From 348f5c8e2db1b3a7890711abcf013268ff750c85 Mon Sep 17 00:00:00 2001 From: ihaardik Date: Sun, 5 Apr 2026 13:01:06 +0530 Subject: [PATCH] Clarify shared ClickHouse password usage --- docs/SECRET-MANAGEMENT.md | 3 +++ environments/reference/README.md | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/docs/SECRET-MANAGEMENT.md b/docs/SECRET-MANAGEMENT.md index 879fd27..2a9e778 100644 --- a/docs/SECRET-MANAGEMENT.md +++ b/docs/SECRET-MANAGEMENT.md @@ -102,6 +102,9 @@ The ClickHouse password must be identical across three charts: - `clickhouse.yaml` -> `auth.defaultUserPassword.password` - `kafka.yaml` -> `kafkaConnect.clickhouse.password` +For External Secrets / Secret Manager, use one shared secret name for all three +references by default, for example `acme-clickhouse-password`. + The MongoDB password must match across two charts: - `countly.yaml` -> `secrets.mongodb.password` - `mongodb.yaml` -> `users.app.password` diff --git a/environments/reference/README.md b/environments/reference/README.md index 12b374b..9392974 100644 --- a/environments/reference/README.md +++ b/environments/reference/README.md @@ -24,6 +24,11 @@ This directory is a complete starting point for a new Countly deployment. - `clickhouse.yaml` → `auth.defaultUserPassword.password` - `kafka.yaml` → `kafkaConnect.clickhouse.password` + Use one shared ClickHouse password value for: + - Countly + - ClickHouse default user + - Kafka Connect + Or use `secrets.example.yaml` as a complete reference. 4. Register your environment in `helmfile.yaml.gotmpl`: