How to "reuse" randomly generated passwords in Helm and ArgoCD?

Question

I'm using ArgoCD to manage my app deployments. My apps are Helm charts and I'm using "randAlphaNum" to generate a random password. Unfortunately a new password is generated each time I'm syncing my app. So I was trying to use something like this:

apiVersion: v1
kind: Secret
metadata:
  name: mypass
type: Opaque
stringData:
{{ if .Release.IsInstall }}
  pw: {{ randAlphaNum 32 | quote }}
{{ end }}

But when I check the "App Diff", I see that ArgoCD also updates the "pw". So I tried using the "lookup" function of Helm instead but I finally figured out that it's not supported by ArgoCD atm (see https://github.com/argoproj/argo-cd/issues/5202). So I wonder if there's any other solution I can use or if there's a list of supported Helm functions in ArgoCD?!

Answer 1

Maybe an alternative way of generating passwords can help - try Kubernetes Secret Generator.

I've used this example to generate an auth secret for the chart bitnami/postgresql:

apiVersion: secretgenerator.mittwald.de/v1alpha1
kind: StringSecret
metadata:
  name: postgresql-auth-secret
spec:
  forceRegenerate: false
  fields:
    - fieldName: "password"
      encoding: "base64"
      length: "30"
    - fieldName: "postgres-password"
      encoding: "base64"
      length: "30"

It seems to work well with ArgoCD too.