Skip to main content

Secrets

For security reasons, values files and k8s manifests do not contain plain passwords but placeholders only. By decoupling this, various secret backends can be used. For simplicity, USU Software Compose comes preconfigured with a local secrets.yaml file as a central secrets store.

Secrets contained in the secrets.yaml of this USU Software Compose package were generated during the release process. Before installation or updating, make sure to change all pregenerated secrets in secrets.yaml prefixed with changeMe with your own safe secrets.

Follow these steps when updating:

  1. Providing that secrets.yaml.orig contains secrets from a previous USU Software Compose installation, and secrets.yaml belongs to this USU Software Compose package, it’s possible to merge them using e.g. yq tool:

    yq eval-all '. as $item ireduce ({}; . * $item)' secrets.yaml secrets.yaml.orig > secrets.yaml.new 

  2. Check the resulting secrets.yaml.new and rename it to secrets.yaml (rewrite the file) and proceed with updating.

  3. For future updates, store the secrets.yaml securely (It will be referenced as secrets.yaml.orig.).

In this section: