Security

This pages focuses on providing information on making a secure ACS installation via Helm Charts.

Secrets inside values

When using Helm charts to deploy applications, it is necessary to include sensitive information, such as passwords and API keys, in the chart’s values file. This is because the values file is used to generate the chart’s configuration templates, which are then used to deploy the application.

While it may be tempting to include the secrets directly in the values file, this is not considered a secure practice and should only be done for test environments.

For production deployments, there are different solutions that can work for every Helm chart. Most of them permit encrypting secrets values and decrypting them on-the-fly only when they are needed. Some of the most commonly used solutions are:

• helm-secrets
• Mozilla SOPS
• Sealed secrets

Reference the autogenerated README.md in each chart to understand which secrets can be provided using existing Kubernetes Secrets:

• alfresco-repository
• activemq
• alfresco-search-enterprise
• alfresco-search
• alfresco-transform-service
• alfresco-share
• alfresco-sync-service