MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14405 from Budibase/helm-encryption-key-updates 

auto generate encryption key, and use secrets
This commit is contained in:
Martin McKeaveney 2024-08-19 10:14:35 +01:00 committed by GitHub
parent f8eb726072 5de3967695
commit 82c258aea6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
charts/budibase/templates/app-service-deployment.yaml
View File

@ -65,7 +65,10 @@ spec:
- name: ENABLE_ANALYTICS
value: {{ .Values.globals.enableAnalytics | quote }}
- name: API_ENCRYPTION_KEY
value: {{ .Values.globals.apiEncryptionKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: apiEncryptionKey
- name: HTTP_LOGGING
value: {{ .Values.services.apps.httpLogging | quote }}
- name: INTERNAL_API_KEY
@ -161,7 +164,10 @@ spec:
- name: TENANT_FEATURE_FLAGS
value: {{ .Values.globals.tenantFeatureFlags | quote }}
- name: ENCRYPTION_KEY
value: {{ .Values.globals.bbEncryptionKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: bbEncryptionKey
{{ if .Values.globals.bbAdminUserEmail }}
- name: BB_ADMIN_USER_EMAIL
value: {{ .Values.globals.bbAdminUserEmail | quote }}

10
charts/budibase/templates/automation-worker-service-deployment.yaml
View File

@ -58,7 +58,10 @@ spec:
- name: ENABLE_ANALYTICS
value: {{ .Values.globals.enableAnalytics | quote }}
- name: API_ENCRYPTION_KEY
value: {{ .Values.globals.apiEncryptionKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: apiEncryptionKey
- name: HTTP_LOGGING
value: {{ .Values.services.automationWorkers.httpLogging | quote }}
- name: INTERNAL_API_KEY
@ -154,7 +157,10 @@ spec:
- name: TENANT_FEATURE_FLAGS
value: {{ .Values.globals.tenantFeatureFlags | quote }}
- name: ENCRYPTION_KEY
value: {{ .Values.globals.bbEncryptionKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: bbEncryptionKey
{{ if .Values.globals.bbAdminUserEmail }}
- name: BB_ADMIN_USER_EMAIL
value: {{ .Values.globals.bbAdminUserEmail | quote }}

4
charts/budibase/templates/secrets.yaml
View File

@ -16,10 +16,14 @@ data:
jwtSecret: {{ index $existingSecret.data "jwtSecret" }}
objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }}
objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }}
bbEncryptionKey: {{ index $existingSecret.data "bbEncryptionKey" }}
apiEncryptionKey: {{ index $existingSecret.data "apiEncryptionKey" }}
{{- else }}
internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }}
jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }}
objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }}
objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }}
bbEncryptionKey: {{ template "budibase.defaultsecret" "" }}
apiEncryptionKey: {{ template "budibase.defaultsecret" "" }}
{{- end }}
{{- end }}

10
charts/budibase/templates/worker-service-deployment.yaml
View File

@ -65,7 +65,10 @@ spec:
{{ end }}
{{ end }}
- name: API_ENCRYPTION_KEY
value: {{ .Values.globals.apiEncryptionKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: apiEncryptionKey
- name: HTTP_LOGGING
value: {{ .Values.services.worker.httpLogging | quote }}
- name: INTERNAL_API_KEY
@ -167,7 +170,10 @@ spec:
- name: TENANT_FEATURE_FLAGS
value: {{ .Values.globals.tenantFeatureFlags | quote }}
- name: ENCRYPTION_KEY
value: {{ .Values.globals.bbEncryptionKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: bbEncryptionKey
{{ if .Values.globals.datadogApmEnabled }}
- name: DD_LOGS_INJECTION
value: {{ .Values.globals.datadogApmEnabled | quote }}