Infisical Open Source SecretOps: Apply it using GitOps approach.

In this article we will describe how to set up Infisical in AKS using ArgoCD and Helm and how to integrate with an application using kustomize.

Infisical just unlocked a big challenge in GitOps by providing a CRD ( Custom Resource Definition ) that pulls secrets stored and centralized and managed within one easy and clear dashboard , and make it easy to use in kustomize/helm templates in order to keep secret rotation smooth , simple and secure.

Prerequisites.

  • Git
  • GitHub repository
  • Kubernetes cluster with ArgoCD installed
  • Infisical Helm chart
  • Your own repository
  • kustomize

First we need to fork the repository in order to easily update helm chart values.

Then once we forked the repository we can go to helm chart and update values.yaml with our own parameters .

To be able to access the frontend of Infisical , Ingress should be activated.

##Update the ingress parameters inside infisical/helm-charts/infisical/values.yaml


ingress:
## @param ingress.enabled Enable ingress
##
enabled: true
## @param ingress.ingressClassName Ingress class name
##
ingressClassName: nginx
## @param ingress.nginx.enabled Ingress controller
##
nginx:
enabled: false
## @param ingress.annotations Ingress annotations
##
annotations:
{}
# kubernetes.io/ingress.class: "nginx"
# cert-manager.io/issuer: letsencrypt-nginx
## @param ingress.hostName Ingress hostname (your custom domain name, e.g. `infisical.example.org`)
## Replace with your own domain
##
hostName: "infisical.yourdomain.com"

In order to use email authentication service we need to configure the SMTP from values.yaml file.

You can find here the different email providers and how to configure https://infisical.com/docs/self-hosting/configuration/email

## Update the ingress parameters inside…

--

--