Skip to content

fix: preserve generated secrets across helm upgrades#25

Open
bicisteadm wants to merge 1 commit intodreamcommerce:mainfrom
bicisteadm:fix/preserve-secret-on-upgrade
Open

fix: preserve generated secrets across helm upgrades#25
bicisteadm wants to merge 1 commit intodreamcommerce:mainfrom
bicisteadm:fix/preserve-secret-on-upgrade

Conversation

@bicisteadm
Copy link

@bicisteadm bicisteadm commented Feb 24, 2026

Fixes #24

Summary
Use lookup to check if the Secret already exists before generating new random passwords
Only generate new passwords on first install, reuse existing values on upgrade
Increases default password length from 10 to 16 characters

Problem
Every helm upgrade regenerated the MySQL passwords in the Secret, but MySQL retained the original password in its persistent volume, causing Access denied errors.

Test plan
Fresh helm install — verify Secret is created and DB connects
helm upgrade — verify Secret retains original passwords and DB still connects
helm uninstall + helm install (without deleting Secret) — verify existing Secret is reused

@bicisteadm
fix: preserve generated secrets across helm upgrades
aa6bafc 
Use lookup to check if the Secret already exists before generating
new random passwords. Without this, every helm upgrade regenerates
the mysql-pass and mysql-root-pass values, breaking database
connectivity since MySQL retains the original password in its
persistent volume.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Secret is regenerated on every helm upgrade, breaking database connectivity

1 participant

@bicisteadm