External Secrets

This document covers how to utilise external secrets and special requirements. * [General](#general) * [Components](#components) * [MinIO](#minio) # General For most components when set the external secret will supersede e.g. a password in a `values.yaml` file. The file [`external_secrets.yaml`](/helmfile/environments/default/external_secrets.yaml.gotmpl) lists all possible references to external secrets that are currently implemented in openDesk. # Components This section covers information and special requirements to external secrets that some Helm Charts expect. ## MinIO Like described in the [upstream `values.yaml`](https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml#L1595) credentials and information about a user in external secrets listed in `usersExistingSecrets` have to be formatted as follows: ```yaml stringData: username1: | username=test-username password=test-password disabled=false policies=readwrite,consoleAdmin,diagnostics setPolicies=fa ``` Further we need the credentials introduced at MinIO in various other components that didn't implement the special format from MinIO. Hence we have to create key-value-pairs of the passwords for them.