docs/modules/servers/pages/distributed/run/k8s-secrets.adoc - james-project - Git at Google

 == Secrets for James Helm template

 Helm James has many secret values to configure before being able to use
 it correctly. Those secrets are linked to the template through their
 declaration in `james-secrets.yaml`. A sample with dumb secrets can be
 found in the `secrets.sample.yaml` file.

 This document presents a quick description of each secret field.

 For more information about encrypt/descrypt secret with Helm, see:
 https://github.com/jkroepke/helm-secrets

 === James secret values

 [cols="<,<,<",options="header",]
 |===
 |Field |Mandatory or optional |Description
 |jwtPublicKey |Mandatory |The JWT public key used for JWT tokens.

 |jwtPrivateKey |Mandatory |The JWT private key used for JWT tokens.

 |cassandraUser |Mandatory |The user for Cassandra access

 |cassandraPassword |Mandatory |The password fort Cassandra access

 |esUser |Optional |The user for OpenSearch access

 |esPassword |Optional |The password for OpenSearch access

 |dkimPrivateKey |Optional |The private key for the generated DKIM

 |s3.endpoint |Mandatory |The S3 endpoint. ie:
 http://s3-us-east-1.amazonaws.com

 |s3.region |Mandatory |The region of the S3 object storage.

 |s3.accessKeyId |Mandatory |The access key to the S3 object storage

 |s3.secretKey |Mandatory |The secret key to the S3 object storage

 |s3.bucketNameSuffix |Mandatory |All buckets in S3 related to james
 storage start by ``james-''. This allows to have a suffix for each
 tenant
 |===

 === jwtPublicKey

 Use `openssl` to generate self-signed certificate and convert to Java
 Key Store JKS. You can find an example
 https://loneidealist.medium.com/generating-signing-certificates-with-openssl-and-converting-to-java-key-store-jks-3c8185dbf8fe[here]

 === DKIM

 To generate DKIM, you can follow our guide:
 https://james.apache.org/howTo/dkim.html[howTo Dkim]

 === External secrets

 Some declared secrets in `james-deployment.yaml` are external to the
 James configuration. They are often being created by other components
 like RabbitMQ or Cassandra. You need to have those setup before
 installing the Helm James package.
	== Secrets for James Helm template

	Helm James has many secret values to configure before being able to use
	it correctly. Those secrets are linked to the template through their
	declaration in `james-secrets.yaml`. A sample with dumb secrets can be
	found in the `secrets.sample.yaml` file.

	This document presents a quick description of each secret field.

	For more information about encrypt/descrypt secret with Helm, see:
	https://github.com/jkroepke/helm-secrets

	=== James secret values

	[cols="<,<,<",options="header",]
	\|===
	\|Field \|Mandatory or optional \|Description
	\|jwtPublicKey \|Mandatory \|The JWT public key used for JWT tokens.

	\|jwtPrivateKey \|Mandatory \|The JWT private key used for JWT tokens.

	\|cassandraUser \|Mandatory \|The user for Cassandra access

	\|cassandraPassword \|Mandatory \|The password fort Cassandra access

	\|esUser \|Optional \|The user for OpenSearch access

	\|esPassword \|Optional \|The password for OpenSearch access

	\|dkimPrivateKey \|Optional \|The private key for the generated DKIM

	\|s3.endpoint \|Mandatory \|The S3 endpoint. ie:
	http://s3-us-east-1.amazonaws.com

	\|s3.region \|Mandatory \|The region of the S3 object storage.

	\|s3.accessKeyId \|Mandatory \|The access key to the S3 object storage

	\|s3.secretKey \|Mandatory \|The secret key to the S3 object storage

	\|s3.bucketNameSuffix \|Mandatory \|All buckets in S3 related to james
	storage start by ``james-''. This allows to have a suffix for each
	tenant
	\|===

	=== jwtPublicKey

	Use `openssl` to generate self-signed certificate and convert to Java
	Key Store JKS. You can find an example
	https://loneidealist.medium.com/generating-signing-certificates-with-openssl-and-converting-to-java-key-store-jks-3c8185dbf8fe[here]

	=== DKIM

	To generate DKIM, you can follow our guide:
	https://james.apache.org/howTo/dkim.html[howTo Dkim]

	=== External secrets

	Some declared secrets in `james-deployment.yaml` are external to the
	James configuration. They are often being created by other components
	like RabbitMQ or Cassandra. You need to have those setup before
	installing the Helm James package.