Use SOPS for value encryption
If you would like the secrets in the values
repository to be encrypted, you will have to use sops that is used by APL for encryption.
Use SOPS with an external Key Management Service (KMS)
Find quickstart documentation below on how to setup KMS access per supported provider:
Follow the instructions of the provider of your choosing and jot down the credentials obtained for the next steps.
To install APL with SOPS/KMS, use the following values:
kms:
sops:
provider: "" # provider can be one of aws|azure|google|vault
# aws:
# keys: ''
# accessKey: ''
# secretKey: ''
# region: ''
# azure:
# keys: ''
# tenantID: ''
# clientID: ''
# clientSecret: ''
# google:
# keys: ''
# accountJson: ''
# project: ''
# vault:
# token: ''
Use SOPS with AGE (comming soon!)
AGE is a simple, modern, and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.