You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have files encrypted with SOPs and AWS KMS and stored in git. Locally, I can decrypt the files while having AWS CLI configured with a user that have sufficient privilege to do decrypt on a specific key in KMS
I want to allow ArgoCD to use IAM Role with ServiceAccount to decrypted the file using the same key that encrypted it at the first place. Therefore, I must have
IAM role allowed to decrypt
K8s ServiceAccount allowing pod to assume a role
KMS key alias configured in ArgoCD to know which key to use
and decrypted file before ArgoCD render it must be plaintext
argocdServerAdminPassword: weakpassword
Then ArgoCD can handle it and provision the resources. I saw the following message in documentation and not sure if it means that helm-secrets can't support this
Problem Statement
I have files encrypted with SOPs and AWS KMS and stored in git. Locally, I can decrypt the files while having AWS CLI configured with a user that have sufficient privilege to do decrypt on a specific key in KMS
.sops.yaml
I want to allow ArgoCD to use IAM Role with ServiceAccount to decrypted the file using the same key that encrypted it at the first place. Therefore, I must have
encrypted yaml will look like below
and decrypted file before ArgoCD render it must be plaintext
Then ArgoCD can handle it and provision the resources. I saw the following message in documentation and not sure if it means that helm-secrets can't support this
https://github.com/jkroepke/helm-secrets/wiki/ArgoCD-Integration
Proposed Solution
No response
Environment
Additional information
No response
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered: