Is there any way to retrieve secrets for the Helm Chart from the GCP Secret Manager during the chart deployment CI/CD pipeline? Or is better to use CI/CD secret manager and then there pull credentials for the chart deployment?
Get secret for the Helm Chart from GCP Secret Manager
3.7k Views Asked by JackTheKnife At
2
There are 2 best solutions below
0
Avinash Singh
On
Follow the following steps to read secrets from GCP secrets.
Install helm secrets Plugin by running the following command.
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.1
Install vals
Make sure the user on your workstation or CI/CD automation (service Account) tool has access to read google secrets from the project.
Update your parameters in value.yaml as for following example.
mysqlpassword: ref+gcpsecrets://my-gcp-project/mysql-password
Run the following command to apply the changes.
helm secrets --evaluate-templates upgrade --install chart-name . --namespace=custom-namespace -f values.yaml
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in KUBERNETES-HELM
- Oracle setting up on k8s cluster using helm charts enterprise edition
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Kubernetes, Helm, Varnish, building vcl file
- Network Connectivity Issue with Akeyless Gateway
- Gitlab CI - helm cli not working in source bash script
- `helm upgrade` patch deployment when there is no change
- Troubleshooting Airflow Deployment on Kubernetes: Webserver Inaccessibility, Pod Crashes, and Timeout Issues
- Helm Variable Chart.Name in Chart.yaml
- Creating a default helm chart with custom values
- Why using keystore value in Elasticsearch helm chart results in this error?
- Helm pod deployment loop
- how to securely add password or secrets into a helm values.yaml file that will be commited in git?
- Druid runtime properties
- Setting up Jupyterhub in ArgoCD doesnt accept values.yaml
- In a Helm template, is it possible to override specific properties if there are same key with different values
Related Questions in GOOGLE-SECRET-MANAGER
- Asynchronous function returns Promise{pending} instead of a value
- Can't find option in Google Cloud Run to add created Secrets to Variables - documentation is misleading
- How to use REACT_ENV_SECRET in firebase
- Laravel/GCP Error: Could not construct ApplicationDefaultCredentials
- Spring boot running in GKE fetch secret from secret manager
- GCP mount 2 secrets in one directory
- How do you Inject a File from Google Secret Manager into a Google Cloud Run App via Terraform
- Unknown error from gcp secret manager (bad gateway)
- Java Maven: Configuring GCP Secret Manager. Type Not Accessible Error, Multiple Module Error, and ClassNotFoundException
- Google Secret Manager doesn't have access to GKE
- Add custom converter before manully binding properties using EnvironmentAware : Springboot
- 404 errors calling BigQuery, Pub/Sub and Secret Manager after deployment
- Terraform GCP: Creating Cloud SQL User with Google Secret Manager Password Leads to Authentication Failure
- GKE Secrets OR Google Secret manager
- Is there a way of querying Google Secrets Manager?
Related Questions in GCP-SECRET-MANAGER
- Unable to add TLS certificate to GKE from Google Secret Manager
- Listing all secret version Alias in gcp secret-manager through .net
- java.lang.IllegalStateException: getTransportChannel() called when needsExecutor() is true while getting gcp secret manager
- GCP authentication not working with gcloud auth activate-service-account
- Spring boot not able to get secrets from Google secret manager during deployment in GCP
- How to read Secret Manager secrets as file (e.g. GOOGLE_APPLICATION_CREDENTIALS as Json)?
- How to read a secret from GCP secret manager in terraform
- Google Cloud Platform: secret as build env variable
- Secret Manager- To create the secret of a secret_name which is out there already and used by production application
- Spring Boot cloud config does not handle Google Secret Manager tokens
- The frequency of loading Secret Manager in Cloud Run
- Terraform module for GCP secret module
- Can we pass different credentials for SecretManagerTemplate in Spring Boot?
- Retrieving environment variables in Google Cloud stored in secret manager
- Get secret for the Helm Chart from GCP Secret Manager
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
There are some information regarding using Google Secret Manager in GKE and best practices in this doc.
You should be able to use it like mentioned here or you can also try plugin like helm-secrets.
There's similar questions with answers that could be helpful 1, 2.