From 2375932900d54e432c272aa4f030ab50ef314fa5 Mon Sep 17 00:00:00 2001 From: Drew Minnear Date: Fri, 27 Feb 2026 12:29:04 -0500 Subject: [PATCH] add basic vault policy and use for auto secret generation in template --- values-secret.yaml.template | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/values-secret.yaml.template b/values-secret.yaml.template index 35735e78..d38e970d 100644 --- a/values-secret.yaml.template +++ b/values-secret.yaml.template @@ -5,15 +5,22 @@ version: "2.0" # Ideally you NEVER COMMIT THESE VALUES TO GIT (although if all passwords are # automatically generated inside the vault this should not really matter) -# In order to use a the standard verison of ibm-granite/granite-3.1-8b-instruct -# you will need to do the following: -# provide your token as a value for hftoken -# NOTE: you need to add value in values-global.yaml as well +# In order to use huggingface models, you will need to +# provide your token as a value for hftoken below. # EDB Postgres Operator requires authentication to pull images from docker.enterprisedb.com # Register for a free trial at: https://www.enterprisedb.com/accounts/register # Get your token from: https://www.enterprisedb.com/repos-downloads +backingStore: vault + +vaultPolicies: + basicPolicy: | + length=16 + rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 } + rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 } + rule "charset" { charset = "0123456789" min-chars = 1 } + secrets: - name: hfmodel fields: @@ -28,6 +35,8 @@ secrets: fields: - name: sa-pass onMissingValue: generate + override: true + vaultPolicy: basicPolicy description: mssql password for sa user - name: azuresql fields: @@ -36,6 +45,8 @@ secrets: description: server admin user for azure sql - name: password onMissingValue: generate + override: true + vaultPolicy: basicPolicy description: server admin password for azure sql - name: server value: rag-llm-gitops.database.windows.net