chat-server secrets.yaml file

secrets.yaml file will hold all your sensible information (configuration keys and variables) as encrypted secrets through helm secrets plugin configuration. See 5.4 section for available configurations.

Create or open HighSide provided secrets.yaml file with a text editor and edit its values in plain text, this should be the only time you input plain text sensitive values in the file.

Then you can encrypt the values into secrets using helm secrets enc, for example for sandbox environment you would use the following command:

helm secrets enc vars/sandbox/secrets.yaml

To edit secrets already encrypted you can use the helm secrets edit command which will open your predetermined text editor and let you edit the variables, using previous sandbox environment example:

helm secrets edit vars/sandbox/secrets.yaml

To view secrets already encrypted you can use the helm secrets view command which will print out secrets decrypted values to console, continuing with our example:

helm secrets view vars/sandbox/secrets.yaml

helm secrets plugin checks the rule(s) present in .sops.yaml file to determine the mechanism it will use to encrypt or decrypt the secrets.yaml file based on regular expressions (see 5.2. about .sops.yaml for further details).

Known issue: All keys labeled as sensitive MUST have non-empty values when stored in secrets.yaml file, helm secrets plugin does not support empty values.

E.g.: Redis password is not set (blank) but you still need to specify the CHAT_REDIS_PASSWORD env variable somewhere so you set that in values.yaml with an empty value of "". See 5.4.2. for env vars detail.