From 1583ce39c8c301c344117c3aacecaafe754941fb Mon Sep 17 00:00:00 2001
From: CAMPION Hugo <h.campion@geco-it.fr>
Date: Thu, 16 Nov 2023 15:38:11 +0100
Subject: [PATCH] Update README: add instructions for the use of secrets

Signed-off-by: CAMPION Hugo <h.campion@geco-it.fr>
---
 README.md | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 8e8ebc0..0fc4c5a 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ This Helm Chart deploys both the Vikunja [frontend](https://hub.docker.com/r/vik
 
 ## Requirements
 
-- Kubernetes >= 1.19  
+- Kubernetes >= 1.19
 - Helm >= 3
 
 ## Quickstart
@@ -31,7 +31,7 @@ api:
 To have the chart create one on your behalf:
 
 ```yaml
-# You can find the default values 
+# You can find the default values
 api:
   enabled: true
   persistence:
@@ -52,7 +52,7 @@ For example, if you wished to create a `serviceAccount` as can be seen [here](ht
 
 ```yaml
 api:
-  serviceAccount: 
+  serviceAccount:
     create: true
 ```
 
@@ -62,7 +62,7 @@ Then, (for some reason), if you wished to deploy the `frontend` as a `DaemonSet`
 frontend:
   controller:
     type: daemonset
-```  
+```
 
 ### Another Example of Modifying `config.yml` (Enabling Registration)
 
@@ -85,6 +85,31 @@ If you need to create another user, you could opt to execute the following comma
 ./vikunja user create --email <user@email.com> --user <user1> --password <password123>
 ```
 
+### Utilizing secrets for `env` and `config.yml`
+
+Each env in the stack can be sourced from a secret in your `values.yaml`:
+
+```yaml
+api:
+  env:
+    VIKUNJA_DATABASE_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: vikunja-env
+          key: VIKUNJA_DATABASE_PASSWORD
+```
+If your vikunja config needs to contain sensible data, like oauth config, you can source it from a secret in your `values.yaml`:
+
+```yaml
+api:
+  persistence:
+    config:
+      enabled: true
+      type: secret
+      mountPath: /etc/vikunja/config.yml
+      # Warning, you can not choose the secret name here, it will search for {{ Release.Name }}-api-config ! So please create your secret accordingly !
+```
+
 ## Publishing
 
 The following steps are automatically performed when a git tag for a new version is pushed to the repository.