-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Having secrets in an external system (like Hashicorp Vault) and then using [vaultenv](https://github.com/channable/vaultenv) to inject these during `helm install/upgrade`. So you end up with something like `vaultenv ... -- helm install --set config.myvar=${VAULTENV_INJECTED_ENV_VALUE}` (or similar). Point is I use vaultenv to run helm with secrets injected as env vars only during the helm run, and use helm's `--set` flag to set individual secrets. This can get tedious if you have many secrets as you have to specify each of them individually with --set. Usually I wrap this in a Makefile or a shell script for easier invoking.
The other approach I've used is an external system to encrypt a secrets.yaml file. More specifically I've used [sops](https://github.com/mozilla/sops) with AWS's KMS for encrypting a file that gets committed along side the non-encrypted values.yaml file. Then you use sops to run helm but it decrypts the file on-the-fly and the secrets are only available to the helm process while it runs. So something like this `sops exec-file secrets.yaml 'helm install ... --values=values.yaml --values={}`. They key part is `--values={}` which will inject the path of the on-the-fly decrypted secrets file.