Skip to content

[velero] Support for Multiple Secrets #713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Footur wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[velero] Support for Multiple Secrets #713

Footur wants to merge 1 commit into from

Conversation

@Footur
Copy link

@Footur Footur commented Sep 25, 2025
edited
Loading

Special notes for your reviewer:

  • Bump chart version from 11.0.0 to 12.0.0
  • Replace secretContents with extraSecrets array to allow multiple secrets
  • Update templates to handle new credentials format
  • Update README with instructions for upgrading and securing Restic passwords
  • Adjust test values to match new secret structure
  • Move secret env vars to helper template

Fixes #268

Checklist

  • DCO signed
  • Chart Version bumped, please refer to the chart version instruction
  • Variables are documented in the values.yaml or README.md
  • Title of the PR starts with chart name (e.g. [velero])

@Footur Footur changed the title [velero] Update Velero Helm chart to v11.0.0 [velero] Support for Multiple Secrets Sep 25, 2025
@Footur Footur force-pushed the improve-secrets branch 9 times, most recently from 9cae19d to 83ecc3b Compare October 1, 2025 14:46
@Footur
Update Velero Helm chart to v12.0.0
3bce577 
- Bump chart version from 11.0.0 to 12.0.0
- Replace `secretContents` with `extraSecrets` array to allow multiple secrets
- Update templates to handle new credentials format
- Update README with instructions for upgrading and securing Restic passwords
- Adjust test values to match new secret structure
- Move secret env vars to helper template

Signed-off-by: Footur <[email protected]>
@Footur
Copy link
Author

Footur commented Oct 7, 2025

Hello @jenting, hello @ywk253100, can you tell me what needs to be done to get this pull request merged please?

@Kajot-dev
Copy link
Contributor

Kajot-dev commented Oct 7, 2025

Is it a good idea to even allow to specify secret values in plain text? Besides you can easily add secrets via .Values.extraObjects and then reference them in BackupStorageLocation. As for Restic/Kopia password I guess you can also use .Values.extraObjects, but I think is meant to be deployed outside of the chart

@Footur
Copy link
Author

Footur commented Oct 8, 2025

Is it a good idea to even allow to specify secret values in plain text?

No, you should use tools like SOPS to encrypt your secrets in configuration.

Besides you can easily add secrets via .Values.extraObjects and then reference them in BackupStorageLocation. As for Restic/Kopia password I guess you can also use .Values.extraObjects, but I think is meant to be deployed outside of the chart

If you use .Values.extraObjects, these objects are missing the generated annotations by Helm then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jenting jenting Awaiting requested review from jenting

@ywk253100 ywk253100 Awaiting requested review from ywk253100

At least 2 approving reviews are required to merge this pull request.

Assignees

@Footur Footur

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

add possibility to customize the velero-restic-credentials

2 participants

@Footur @Kajot-dev