Question: In gitops style spinnaker, .hal/config and other files are in a repo. These files contain secrets such as passwords, can we avoid this and get them from k8s secrets?

Answer: Yes, Opsmx Gitops Spinnaker allows for inserting k8s secrets into the halyard pod direcrly. For using this:

a) Create a secret with key=value pairs as one would normally do. Do take care to escape/quote any special charecters such as '$'

example: kubectl create secret generic mysecret --from-literal password=mysecretpassword

b) Place the following string in the place of the secret: encrytped:<secret-name>:<secret-key>

example:   in any file in the gitops repo, e.g. .hal/config

    password:  encrypted:mysecret:password      #Do not put quotes/double quotes around the "encrypted..." string.

Once halyard is restarted, it will show up as:

    password:  mysecretpassword