I am trying to implement Helm Secrets on a simple application.I want to install the app using the Helm Secrets plugin. Here's my encrypted templates/secrets.yaml file:
apiVersion: ENC[AES256_GCM,data:Hcs=,iv:U+0hlPz+L5HP0SqWmzJgxNftRYNc3BTHeYetefrDxQo=,tag:AXwtAjcHv8VsL1PC8XjOmA==,type:str]kind: ENC[AES256_GCM,data:YLEC3Zg/,iv:L3CL9DzUEHEKlucZcY+Su+OYKC+1VCTvVEFcc0iX7RI=,tag:sS7rauZq1nYpAA/gesA66Q==,type:str]metadata:name: ENC[AES256_GCM,data:KQvvSmDMSw==,iv:LvXweR3aTgVTc9IAa3f6uJHbpHGf2jYHtGWq629Yqdo=,tag:AXIrhiEjhAXlDNmFyYKyPg==,type:str]labels:app: ENC[AES256_GCM,data:2GbBtSKC4Y7sYxw=,iv:zGmUTLcYwjUvZ0VAmw92e63na/+lsOlP16RD9LjcKjE=,tag:fR5QPK6587K1peod5nf4BA==,type:str]type: ENC[AES256_GCM,data:B2WQyYNe,iv:S0q8nzu5pDGAem5KuB4aRRq9tOtpThOgshxn8iwGmq8=,tag:pV2JsX14j6433XBLpwdUhQ==,type:str]data:password: ENC[AES256_GCM,data:p6/fadwzX+vx10yc,iv:OIckX7T72t+5lHvAX2r8ybFPQ8Yrc4po4G3Y/BJyT3s=,tag:fuGxBTl3XLInvXew4quc6g==,type:str]sops:kms: []gcp_kms: []azure_kv: []lastmodified: '2019-09-02T10:13:37Z'mac: ENC[AES256_GCM,data:zlqeKsbTdyBUoXnbhyXOAeCuIrdzO9AL2ydwUGFNd5ZFG+BbibstqosxZ1vnGZip58JQaK7e3ewibWj/CD7Ev2crTEk2jpEfbqYSp17s3hYpefNUe2esGKfb6/E0FgcdC2onxHKwv1CnHEGh5DwQdBT6JIfTvialEG1DKmYVcLY=,iv:aoqvOl0xUP6JBvtmOEDwD5Ejq3AmgJ/tUouPPf7AJZU=,tag:IsnFW8Lu/+v7xQth4cW++A==,type:str]pgp:- created_at: '2019-09-02T10:13:37Z'enc: |-----BEGIN PGP MESSAGE-----hQIMA+GCaQB9sLS8AQ//dYLstPngZwDPenAGvb7xasCQSa7g5Qv81I3vg0kI1YoMYdhpf9QrG3YKIZMlMTmu1X6wiFVZI74Ig0telatqYl2RoUKWtDKfyHPlUgSVd+yxlcouwrzU745alGSPIIgWFwoSnprzTNGXjWlafBIq++uCjlr7MQ/SvgZ0oOTOQvOhvq0f+BXbJ2MIX4rCeuL6TsJA71sohLnfbBS7Y3/Ci7Wo0//TnqTvOt0/OWPcvBF44+WmUT6mSfsakYht5inSWWatvaXNCf7j/i/YAjzy9Jyzs/9OyozFrnvnqtbVDeQ6mnppoW0iCT9z6P6AzzivB3xkk/dMC66ym2VhwtHs73xqpg4DDesGVdC1aQCgUleGPQ8WHW4JduoS9rF81Pmb0IEy/VGjB5WlUYgl0yygc/hki7coBlN5d/k3o2DcO3L3g0tdEFML0Uhmt3VbW/b63D4+NIt8Sc64JkZs/0du/a5v4kI8RaNhh6LF1678K9+9Sxa2x4YcyTNQcxVnJBTyMrthTKk5F+X2rPUwglhjaC9Ag5OizbjQMYRhCX+Sa8toRWYGbiVcOmdBwd/eUXjTCm1vXMrrV5oq1C0jsBz5SOj1HoIM17WHcyEFveUG2tj1nSqCRYQaJj2g1yj6yKpm9wNH6aNTaHqmWm6lBzHP2LLzWNmFE7FuDtlVXx/urczSWAG88jN9VRblOlMfqjmwgkbqG9Zp0oV6AgtqOYe/91xdNPQomJzEEyTvezLQwdAtbuTSOrbZzy3TN9jX/6GySpGDXwrUOFrM+uDHVmPKt6a/Fr+TPgJDYLw==IqOl-----END PGP MESSAGE-----fp: 6E7DB0D1CA47AC3C09F70B10410AC2AFD3DA7DE1unencrypted_suffix: _unencryptedversion: 3.3.1Unencrypted, the file looks like this:
apiVersion: v1kind: Secretmetadata:name: db-passlabels:app: mariadbtesttype: Opaquedata:password: UGFzc3dkMiE=If I am running helm secrets install --name=webtest . -f templates/secrets.yaml with the secrets file unencrypted, it works fine, but when I try to run it with the file encrypted it gives me this error:
Error: validation failed: unable to recognize "": no matches for kind "ENC[AES256_GCM,data:Y8GlCcMF,iv:y+v+BrbvoTd9Yx3sVwYTyJ2SCgHW5uh+Ph7aOXsIoR8=,tag:pe7S1fepnKXqvJaVRdcvKQ==,type:str]" in version "ENC[AES256_GCM,data:/Eg=,iv:KqccclIvL3+uhcgGACum5kJQ4pzHNTRjqBRQ4Zs3rCM=,tag:Rk9YL7kz3sAsa7WhNdaOeA==,type:str]"Any solution to this? Thanks in advance
Best Answer
It looks like your helm-secrets plugin doesn't work properly and for some reason doesn't decrypt values which are present in encrypted version of your templates/secrets.yaml file before passing them to helm install and it is unable to recognize those still encrypted values as something which makes sense to it and error message itself seems quite obvious.
I assume you created your encrypted file version by using helm secrets enc templates/secrets.yaml on the same system using same gpg key, correct ?
Did you install it by using helm plugin install https://github.com/futuresimple/helm-secrets ?
Does helm secrets view templates/secrets.yaml return you unencrypted version of your file properly ? Please make sure you didn't miss any of the steps described in this article.