Pulling from External Secrets Operators
Sourcing secrets from a vault at deploy time.
Keep Secrets Outside the Chart
Another approach skips storing secrets near the chart at all. You keep them in a dedicated vault and pull them in at deploy time.
A Single Source of Truth
A secret store like HashiCorp Vault or AWS Secrets Manager becomes your source of truth, separate from any chart or repository.
All lessons in this course
- Why Secrets Do Not Belong in values.yaml
- Encrypting Values with helm-secrets and SOPS
- Pulling from External Secrets Operators
- Templating Kubernetes Secret Resources