Skip to content

Secrets

This table was generated from secrets.yaml.

Cells marked with "—" mean "not specified in schema".

alerts

Alerts Secrets: Configure secrets for alerting.

Key Type Default Title and Description
alerts.opsGenie object OpsGenie Secrets: Configure secrets for alerting with OpsGenie.
alerts.opsGenie.apiKey Opaque Token
alerts.slack object Slack Secrets: Configure secrets for alerting with Slack.
alerts.slack.apiUrl string Slack API URL

dex

Dex Secrets: Configure secrets for Dex.

Key Type Default Title and Description
dex.additionalStaticClients[] array of object See note
dex.connectors[] array of object See note
dex.extraStaticLogins[] array of object Extra Static Logins: Configure additional static logins for Dex.

Additional static logins for Dex.
dex.kubeloginClientSecret string Dex Kubelogin Client Secret
dex.staticPassword string Dex Static Password

Notes for dex.additionalStaticClients[]

Dex Static Clients: Configure additional static clients in Dex.

Clients in this case is application that wants to allow users to authenticate via Dex.

Note

See the upstream documentation for reference.

Configure an additional static client in Dex.

Notes for dex.connectors[]

Dex Connectors: Configure upstream Identity Providers.

Note

See the upstream documentation for reference.

Configure an upstream Identity Provider.

externalDns

External DNS Secrets: Configure secrets for External DNS.

Key Type Default Title and Description
externalDns.awsRoute53 object AWS Route 53 Secrets: Configure AWS Route 53 secrets for External DNS.
externalDns.awsRoute53.accessKey string AWS Access Key
externalDns.awsRoute53.secretKey string AWS Secret Key

fluentd

Fluentd Secret Config: Secret configuration options for Fluentd.

Key Type Default Title and Description
fluentd.objectStorage object Object Storage Secrets: Configuration options for using object storage specific to Fluentd.
fluentd.objectStorage.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
fluentd.objectStorage.s3.accessKey string Access key to authenticate with.
fluentd.objectStorage.s3.secretKey string Secret key to authenticate with.

grafana

Grafana Secrets: Configure secrets for Grafana.

Key Type Default Title and Description
grafana.clientSecret string Dev Grafana OIDC Client Secret
grafana.ops object Admin Grafana Secrets: Configure secrets for Admin Grafana.
grafana.ops.envRenderSecret[] array Environment Variables Render
grafana.opsClientSecret string Admin Grafana OIDC Client Secret
grafana.password string Admin Grafana Password
grafana.user object Dev Grafana Secrets: Configure secrets for Dev Grafana.
grafana.user.envRenderSecret[] array Environment Variables Render

harbor

Harbor Secret Config: Secret configuration options for Harbor.

Key Type Default Title and Description
harbor.clientSecret string
harbor.coreSecret string
harbor.external object External Database: External database password config.
harbor.external.databasePassword string External Database Password
harbor.internal object Internal Database: Internal database password config.
harbor.internal.databasePassword string Internal Database Password
harbor.jobserviceSecret string
harbor.objectStorage object Object Storage Secrets: Configuration options for using object storage specific to harbor.
harbor.objectStorage.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
harbor.objectStorage.s3.accessKey string Access key to authenticate with.
harbor.objectStorage.s3.secretKey string Secret key to authenticate with.
harbor.password string
harbor.registrySecret string
harbor.xsrf string

issuers

Issuers Secrets: Configure secrets for issuers.

Key Type Default Title and Description
issuers.secrets object See note

Notes for issuers.secrets

Issuer Secrets: Configure secrets for issuers.

This must match the configuration set on the issuers.

Keys become the name of the secret, and the value the data of the secret.

kubeapiMetricsPassword

Key Type Default Title and Description

kured

Kured Notification Secrets: Notification secrets for Kured (Kubernetes Reboot Daemon).

Key Type Default Title and Description
kured.slack object Kured Slack Notification Secrets: Notification secrets to send notifications from Kured to Slack.
kured.slack.botToken string Kured Bot Token For Slack Notification

objectStorage

Object Storage Secrets: Configuration options for using object storage in Welkin.

