Kubernetes secrets and Helm Chart installation

Beginning with version 2.8.0 of the Snyk Broker Helm Chart, external secrets are supported.

To enable this functionality, set useExternalSecrets to true in values.yaml or --set externalSecrets=true.

To obtain a list of required secrets, perform a dry run of a Helm installation. This will not make any changes to your Kubernetes environment, but does require the following:

helm install snyk-broker-chart \
  snyk-broker/snyk-broker \
  --set externalSecrets=true \
  --set scmType=<your-scm-type> \
  --dry-run=client

A list of secrets with their expected names and values will be generated. The following example uses scmType=nexus :

### Secret Creation Disabled ###

Ensure secrets are present on your cluster in the default namespace:

-> NAME:KEY <VALUE>
-> nexus-broker-token-snyk-broker-chart:nexus-broker-token-key <your-broker-token>
-> nexus-base-nexus-url-snyk-broker-chart:nexus-base-nexus-url <BASE_NEXUS_URL>
-> nexus-nexus-url-snyk-broker-chart:nexus-nexus-url <NEXUS_URL>
-> nexus-broker-client-validation-url-snyk-broker-chart:nexus-broker-client-validation-url <BROKER_CLIENT_VALIDATION_URL>

In this example, four secrets must exist within the same namespace to which the Broker will be installed, each containing one key-value pair. Any values that are shown in <> characters are indicators to add your own secret data.

Renaming secrets and keys