Skip to content

Commit

Permalink
Merge pull request #366: add external secret for datastore encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
cognifloyd authored May 22, 2023
2 parents 7ee24be + c4fdcee commit f49658a
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/unit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
# We should periodically check to see if another fork has taken over maintenance,
# as the de-facto "best" fork has changed several times over the years.
run: |
helm plugin install https://github.com/quintush/helm-unittest
helm plugin install https://github.com/quintush/helm-unittest --version v0.2.11
- name: Install chart dependencies
run: |
Expand Down
8 changes: 8 additions & 0 deletions templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@ Create the name of the stackstorm-ha st2 auth secret to use
{{- default $name .Values.st2.existingAuthSecret -}}
{{- end -}}

{{/*
Create the name of the stackstorm-ha st2 datastore secret to use
*/}}
{{- define "stackstorm-ha.secrets.st2Datastore" -}}
{{- $name := print .Release.Name "-st2-datastore-crypto-key" -}}
{{- default $name .Values.st2.existingDatastoreSecret -}}
{{- end -}}


{{/*
Generate '-' prefix only when the variable is defined
Expand Down
14 changes: 7 additions & 7 deletions templates/deployments.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ spec:
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down Expand Up @@ -588,7 +588,7 @@ spec:
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down Expand Up @@ -809,7 +809,7 @@ spec:
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down Expand Up @@ -924,7 +924,7 @@ spec:
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down Expand Up @@ -1230,7 +1230,7 @@ spec:
{{- if ne "disable" (default "" $.Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ $.Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" $ }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down Expand Up @@ -1379,7 +1379,7 @@ spec:
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down Expand Up @@ -1658,7 +1658,7 @@ spec:
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
- name: st2-encryption-key-vol
secret:
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
items:
- key: datastore_crypto_key
path: datastore_key.json
Expand Down
2 changes: 2 additions & 0 deletions values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ st2:
#password: Ch@ngeMe
# Name of existing ST2 Auth secret, disables creation of this secret
# existingAuthSecret: ""
# Name of existing ST2 datastore secret, disables creation of this secret
# existingDatastoreSecret: ""

# ST2 crypto key for the K/V datastore.
# See https://docs.stackstorm.com/datastore.html#securing-secrets-admin-only for more info.
Expand Down

0 comments on commit f49658a

Please sign in to comment.