fix: add missing API_KEY_SECRET configuration

Polliog · Polliog · commit cf6eddb17d48 · 2026-01-21T16:33:31.000+01:00
- Add config.apiKeySecret to values.yaml
- Add API_KEY_SECRET to secrets template (auto-generated if not set)
- Update README with new config parameters

Fixes issue where backend/worker pods failed with "API_KEY_SECRET Required" error
diff --git a/README.md b/README.md
@@ -78,6 +78,9 @@ See [values.yaml](charts/logtide/values.yaml) for the full list of configurable
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
+| `config.apiKeySecret` | API key encryption secret (32+ chars) | Auto-generated |
+| `config.jwtSecret` | JWT authentication secret | Auto-generated |
+| `config.sessionSecret` | Session encryption secret | Auto-generated |
 | `backend.replicaCount` | Number of backend replicas | `2` |
 | `backend.autoscaling.enabled` | Enable HPA for backend | `true` |
 | `frontend.replicaCount` | Number of frontend replicas | `2` |
diff --git a/charts/logtide/Chart.yaml b/charts/logtide/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: logtide
 description: A Helm chart for LogTide - Open-source log management and SIEM platform
 type: application
-version: 2.0.2
+version: 2.0.3
 appVersion: "0.4.0"
 
 home: https://logtide.dev
diff --git a/charts/logtide/templates/secrets.yaml b/charts/logtide/templates/secrets.yaml
@@ -10,6 +10,8 @@ data:
   JWT_SECRET: {{ $jwtSecret | b64enc | quote }}
   {{- $sessionSecret := .Values.config.sessionSecret | default (randAlphaNum 64) }}
   SESSION_SECRET: {{ $sessionSecret | b64enc | quote }}
+  {{- $apiKeySecret := .Values.config.apiKeySecret | default (randAlphaNum 64) }}
+  API_KEY_SECRET: {{ $apiKeySecret | b64enc | quote }}
   {{- if and .Values.config.smtp.enabled (not .Values.config.smtp.existingSecret) }}
   SMTP_USER: {{ .Values.config.smtp.user | b64enc | quote }}
   SMTP_PASSWORD: {{ .Values.config.smtp.password | b64enc | quote }}
diff --git a/charts/logtide/values.yaml b/charts/logtide/values.yaml
@@ -290,6 +290,10 @@ config:
   # Session secret (auto-generated if empty)
   sessionSecret: ""
 
+  # API key encryption secret (auto-generated if empty)
+  # Used to encrypt API keys at rest. Must be at least 32 characters.
+  apiKeySecret: ""
+
   # CORS origins (comma-separated)
   corsOrigins: ""
 
