read ssh user password from secret

charts/osartifact/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v2
 name: osartifact
 description: A Helm chart for OSArtifact CRD deployment
 type: application
-version: 0.1.0
+version: 0.2.0

charts/osartifact/templates/secret.yaml

@@ -1,4 +1,5 @@
-{{ $secret := (lookup "v1" "Secret" .Release.Namespace .Values.tokenSecret.name) }}
+{{ $tokenSecret := (lookup "v1" "Secret" .Release.Namespace .Values.tokenSecret.name) }}
+{{ $passwordSecret := (lookup "v1" "Secret" .Release.Namespace .Values.passwordSecret.name) }}
 
 kind: Secret
 apiVersion: v1
@@ -11,7 +12,7 @@ stringData:
 
     users:
       - name: {{ .Values.username }}
-        passwd: {{ .Values.password }}
+        passwd: {{ index $passwordSecret .Values.passwordSecret.key }}
         {{- with .Values.defaultUser }}
         groups: [
          {{- range .groups -}}
@@ -67,7 +68,7 @@ stringData:
       {{- end }}
 
     plural:
-      token: {{ index $secret .Values.tokenSecret.key }}
+      token: {{ index $tokenSecret .Values.tokenSecret.key }}
       url: {{ .Values.url }}
 
     {{- if .Values.extraUserCloudConfig }}

charts/osartifact/values.yaml

@@ -10,8 +10,10 @@ device: rpi4
 # Username that will be used to access the device over SSH
 username: plural
 
-# Password for the default user that will be used to access the device over SSH
-password: ~
+# Secret that holds password for the default user that will be used to access the device over SSH
+passwordSecret:
+  name: ~
+  key: password
 
 # Optional Plural user email that will be attached to the autogenerated device bootstrap token. It will be visible in audit logs
 email: ~