Two bugs caused the "temporary key" warning in phpMyAdmin:
1. deployment.yaml: PMA_BLOWFISH_SECRET env var was only injected when
blowfishSecret or existingSecret was explicitly set. With default empty
values, the env var was never passed to the container, so phpMyAdmin
fell back to an empty string and auto-generated a temporary key.
Fix: always inject PMA_BLOWFISH_SECRET since the Secret is always created.
2. secret.yaml: randAlphaNum generated a new random value on every
helm upgrade, invalidating all cookies and logging out users on every
deployment.
Fix: use lookup to check if the Secret already exists and reuse its
value; only generate a new random value on first install.
Also add checksum/secret annotation to trigger pod rollout when the
secret changes (e.g. when blowfishSecret value is updated in values.yaml).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
claude
pieter
helmchart