Merge pull request #14405 from Budibase/helm-encryption-key-updates

auto generate encryption key, and use secrets
This commit is contained in:
Martin McKeaveney 2024-08-19 10:14:35 +01:00 committed by GitHub
commit 82c258aea6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 28 additions and 6 deletions

View File

@ -65,7 +65,10 @@ spec:
- name: ENABLE_ANALYTICS - name: ENABLE_ANALYTICS
value: {{ .Values.globals.enableAnalytics | quote }} value: {{ .Values.globals.enableAnalytics | quote }}
- name: API_ENCRYPTION_KEY - name: API_ENCRYPTION_KEY
value: {{ .Values.globals.apiEncryptionKey | quote }} valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: apiEncryptionKey
- name: HTTP_LOGGING - name: HTTP_LOGGING
value: {{ .Values.services.apps.httpLogging | quote }} value: {{ .Values.services.apps.httpLogging | quote }}
- name: INTERNAL_API_KEY - name: INTERNAL_API_KEY
@ -161,7 +164,10 @@ spec:
- name: TENANT_FEATURE_FLAGS - name: TENANT_FEATURE_FLAGS
value: {{ .Values.globals.tenantFeatureFlags | quote }} value: {{ .Values.globals.tenantFeatureFlags | quote }}
- name: ENCRYPTION_KEY - name: ENCRYPTION_KEY
value: {{ .Values.globals.bbEncryptionKey | quote }} valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: bbEncryptionKey
{{ if .Values.globals.bbAdminUserEmail }} {{ if .Values.globals.bbAdminUserEmail }}
- name: BB_ADMIN_USER_EMAIL - name: BB_ADMIN_USER_EMAIL
value: {{ .Values.globals.bbAdminUserEmail | quote }} value: {{ .Values.globals.bbAdminUserEmail | quote }}

View File

@ -58,7 +58,10 @@ spec:
- name: ENABLE_ANALYTICS - name: ENABLE_ANALYTICS
value: {{ .Values.globals.enableAnalytics | quote }} value: {{ .Values.globals.enableAnalytics | quote }}
- name: API_ENCRYPTION_KEY - name: API_ENCRYPTION_KEY
value: {{ .Values.globals.apiEncryptionKey | quote }} valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: apiEncryptionKey
- name: HTTP_LOGGING - name: HTTP_LOGGING
value: {{ .Values.services.automationWorkers.httpLogging | quote }} value: {{ .Values.services.automationWorkers.httpLogging | quote }}
- name: INTERNAL_API_KEY - name: INTERNAL_API_KEY
@ -154,7 +157,10 @@ spec:
- name: TENANT_FEATURE_FLAGS - name: TENANT_FEATURE_FLAGS
value: {{ .Values.globals.tenantFeatureFlags | quote }} value: {{ .Values.globals.tenantFeatureFlags | quote }}
- name: ENCRYPTION_KEY - name: ENCRYPTION_KEY
value: {{ .Values.globals.bbEncryptionKey | quote }} valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: bbEncryptionKey
{{ if .Values.globals.bbAdminUserEmail }} {{ if .Values.globals.bbAdminUserEmail }}
- name: BB_ADMIN_USER_EMAIL - name: BB_ADMIN_USER_EMAIL
value: {{ .Values.globals.bbAdminUserEmail | quote }} value: {{ .Values.globals.bbAdminUserEmail | quote }}

View File

@ -16,10 +16,14 @@ data:
jwtSecret: {{ index $existingSecret.data "jwtSecret" }} jwtSecret: {{ index $existingSecret.data "jwtSecret" }}
objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }} objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }}
objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }} objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }}
bbEncryptionKey: {{ index $existingSecret.data "bbEncryptionKey" }}
apiEncryptionKey: {{ index $existingSecret.data "apiEncryptionKey" }}
{{- else }} {{- else }}
internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }} internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }}
jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }} jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }}
objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }} objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }}
objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }} objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }}
bbEncryptionKey: {{ template "budibase.defaultsecret" "" }}
apiEncryptionKey: {{ template "budibase.defaultsecret" "" }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -65,7 +65,10 @@ spec:
{{ end }} {{ end }}
{{ end }} {{ end }}
- name: API_ENCRYPTION_KEY - name: API_ENCRYPTION_KEY
value: {{ .Values.globals.apiEncryptionKey | quote }} valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: apiEncryptionKey
- name: HTTP_LOGGING - name: HTTP_LOGGING
value: {{ .Values.services.worker.httpLogging | quote }} value: {{ .Values.services.worker.httpLogging | quote }}
- name: INTERNAL_API_KEY - name: INTERNAL_API_KEY
@ -167,7 +170,10 @@ spec:
- name: TENANT_FEATURE_FLAGS - name: TENANT_FEATURE_FLAGS
value: {{ .Values.globals.tenantFeatureFlags | quote }} value: {{ .Values.globals.tenantFeatureFlags | quote }}
- name: ENCRYPTION_KEY - name: ENCRYPTION_KEY
value: {{ .Values.globals.bbEncryptionKey | quote }} valueFrom:
secretKeyRef:
name: {{ template "budibase.fullname" . }}
key: bbEncryptionKey
{{ if .Values.globals.datadogApmEnabled }} {{ if .Values.globals.datadogApmEnabled }}
- name: DD_LOGS_INJECTION - name: DD_LOGS_INJECTION
value: {{ .Values.globals.datadogApmEnabled | quote }} value: {{ .Values.globals.datadogApmEnabled | quote }}