Skip to content

[Feature]: Implement Sensitive Values Support with GCS Backend #20

New issue
New issue
Open
Feature
Open
[Feature]: Implement Sensitive Values Support with GCS Backend#20
Feature
Assignees
ritwik-g
Labels
enhancementNew feature or requestgood first issueGood for newcomers
Milestone
v0.2.0
@ritwik-g

Description

@ritwik-g
ritwik-g
opened on Feb 27, 2025

Title

[Feature]: Implement Sensitive Values Support with GCS Backend

Problem Statement

Currently, the Helm Values Manager does not support storing sensitive values securely. The --sensitive flag is hidden in the CLI and ignored in the implementation. This limits the plugin's ability to manage secrets and sensitive configuration values, which is a critical requirement for production Kubernetes deployments.

Proposed Solution

Implement sensitive values support with Google Cloud Storage (GCS) as the first backend:

  1. Enable the --sensitive flag in the CLI:

    • Remove the hidden=True attribute from the --sensitive option
    • Remove the warning and ignoring logic

  2. Implement a GCS backend for sensitive values:

    • Create a GCSValueBackend class that implements the ValueBackend interface
    • Add authentication and configuration for GCS
    • Implement secure storage and retrieval of sensitive values

  3. Update the configuration schema:

    • Add GCS-specific configuration options to the backend_config schema
    • Document the required GCS permissions and setup

  4. Add CLI commands for GCS backend configuration:

    • Add options to configure GCS bucket, project, and credentials
    • Support service account authentication

  5. Update documentation:

    • Add user guide for configuring and using GCS for sensitive values
    • Add examples and best practices

Implementation Details

The implementation will:

  1. Store sensitive values in a GCS bucket with appropriate encryption
  2. Use reference-based approach where only references are stored in the config file
  3. Support automatic retrieval of sensitive values when needed
  4. Include proper error handling for GCS-specific errors
  5. Add comprehensive tests for the GCS backend

Alternative Solutions

  1. Implement all backends at once: This would be more comprehensive but would delay the release of sensitive value support.
  2. Use local encryption: Could encrypt values locally, but this doesn't provide the same level of security and integration.
  3. Use Kubernetes Secrets directly: Could store values directly in Kubernetes Secrets, but this would limit portability.

Additional Context

This feature is a prerequisite for production use of the Helm Values Manager. It will be followed by support for other backends (AWS, Azure, HashiCorp Vault, Git Secret) in future releases.

Labels

  • enhancement
  • feature
  • security
  • good first issue

Requirements

  • This feature aligns with the project's scope and goals
  • I've checked that this feature doesn't already exist
  • I've searched for existing feature requests

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestgood first issueGood for newcomers

Type

Feature

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions