Is there any way to retrieve secrets for the Helm Chart from the GCP Secret Manager during the chart deployment CI/CD pipeline? Or is better to use CI/CD secret manager and then there pull credentials for the chart deployment?
Get secret for the Helm Chart from GCP Secret Manager
3.7k views Asked by JackTheKnife At
2
There are 2 answers
0
Avinash Singh
On
Follow the following steps to read secrets from GCP secrets.
Install helm secrets Plugin by running the following command.
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.1
Install vals
Make sure the user on your workstation or CI/CD automation (service Account) tool has access to read google secrets from the project.
Update your parameters in value.yaml as for following example.
mysqlpassword: ref+gcpsecrets://my-gcp-project/mysql-password
Run the following command to apply the changes.
helm secrets --evaluate-templates upgrade --install chart-name . --namespace=custom-namespace -f values.yaml
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in KUBERNETES-HELM
- Oracle setting up on k8s cluster using helm charts enterprise edition
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Kubernetes, Helm, Varnish, building vcl file
- Network Connectivity Issue with Akeyless Gateway
- Gitlab CI - helm cli not working in source bash script
- `helm upgrade` patch deployment when there is no change
- Troubleshooting Airflow Deployment on Kubernetes: Webserver Inaccessibility, Pod Crashes, and Timeout Issues
- Helm Variable Chart.Name in Chart.yaml
- Creating a default helm chart with custom values
- Why using keystore value in Elasticsearch helm chart results in this error?
- Helm pod deployment loop
- how to securely add password or secrets into a helm values.yaml file that will be commited in git?
- Druid runtime properties
- Setting up Jupyterhub in ArgoCD doesnt accept values.yaml
- In a Helm template, is it possible to override specific properties if there are same key with different values
Related Questions in GOOGLE-SECRET-MANAGER
- Google secret manager webpack issue
- How to keep GCP Secret Manager and AWS Secret Manager in sync using Terraform
- Invalid parent project. Either parent project doesn't exist or didn't enable multi-tenancy
- How to check if a secret is disabled in Google Cloud Secret Manager when using the Google Cloud Java SDK?
- GCP Cloud Run - Cannot update environment variable to string literal because it has already been set with a different type
- SecretIterator not working as expected because of cancelled context
- Problem with permissions during deployment firebase cloud function v2
- GCP Secret Manager works on Local build but not on GCP Cloud RUN
- Use GCloud CLI to list secrets that have label but no value
- In Google Cloud Function, gspread_pandas gives TypeError: 'AuthorizedSession' object is not callable. Loading credentials from Secret Manager
- Listing all secret version Alias in gcp secret-manager through .net
- Dataflow Runner has problems with GCP Secret Manager
- GKE with Workload identity can't access secrets from Secret Manager through nodejs client library
- Google Secret Manager and Cloud Functions - Audit logs and caller id
- GCP Secret Manager empty reply/broken pipe on Ubuntu 22 VM in PHP
Related Questions in GCP-SECRET-MANAGER
- Unable to add TLS certificate to GKE from Google Secret Manager
- Listing all secret version Alias in gcp secret-manager through .net
- java.lang.IllegalStateException: getTransportChannel() called when needsExecutor() is true while getting gcp secret manager
- GCP authentication not working with gcloud auth activate-service-account
- Spring boot not able to get secrets from Google secret manager during deployment in GCP
- How to read Secret Manager secrets as file (e.g. GOOGLE_APPLICATION_CREDENTIALS as Json)?
- How to read a secret from GCP secret manager in terraform
- Google Cloud Platform: secret as build env variable
- Secret Manager- To create the secret of a secret_name which is out there already and used by production application
- Spring Boot cloud config does not handle Google Secret Manager tokens
- The frequency of loading Secret Manager in Cloud Run
- Terraform module for GCP secret module
- Can we pass different credentials for SecretManagerTemplate in Spring Boot?
- Retrieving environment variables in Google Cloud stored in secret manager
- Get secret for the Helm Chart from GCP Secret Manager
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
There are some information regarding using Google Secret Manager in GKE and best practices in this doc.
You should be able to use it like mentioned here or you can also try plugin like helm-secrets.
There's similar questions with answers that could be helpful 1, 2.