Start Free
SonarQube Community Build | Server installation and setup | Deploying on Kubernetes | Encrypting Helm chart sensitive data

Encrypting Helm chart sensitive data

On this page

You can encrypt any sonar property stored in the values.yaml file and some Helm parameters, such as jdbcPassword, that will be managed as sonar properties.

You must have the Administer System permission in SonarQube Server to perform this procedure.

Prerequisites

SonarQube Server must be up and running.

Step 1: Create the encryption key

  1. In SonarQube Server UI, go to Administration > Configuration > Encryption.
  2. Select Generate Secret Key. An encryption key is generated.
  3. Store the generated key in a safe location.

Step 2: Create a Kubernetes secret to store the encryption key

Use the command below:

kubectl create secret generic --from-literal sonar-secret.txt=<encryptionKeyValue> <encryptionKeySecretName>

Example:

kubectl create secret generic --from-literal sonar-secret.txt=EgycYJc4Ek4uj2pH39e3+bnnk15IrVu4dxtfjDyN1y8= myEncryptionKeySecret

Step 3: Enable the encryption in the Helm chart

Install the encryption key secret as follows:

1. Add the following to the  values.yaml file:

sonarSecretKey: <encryptionKeySecretName>

2. Use the helm upgrade command.

Step 4: Encrypt the sensitive data

To encrypt a sensitive property in values.yaml:

1. In SonarQube Server UI, go to Administration > Configuration > Encryption

2. Enter the value of the property.

3. Select the Encrypt button. The encrypted value of the property is generated.

4. Select the copy tool.

5. In the values.yaml file, replace the value of the property with the copied encrypted value.

6. Use the helm upgrade command.


Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License