How to manage secrets with Helm



I am wondering the best way to manage secrets with Helm.

A lot of the public Helm charts embed secrets within values.yaml. This is less than ideal for a few reasons, mainly that it compromises security to commit these values to source control.

As such, I am wondering what the recommended way to manage secrets defined within Helm charts.

A couple thoughts I had on this were to use Helm-Secrets to encrypt the whole values.yaml file (in order to prevent having to modify the charts), or use something like Ship in order to customize the charts, but also keep them up to date with the upstream repository.