opentdf · c-r33d · Aug 13, 2025 · Aug 13, 2025 · Aug 13, 2025 · Aug 13, 2025
@@ -29,3 +29,7 @@ For chart specific documentation, please refer to the README.md files in the res
 ### Charts
 
 - [Platform](charts/platform/README.md)
+
+#### Contributing
+
+After updating the charts, run `helm-docs` to update the [README.md](charts/platform/README.md).
@@ -1,6 +1,6 @@
 # platform
 
-![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.0](https://img.shields.io/badge/AppVersion-v0.7.0-informational?style=flat-square)
+![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.8.1](https://img.shields.io/badge/AppVersion-v0.8.1-informational?style=flat-square)
 
 A Helm Chart for OpenTDF Platform
 
@@ -247,7 +247,7 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat
 | server.http.readTimeout | string | `nil` | The maximum duration for reading the entire request including the body, ex. 30s, a negative value indicates no timeout, if unset or zero use application's default (5s). |
 | server.http.writeTimeout | string | `nil` | The maximum duration before timing out writes of the response, ex. 30s, a negative value indicates no timeout, if unset or zero use application's default (10s). |
 | server.port | int | `9000` | The server port |
-| server.public_hostname | string | `""` | @deprecated Use `services.kas.config.registered_kas_uri` instead. The client facing name for the policy services, including KAS. This is baked into Key Access Objects, and required for key management with the policy service. |
+| server.public_hostname | string | `""` | The client facing name for the policy services, including KAS. This is baked into Key Access Objects, and required for key management with the policy service. @deprecated Use `services.kas.config.registered_kas_uri` instead. |
 | server.tls.additionalTrustedCerts | list | `[]` | Additional trusted certificates. These can be loaded following [projected volume](https://kubernetes.io/docs/concepts/storage/projected-volumes/) |
 | server.tls.enabled | bool | `false` | Enables tls for platform server |
 | server.tls.secret | string | `nil` | The server tls certificate. If not set, a self-signed certificate is generated |
@@ -266,12 +266,12 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat
 | services.entityresolution.subgroups | bool | `false` | Subgroups |
 | services.entityresolution.url | string | `nil` | Identity Provider Entity Resolver |
 | services.extraServices | object | `{}` | Additional services |
-| services.kas.config | object | `{"keyring":[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}],"preview":{"ec_tdf_enabled":false,"key_management":false},"root_key":null,registered_kas_uri:""}` | KAS service Configuration as yaml |
-| services.kas.config.registered_kas_uri | string | "" | The URI this KAS is registered with in the platform database. Used when `services.kas.config.preview.key_management` is enabled, if present. If not present, fallsback to using `public_hostname` and inferring the URI. |
+| services.kas.config | object | `{"keyring":[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}],"preview":{"ec_tdf_enabled":false,"key_management":false},"registered_kas_uri":null,"root_key":null}` | KAS service Configuration as yaml |
 | services.kas.config.keyring | list | `[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}]` | Default keys for clients to use |
 | services.kas.config.preview | object | `{"ec_tdf_enabled":false,"key_management":false}` | Preview feature enablement |
 | services.kas.config.preview.ec_tdf_enabled | bool | `false` | Whether tdf based ecc support is enabled. |
 | services.kas.config.preview.key_management | bool | `false` | Whether new key management features are enabled. |
+| services.kas.config.registered_kas_uri | string | `nil` | The URI this KAS is registered with in the platform database. Used by key management, if present. |
 | services.kas.privateKeysSecret | string | `"kas-private-keys"` | KAS secret containing keys @deprecated Use `private_keys_secret` instead. This value will be removed in a future release. |
 | services.kas.private_keys_secret | string | `""` | KAS secret containing keys kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem |
 | services.kas.root_key_secret | object | `{"key":"root_key","name":"kas-root-key"}` | Key needed when key_management feature is enabled (openssl rand 32 -hex) openssl rand 32 -hex | kubectl create secret generic kas-root-key --from-file=root_key=/dev/stdin |

@@ -455,8 +455,7 @@ services:
   kas:
     # -- KAS service Configuration as yaml
     config:
-      # -- The URI this KAS is registered with in the platform database.
-      # -- Used by key management, if present.
+      # -- The URI this KAS is registered with in the platform database. Used by key management, if present.
       registered_kas_uri:
       # -- Preview feature enablement
       preview: