Skip to content

lmacka/helm-snappass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

helm-snappass

Artifact Hub

A Helm chart for deploying Snappass — a zero-knowledge, one-time secret sharing app. Originally forked from Pinterest's Snappass, this version encrypts and decrypts entirely in the browser (AES-256-GCM via Web Crypto API). The server never sees plaintext.

Overview

Snappass is a secure password sharing tool that automatically expires shared secrets after a specified time. This Helm chart provides a production-ready deployment of Snappass on Kubernetes, including:

  • Built-in Valkey backend (Redis-compatible, optional)
  • Support for external Valkey/Redis servers
  • Ingress support
  • Security hardening
  • Horizontal Pod Autoscaling
  • Health checks and monitoring

Prerequisites

  • Kubernetes 1.21+
  • Helm 3.x
  • Ingress controller (optional, but recommended)

Quick Start

# Add the helm repository
helm repo add snappass https://lmacka.github.io/helm-snappass/
helm repo update

# Install with default configuration
helm install snappass snappass/snappass

Configuration

Minimal Configuration

For a basic installation with ingress enabled:

ingress:
  enabled: true
  className: "nginx"
  hosts:
    - host: snappass.yourdomain.com
      paths:
        - path: /
          pathType: Prefix

Production Configuration

For a production setup with TLS and resource limits:

ingress:
  enabled: true
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  hosts:
    - host: snappass.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: snappass-tls
      hosts:
        - snappass.yourdomain.com

resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 200m
    memory: 256Mi

valkey:
  enabled: true
  storage:
    requestedSize: 100Mi
  haMode:
    enabled: false  # Set to true for high availability

Parameters

Global Parameters

Parameter Description Default
replicaCount Number of Snappass replicas 1
image.repository Snappass image repository lmacka/snappass
image.tag Snappass image tag (defaults to appVersion) ""
image.pullPolicy Image pull policy IfNotPresent

Valkey Configuration

Parameter Description Default
valkey.enabled Deploy Valkey as part of the release true
valkey.haMode.enabled Enable high availability mode false
valkey.haMode.replicas Number of replicas in HA mode 1
valkey.storage.requestedSize Storage size for persistence (empty = emptyDir, no PVC) ""
valkey.valkeyConfig Valkey configuration overrides save "" (persistence disabled)
externalValkey.host External Valkey/Redis host (if valkey.enabled=false) ""
externalValkey.port External Valkey/Redis port 6379

Ingress Configuration

Parameter Description Default
ingress.enabled Enable ingress false
ingress.className Ingress class name ""
ingress.hosts Array of host configurations []
ingress.tls TLS configuration []

Security Considerations

The chart implements several security best practices:

  • Non-root container execution
  • ReadOnly root filesystem
  • Dropped capabilities
  • Resource limits
  • Network policies (optional)

Monitoring

The deployment includes readiness and liveness probes configured for the Snappass service. Default probe settings can be adjusted through values.yaml.

Uninstalling

To remove the deployment:

helm uninstall snappass

Contributing

Contributions are welcome! Submit a Pull Request against the main branch.

Patch releases are automated. When snappass cuts a release, it dispatches to this repo which auto-bumps appVersion and the chart patch version in Chart.yaml, then pushes to main. The chart-releaser action packages and publishes the new chart.

Minor or major chart releases require a manual version bump:

  1. Update version (and appVersion if needed) in charts/snappass/Chart.yaml
  2. Update the artifacthub.io/images and artifacthub.io/changes annotations
  3. Merge to main — chart-releaser handles the rest

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Helm chart for Snappass

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors