        find "$basedir" -type f -name "*${DEC_SUFFIX}" -exec rm -v {} \;
     }