Secrets for James Helm template

Helm James has many secret values to configure before being able to use it correctly. Those secrets are linked to the template through their declaration in james-secrets.yaml. A sample with dumb secrets can be found in the secrets.sample.yaml file.

This document presents a quick description of each secret field.

For more information about encrypt/descrypt secret with Helm, see: https://github.com/jkroepke/helm-secrets

James secret values

Field Mandatory or optional Description

jwtPublicKey

Mandatory

The JWT public key used for JWT tokens.

jwtPrivateKey

Mandatory

The JWT private key used for JWT tokens.

cassandraUser

Mandatory

The user for Cassandra access

cassandraPassword

Mandatory

The password fort Cassandra access

esUser

Optional

The user for Elasticsearch access

esPassword

Optional

The password for Elasticsearch access

dkimPrivateKey

Optional

The private key for the generated DKIM

s3.endpoint

Mandatory

The S3 endpoint. ie: http://s3-us-east-1.amazonaws.com

s3.region

Mandatory

The region of the S3 object storage.

s3.accessKeyId

Mandatory

The access key to the S3 object storage

s3.secretKey

Mandatory

The secret key to the S3 object storage

s3.bucketNameSuffix

Mandatory

All buckets in S3 related to james storage start by ``james-''. This allows to have a suffix for each tenant

jwtPublicKey

Use openssl to generate self-signed certificate and convert to Java Key Store JKS. You can find an example here

DKIM

To generate DKIM, you can follow our guide: howTo Dkim

External secrets

Some declared secrets in james-deployment.yaml are external to the James configuration. They are often being created by other components like RabbitMQ or Cassandra. You need to have those setup before installing the Helm James package.