Skip to main content

Secret Specs

Controller Secrets

argocd-secret

apiVersion: v1
kind: Secret
metadata:
  name: argocd-secret
type: Opaque
stringData:
  dex.github.clientSecret: my-github-oidc-secret
  webhook.github.secret: shhhh! it's a github secret

argocd-notifications-secret

apiVersion: v1
kind: Secret
metadata:
  name: argocd-notifications-secret
type: Opaque
stringData:
  email-username: test@argoproj.io
  email-password: password

argocd-image-updater-secret

apiVersion: v1
kind: Secret
metadata:
  name: argocd-image-updater-secret
type: Opaque
stringData:
  my-docker-credentials: abcd1234

application-set-secret

apiVersion: v1
kind: Secret
metadata:
  name: application-set-secret
type: Opaque
stringData:
  my-appset-secret: xyz456

Repository Secrets

info

All repository credentials are required to have a prefix of repo- for the name of the secret.

repo-argoproj-https-creds

apiVersion: v1
kind: Secret
metadata:
  name: repo-argoproj-https-creds
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repo-creds
stringData:
  url: https://github.com/argoproj
  type: helm
  password: my-password
  username: my-username

repo-my-private-https-repo

apiVersion: v1
kind: Secret
metadata:
  name: repo-my-private-https-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  url: https://github.com/argoproj/argocd-example-apps
  password: my-password
  username: my-username
  insecure: "true"
  forceHttpBasicAuth: "true"
  enableLfs: "true"

repo-my-private-ssh-repo

apiVersion: v1
kind: Secret
metadata:
  name: repo-my-private-ssh-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  url: ssh://git@github.com/argoproj/argocd-example-apps
  sshPrivateKey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----
  insecure: "true"
  enableLfs: "true"