Skip to content

Application specific secrets

Zoran Sinnema edited this page May 31, 2021 · 3 revisions

CloudHarness Secrets

What are secrets

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image. See Secrets design document for more information.

CloudHarness has build-in support for application specific kubernetes secrets.

Secret definition in CloudHarness

Secrets are defined in the application values.yaml file in the secrets section under the harness section. Example

[harness]
  [secrets]
    Secret1: <value>
    SecondSecret:
    third-secret:

It is a wise decision to store the secret's <value> outside the git(hub) repository and leave the secret's value null / ommit it.

CloudHarness supports 3 ways for editing/maintenance of the secrets outside the git(hub) repository:

  • Codefresh support, all secrets will be added to the codefresh deployment file(s) and can be set/overwritten through the codefresh variable configuration
  • Using Helm to set/overwrite the secret's value helm ... --set apps.<appname>.harness.secrets.<secret>=<value>
  • Using kubernetes secret edit kubectl edit secret <secret>

Clone this wiki locally