I have a helm chart that creates the following kubernetes secret
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.kubernetes.appName }}conf
namespace: {{ .Values.kubernetes.namespace }}
stringData:
ConnectionStrings__SqlServerDb: Server={{ .Values.app.SqlHost }}; Database={{ .Values.app.SqlDatabase }}; User ID={{
.Values.app.SqlUsername }}; password={{ .Values.secrets.SqlPassword }}; Application Name={{
.Values.kubernetes.appName }}; TrustServerCertificate=true;
the value of the password in enclosed in curly braces e.g {SuperSecretPassword} which at the end gets translated by helm to [SuperSecretPassword] (with normal braces)
I tried escaping and quoting the value in different ways, but nothing seems to work keeping the curly braces in the final value
the only way I managed to get it working was to put the password directly in the secret yaml
password={SuperSecretPassword}
Any ideas how I can make helm ignore the special characters and mainly not translate {} into []?
here some of the escaping and quoting attempts that I did
password={{ .Values.secrets.SqlPassword | quote }} –> "[SuperSecretPassword]"
password={{ toString .Values.secrets.SqlPassword }} –> [SuperSecretPassword]
password="{{ .Values.secrets.SqlPassword }}" –> "[SuperSecretPassword]"
I also tried enclosing the whole ConnectionStrings__SqlServerDb value in “”
And none of the above seem to work
The sql password itself is retrieved via terraform keyvault_secret resource and passed to the values of the helm chart by
resource "helm_release" "service" {
for_each = { for release in local.helm_releases : "${release.namespace}_${release.service_name}" => release }
name = each.value.service_config["kubernetes.appName"]
chart = "${path.module}/${each.value.service_config.chartPath}"
namespace = each.value.service_config["kubernetes.namespace"]
dynamic "set" {
for_each = {
for key, value in each.value.service_config : key => value
if !startswith(key, "secrets.")
}
content {
name = set.key
value = set.value
}
}
dynamic "set_sensitive" {
for_each = {
for key, value in each.value.service_config : key => value
if startswith(key, "secrets.")
}
content {
name = set_sensitive.key
value = set_sensitive.value
}
}
}
I don’t think that is the issue since I tried passing the secrets.SqlPassword: "{SuperSecret password}"
directly into the values.yaml and it still got translated into [SuperSecretPassword]
Solution:
base64 encode the secret before you pass it to the chart
and decode it in the template
password={{ .Values.secrets.SqlPassword | b64dec }}
5