Helm port forwarding issue caused k8s Secret resources to contain cyphertext

[kyleterry]

I had this issue while using helm-secrets to upgrade a release today: https://github.com/helm/helm/issues/3480

Immediately I noticed that the the revision was completely broken. All the Secret resources contained the cyphertext inside secrets.yaml and not the decrypted values.

How is this possible? At what point in the steps that call out to helm does this plugin decrypt the secrets file? This seems like a very bad issue to have. It's more than just a false alarm on a CD system; all the secrets for a large umbrella chart were clobbered.