Skip to content

Never render secrets into values.yaml #8497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2025
Merged

Never render secrets into values.yaml #8497

merged 1 commit into from
Apr 2, 2025

Conversation

@davidfowl
Copy link
Member

@davidfowl davidfowl commented Apr 2, 2025

Description

Don't render generated secrets in values.yaml

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
  • Did you add public API?
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
      • If yes, have you done a threat model and had a security review?
        • Yes
        • No
    • No
  • Does the change require an update in our Aspire docs?
    • No

Copilot AI review requested due to automatic review settings April 2, 2025 06:11
Copilot AI reviewed Apr 2, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR prevents rendering generated secret values into values.yaml by ensuring that parameters marked as secrets do not include their values in Helm chart outputs.

  • Modified test cases to add a new secret parameter "param3".
  • Updated expected values in the test fixtures to include "param3" in the secrets section.
  • Updated the Kubernetes resource context to conditionally omit secret values.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
tests/Aspire.Hosting.Kubernetes.Tests/KubernetesPublisherTests.cs Adds a new secret parameter "param3" and includes it in the environment configuration.
tests/Aspire.Hosting.Kubernetes.Tests/ExpectedValues.cs Extends expected YAML output to accommodate "param3" as a secret.
src/Aspire.Hosting.Kubernetes/KubernetesResourceContext.cs Updates value assignment logic to prevent rendering secret values in values.yaml.

@github-actions github-actions bot added the area-app-model Issues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication label Apr 2, 2025
@davidfowl davidfowl merged commit c0413ac into main Apr 2, 2025
175 checks passed
@davidfowl davidfowl deleted the davidfowl/remove-kube-secret-values branch April 2, 2025 06:30
@github-actions github-actions bot locked and limited conversation to collaborators May 2, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@mitchdenny mitchdenny mitchdenny approved these changes

Assignees

No one assigned

Labels

area-app-model Issues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@davidfowl @mitchdenny