Key Type Default Title and Description
objectStorage.azure object Azure Backend Secrets: Secrets for using Azure as object storage in Welkin.
objectStorage.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.restore object Rclone Restore Secrets: Secrets for restoring object storage from a secondary site to the primary site with Rclone.
objectStorage.restore.decrypt object Rclone Crypt Secrets: Secrets for encrypt data when syncing.
objectStorage.restore.decrypt.password string Crypt password, generate with pwgen 32 1.
objectStorage.restore.decrypt.passwordObscured string Obscured crypt password, generate with rclone obscure <password>.
objectStorage.restore.decrypt.salt string Crypt salt, generate with pwgen 32 1.
objectStorage.restore.decrypt.saltObscured string Obscured crypt salt, generate with rclone obscure <salt>.
objectStorage.restore.destinations object Rclone Restore Destinations Secrets: Allows for complete or partial overrides of the destinations of the restore, the main object storage configuration.
objectStorage.restore.destinations.azure object Azure Backend Secrets: Secrets for using Azure as object storage in Welkin.
objectStorage.restore.destinations.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.restore.destinations.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.restore.destinations.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
objectStorage.restore.destinations.s3.accessKey string Access key to authenticate with.
objectStorage.restore.destinations.s3.secretKey string Secret key to authenticate with.
objectStorage.restore.destinations.swift object See note
objectStorage.restore.destinations.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.restore.destinations.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.restore.destinations.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.restore.destinations.swift.password string
objectStorage.restore.destinations.swift.username string
objectStorage.restore.sources object Rclone Restore Sources Secrets: Allows for complete or partial overrides of the sources of the restore, the sync object storage configuration.
objectStorage.restore.sources.azure object Azure Backend Secrets: Secrets for using Azure as object storage in Welkin.
objectStorage.restore.sources.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.restore.sources.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.restore.sources.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
objectStorage.restore.sources.s3.accessKey string Access key to authenticate with.
objectStorage.restore.sources.s3.secretKey string Secret key to authenticate with.
objectStorage.restore.sources.swift object See note
objectStorage.restore.sources.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.restore.sources.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.restore.sources.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.restore.sources.swift.password string
objectStorage.restore.sources.swift.username string
objectStorage.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
objectStorage.s3.accessKey string Access key to authenticate with.
objectStorage.s3.secretKey string Secret key to authenticate with.
objectStorage.swift object See note
objectStorage.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.swift.password string
objectStorage.swift.username string
objectStorage.sync object Rclone Sync Secrets: Secrets for syncing object storage from the primary site to a secondary site with Rclone.
objectStorage.sync.azure object Azure Backend Secrets: Secrets for using Azure as object storage in Welkin.
objectStorage.sync.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.sync.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.sync.encrypt object Rclone Crypt Secrets: Secrets for encrypt data when syncing.
objectStorage.sync.encrypt.password string Crypt password, generate with pwgen 32 1.
objectStorage.sync.encrypt.passwordObscured string Obscured crypt password, generate with rclone obscure <password>.
objectStorage.sync.encrypt.salt string Crypt salt, generate with pwgen 32 1.
objectStorage.sync.encrypt.saltObscured string Obscured crypt salt, generate with rclone obscure <salt>.
objectStorage.sync.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
objectStorage.sync.s3.accessKey string Access key to authenticate with.
objectStorage.sync.s3.secretKey string Secret key to authenticate with.
objectStorage.sync.swift object See note
objectStorage.sync.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.sync.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.sync.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.sync.swift.password string
objectStorage.sync.swift.username string

Notes for objectStorage.restore.destinations.swift

Swift Backend Secrets: Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

Notes for objectStorage.restore.sources.swift

Swift Backend Secrets: Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

Notes for objectStorage.swift

Swift Backend Secrets: Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

Notes for objectStorage.sync.swift

Swift Backend Secrets: Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

opensearch

OpenSearch Secrets: Secrets for OpenSearch.

Key Type Default Title and Description
opensearch.adminHash string OpenSearch Admin User Hash
opensearch.adminPassword string OpenSearch Admin User Password
opensearch.clientSecret string OpenSearch Client Secret
opensearch.configurerHash string OpenSearch Configurer User Hash
opensearch.configurerPassword string OpenSearch Configurer User Password
opensearch.curatorPassword string OpenSearch Curator Password
opensearch.dashboardsCookieEncKey string OpenSearch Dashboards Cookie Encryption Key
opensearch.dashboardsHash string OpenSearch Dashboards User Hash
opensearch.dashboardsPassword string OpenSearch Dashboards User Password
opensearch.extraUsers[] array of object See note
opensearch.fluentdPassword string OpenSearch Fluentd Password
opensearch.metricsExporterPassword string OpenSearch Exporter Password
opensearch.objectStorage object Object Storage Secrets: Configuration options for using object storage specific to opensearch.
opensearch.objectStorage.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
opensearch.objectStorage.s3.accessKey string Access key to authenticate with.
opensearch.objectStorage.s3.secretKey string Secret key to authenticate with.
opensearch.snapshotterPassword string OpenSearch Snapshot Password

Notes for opensearch.extraUsers[]

OpenSearch Extra Users: Configures extra users for OpenSearch Security.

Configures extra user for OpenSearch Security.

Note

See the upstream documentation for reference.

thanos

Thanos Secrets: Secrets for Thanos.

Key Type Default Title and Description
thanos.objectStorage object Object Storage Secrets: Configuration options for using object storage specific to thanos.
thanos.objectStorage.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
thanos.objectStorage.s3.accessKey string Access key to authenticate with.
thanos.objectStorage.s3.secretKey string Secret key to authenticate with.
thanos.receiver object Thanos Receiver: Secrets for Thanos Receiver.
thanos.receiver.basic_auth object Thanos Receiver Basic Auth: Configure authentication to Thanos Receiver,
thanos.receiver.basic_auth.password string Thanos Receiver Basic Auth Password: Configure the password for authenticating to Thanos Receiver.

user

User Secret Config: Admin password for user Grafana and user Alertmanager.

Key Type Default Title and Description
user.alertmanagerPassword string
user.grafanaPassword string Dev Grafana Password

velero

Velero Secret Config: Secret configuration options for Velero.

Key Type Default Title and Description
velero.objectStorage object Object Storage Secrets: Configuration options for using object storage specific to Velero.
velero.objectStorage.s3 object S3 Backend Secrets: Secrets for using S3 as object storage in Welkin.
velero.objectStorage.s3.accessKey string Access key to authenticate with.
velero.objectStorage.s3.secretKey string Secret key to authenticate with.