Why Secrets Do Not Belong in values.yaml
The risks of plaintext secrets in charts and Git.
Values Are Plain Text
A chart's values.yaml is ordinary, unencrypted text. Anything you write there, including passwords, is readable by anyone who opens the file.
Git Remembers Forever
Charts usually live in Git. A secret committed once stays in history even after you delete it, so a leak is permanent. 🔒
All lessons in this course
- Why Secrets Do Not Belong in values.yaml
- Encrypting Values with helm-secrets and SOPS
- Pulling from External Secrets Operators
- Templating Kubernetes Secret Resources