Why is it required to manually generate the gossip-encryption-key?

As the topic already mentions I am wondering why the gossip-encryption-key in the consul helm chart needs to be manually created before running helm install. From the values.yaml file:

The secret can be created by running:
  kubectl create secret generic consul-gossip-encryption-key \
    --from-literal=key=$(consul keygen).

In my opinion it would make more sense and remove a manual step if the helm chart itself would just generate that key and create the secret.

Hi @nflaig!
Thank you for bringing this to our attention, and apologies if it created extra work for you!
This is something that could be automated.

I’ve gone ahead and created an issue in the consul-helm repo to add this as a feature:

If you’d like to give a thumbs up it may help raise visibility!

Hi @kschoche1

Thanks for the fast reply and for creating the issue :slightly_smiling_face:

The main reason for my question was because I was unsure if it could have some implications if the secret is generated by helm in terms of security. I use the consul helm chart a lot to see how you are solving different tasks and its really amazing what you guys are doing.

If nobody picks up the issue I would also like to give it a try and submit a PR

Hi @nflaig, you’re very welcome!
I think this is a solid feature request and can definitely see the value in it and UX benefits.
If you’d like to take a swing at the implementation and submit a PR we’d be glad to have the extra help!
Cheers!