Dan Helfman

Ah, gotcha. Yeah, that makes sense.

@faheem-cliqz Note that if you're using [Helmfile](https://github.com/roboll/helmfile) in conjunction with helm-secrets, a work-around is to use the new Helmfile hooks feature to `helm fetch` right before installing a particular chart.

Here's a partial Helmfile example that would handle all of that: ``` repositories: - name: org url: https://your-chart-server.example.org releases: - name: example-chart chart: org/example-chart hooks: - events: ["prepare"] command: helm...

We currently only have a single Helmfile, and do all the per-environment variation within individual charts. So an individual service may have a chart that has files something like: helm_vars/...

Piggybacking on this issue, although perhaps I should open a new one.. Here's another potentially valid use of tags: YAML file includes. Here's an actual example [from the wild](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/#configuration-includes): ```...

Thanks for the quick response. > If you write your own processing step which picks up a filename from the 'master' document and then tries to read it with another...

It just seems like a lot of work — three passes, and fair amount of complexity to make the schemas separable at runtime — to do something that could in...

Note that modern NIST guidelines suggest not including password complexity constraints. Summary: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ But minimum password size and checking against a common password blacklist are good.

As a work-around, I've found that you can mount /etc/ssl as a (read-only) volume from the host into the container, assuming that you have the missing cert path present on...

You may already be aware, but you can set the `ssh_command` option in borgmatic's configuration instead of the `BORG_SSH` environment variable.