# Encrypting Helm chart sensitive data
You can encrypt any Sonar property stored in the `values.yaml` file and some Helm parameters, such as `jdbcPassword`, that will be managed as Sonar properties. The encryption algorithm used is AES with 256-bit keys.
You must have the Administer System permission in SonarQube Server to perform this procedure.
## Prerequisites
SonarQube Server must be up and running.
## Step 1: Create the encryption key
1. In SonarQube Server UI, go to **Administration > Configuration > Encryption**.
2. Select **Generate Secret Key**. An encryption key is generated.
3. Store the generated key in a safe location.
## Step 2: Create a Kubernetes secret to store the encryption key
Use the command below:
```css-79elbk
kubectl create secret generic --from-literal sonar-secret.txt=
```
Example:
```css-79elbk
kubectl create secret generic --from-literal sonar-secret.txt=EgycYJc4Ek4uj2pH39e3+bnnk15IrVu4dxtfjDyN1y8= myEncryptionKeySecret
```
## Step 3: Enable the encryption in the Helm chart
Install the encryption key secret as follows:
1\. Add the following to the `values.yaml` file:
```css-79elbk
sonarSecretKey:
```
2\. Use the helm upgrade command.
## Step 4: Encrypt the sensitive data
To encrypt a sensitive property in `values.yaml`:
1\. In SonarQube Server UI, go to **Administration > Configuration > Encryption**.
2\. Enter the value of the property.
3\. Select the **Encrypt** button. The encrypted value of the property is generated.
4\. Select the copy tool.
5\. In the `values.yaml` file, replace the value of the property with the copied encrypted value.
6\. Use the helm upgrade command.