Skip to content

bug: Helm chart electric service doesn't use DATABASE_URL from secret #2281

@sljeff

Description

@sljeff

Provide environment information

Helm Chart Version: 4.0.0-beta.17
Kubernetes Version: v1.33.1-eks-595af52

Describe the bug

The Helm chart's electric service doesn't support reading DATABASE_URL from Kubernetes secrets, forcing plaintext credentials in values.yaml. This is a security risk and inconsistent with other services.

1. Missing Secret Support for DATABASE_URL

The template only uses the trigger-v4.postgres.connectionString helper, ignoring postgres.external.existingSecret and secretKeys.databaseUrlKey. This results in empty DATABASE_URL when using external PostgreSQL without plaintext URL.

From templates/electric.yaml#L40-L41:

- name: DATABASE_URL
  value: {{ include "trigger-v4.postgres.connectionString" . | quote }}

2. Inconsistent Implementation Across Services

Other services like webapp correctly use conditional logic to read from secrets.

From webapp.yaml#L183-L196:

{{- if include "trigger-v4.postgres.useSecretUrl" . }}
- name: DATABASE_URL
  valueFrom:
    secretKeyRef:
      name: {{ include "trigger-v4.postgres.external.secretName" . }}
      key: {{ include "trigger-v4.postgres.external.databaseUrlKey" . }}
{{- else }}
- name: DATABASE_URL
  value: {{ include "trigger-v4.postgres.connectionString" . | quote }}
{{- end }}

Reproduction repo

https://github.com/triggerdotdev/trigger.dev/tree/main/hosting/k8s/helm

To reproduce

  1. Use values.yaml with external PostgreSQL via secret (no plaintext URL):
postgres:
  deploy: false
  external:
    existingSecret: "trigger-dev-secrets"
    secretKeys:
      databaseUrlKey: "DATABASE_URL"

electric:
  deploy: true
  1. Run helm template trigger-dev ./trigger-4.0.0-beta.17/trigger -f values.yaml

  2. Observe empty value:

- name: DATABASE_URL
  value: ""

Additional information

@nicktrn

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions