Skip to content

[WIP] Implement direct SOPS handling for HelmRelease resources#1

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/implement-sops-handling-for-helmrelease
Draft

[WIP] Implement direct SOPS handling for HelmRelease resources#1
Copilot wants to merge 2 commits intomainfrom
copilot/implement-sops-handling-for-helmrelease

Conversation

Copy link
Copy Markdown

Copilot AI commented Apr 27, 2026
edited
Loading

  • Add AllowSOPSValues feature gate to internal/features/features.go
  • Add Decryption API field to HelmReleaseSpec in api/v2/helmrelease_types.go
  • Regenerate deepcopy (api/v2/zz_generated.deepcopy.go)
  • Add github.com/getsops/sops/v3 dependency to go.mod
  • Create internal/sops/decryptor.go with SOPS decryption logic (age + pgp support)
  • Create internal/sops/decryptor_test.go with unit tests
  • Integrate decryption into internal/controller/helmrelease_controller.go
  • Add feature gate handling in main.go
  • Regenerate CRDs and RBAC manifests
  • Update docs in docs/spec/v2/helmreleases.md
  • Run make tidy fmt vet and make test
Original prompt

Implement direct SOPS handling for HelmRelease resources to close the gap behind fluxcd/flux2#4075.

Required outcome:

  • HelmRelease manifests containing top-level .sops metadata and ENC[...] fields in spec.values can reconcile when feature is enabled.
  • .sops metadata must not be sent to Kubernetes API objects.
  • Behavior must remain backward-compatible and disabled by default unless explicitly enabled.

Implementation constraints:

  • Reuse existing Flux SOPS/decryption utilities where available.
  • Add an explicit opt-in mechanism (controller flag and/or API field) with docs.
  • Keep security-sensitive output out of logs.
  • Include unit and reconciliation tests for enabled and disabled behavior.

Deliverable:

  • Open a PR in SebTardif/helm-controller containing the implementation, tests, and docs changes.

@SebTardif
Changes before error encountered
9b2265d 
Agent-Logs-Url: https://github.com/SebTardif/helm-controller/sessions/04578098-52b8-4d15-8e32-7ebfb3dcd89b

Co-authored-by: SebTardif <1413412+SebTardif@users.noreply.github.com>
Copilot AI requested a review from SebTardif April 27, 2026 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SebTardif SebTardif Awaiting requested review from SebTardif

Assignees

@SebTardif SebTardif

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SebTardif