ENCYRPTION_KEY in Chart is Not Properly Mapped or Handled by Chart

[Richard-Barrett]

The Chart is not properly handling the ENCRYPTION_KEY in config.encryptionKey path:

Example:

• retool-values.yaml

config:
  encryptionKeySecretName: "my-secret"
  encryptionKeySecretKey: "encryption-key"

• This is not respected, and the encryption key is not properlybeing assigned as a variable into the containers.

If you want the Helm chart to automatically handle this better, you can modify the deployment-backend.yaml template:

Fix for deployment-backend.yaml
Replace this:

- name: ENCRYPTION_KEY
  value: {{ .Values.config.encryptionKey | quote }}

- name: ENCRYPTION_KEY
  valueFrom:
    secretKeyRef:
      name: {{ .Values.config.encryptionKeySecretName }}
      key: {{ .Values.config.encryptionKeySecretKey | default "encryption-key" }}

With this conditional logic:

{{- if and .Values.config.encryptionKeySecretName .Values.config.encryptionKeySecretKey }}
- name: ENCRYPTION_KEY
  valueFrom:
    secretKeyRef:
      name: {{ .Values.config.encryptionKeySecretName }}
      key: {{ .Values.config.encryptionKeySecretKey | default "encryption-key" }}
{{- else if .Values.config.encryptionKey }}
- name: ENCRYPTION_KEY
  value: {{ .Values.config.encryptionKey | quote }}
{{- end }}

What This Fix Does:

• If both encryptionKeySecretName and encryptionKeySecretKey are set, it only uses the secret.
• If only encryptionKey is set, it only uses the plaintext value.
• This ensures that both methods will never be used at the same time, preventing duplication and the duplicate values that the application complains about in the container logging.

[jjlgao]

Hi Richard, what version of the helm chart are you running? The helm config you're pasting here doesn't match up with what I'm seeing in our current chart, not sure if I've missed the right sections or if you're on an older version of the helm chart.