Expand description
Secret generation integration for MiniJinja templates
This module provides the generate_secret() template function that generates
deterministic, stateful secrets for Kubernetes deployments.
§Usage in Templates
# Generate a 16-char alphanumeric secret
password: {{ generate_secret("db-password", 16) }}
# Generate a 32-char hex secret
token: {{ generate_secret("api-token", 32, "hex") }}
# Supported charsets: alphanumeric, alpha, numeric, hex, base64, urlsafe§How It Works
Unlike Helm’s randAlphaNum which generates different values on each render:
- First install: Secrets are generated randomly and stored in cluster state
- Subsequent renders: Same values are returned from state
- Result: Deterministic output, GitOps compatible
§Integration
use sherpack_engine::secrets::SecretFunctionState;
use sherpack_core::SecretState;
use minijinja::Environment;
// Create from existing state (loaded from K8s)
let existing_state = SecretState::new();
let secret_fn = SecretFunctionState::with_state(existing_state);
// Register with MiniJinja environment
let mut env = Environment::new();
secret_fn.register(&mut env);
// After rendering, extract state for persistence
let state = secret_fn.take_state();
if state.is_dirty() {
// Persist to Kubernetes
}Structs§
- Secret
Function State - Wrapper around SecretGenerator for MiniJinja integration