Add a note about --dry-run displaying secrets

Signed-off-by: Matt Farina <matt.farina@suse.com>
4 months ago · a23dd9e3b7
parent 32f3691c3e
commit a23dd9e3b7
2 changed files with 9 additions and 1 deletions
--- a/cmd/helm/install.go
+++ b/cmd/helm/install.go
@ -94,7 +94,11 @@ And in the following example, 'foo' is set to '{"key1":"value1","key2":"bar"}':
    $ helm install --set-json='foo={"key1":"value1","key2":"value2"}' --set-json='foo.key2="bar"' myredis ./redis

 To check the generated manifests of a release without installing the chart,
-the '--debug' and '--dry-run' flags can be combined.
+the --debug and --dry-run flags can be combined.
+
+The --dry-run flag will output all generated chart manifests, including Secrets
+which can contain sensitive values. Please carefully consider how and when this
+flag is used.

 If --verify is set, the chart MUST have a provenance file, and the provenance
 file MUST pass all verification steps.
--- a/cmd/helm/upgrade.go
+++ b/cmd/helm/upgrade.go
@ -72,6 +72,10 @@ parameters, and existing values will be merged with any values set via '--values
 or '--set' flags. Priority is given to new values.

    $ helm upgrade --reuse-values --set foo=bar --set foo=newbar redis ./redis
+
+The --dry-run flag will output all generated chart manifests, including Secrets
+which can contain sensitive values. Please carefully consider how and when this
+flag is used.
 `

 func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {