Skip to content

feat(helm): add support for external secrets in dependency-track deployment#60

Open
NoUseFreak wants to merge 1 commit into
artifact-keeper:mainfrom
NoUseFreak:external-db
Open

feat(helm): add support for external secrets in dependency-track deployment#60
NoUseFreak wants to merge 1 commit into
artifact-keeper:mainfrom
NoUseFreak:external-db

Conversation

@NoUseFreak

@NoUseFreak NoUseFreak commented Apr 15, 2026

Copy link
Copy Markdown

Summary

  • Add existingSecret support to the DependencyTrack deployment, allowing database credentials (host, username, password) and admin password to be sourced from a pre-existing Kubernetes Secret instead of the chart-managed one
  • Previously, dtrack always read credentials from the chart-managed *-secrets Secret, which broke when using an external database with pre-provisioned secrets (e.g. from Terraform)

Test Checklist

  • Helm template renders without errors
  • Terraform validates/plans cleanly (unchanged)
  • Manually verified on staging cluster (if applicable)
  • Rollback strategy documented

Infrastructure

  • Helm: helm template renders correctly (unchanged)
  • Terraform: terraform validate passes (unchanged)
  • Terraform: terraform plan shows expected changes (unchanged)
  • ArgoCD: Application manifests are valid (unchanged)
  • N/A - documentation only

@NoUseFreak NoUseFreak requested a review from a team as a code owner April 15, 2026 22:06
@brandonrc

brandonrc commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Thanks for the PR. This branch has merge conflicts with main now, so it cannot be merged as-is. Could you rebase onto the latest main, resolve the conflicts, and push? CI will re-run afterward.

Heads up: the red SonarCloud Scan is a known non-blocking issue on fork PRs (GitHub withholds SONAR_TOKEN from forks; the job is continue-on-error), so you can ignore that one.

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

Missing linked issue

This PR does not reference a tracking issue in its body. Every PR must link to an issue in this repository so we can trace work back to a planned change.

How to fix

  1. Edit the PR description and add a line like Closes #123, Fixes #123, or Resolves #123 referring to an open issue in artifact-keeper/artifact-keeper-iac.
  2. Save the description. This check will re-run automatically.

Accepted keywords (case-insensitive, any tense): close, closes, closed, fix, fixes, fixed, resolve, resolves, resolved.

Policy reference: see the PR template.

Maintainer bypass: apply the no-issue-required label to this PR to skip the check (use sparingly, e.g. for trivial typo fixes or release-tag chores).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NoUseFreak @brandonrc