talos-cluster/kubernetes/apps/security/infisical/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &name infisical
spec:
  interval: 1h
  chart:
    spec:
      chart: infisical
      version: 0.4.2
      sourceRef:
        kind: HelmRepository
        name: infisical
      interval: 1h
  driftDetection:
    mode: enabled
  install:
    remediation:
      retries: -1
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  # Map existing secret keys to the new chart's backendEnvironmentVariables paths.
  # The old chart used infisical.encryptionKey / infisical.authSecret;
  # the new chart (0.4.x) uses backendEnvironmentVariables.ENCRYPTION_KEY / AUTH_SECRET.
  valuesFrom:
    - kind: Secret
      name: infisical-secret
      valuesKey: encryptionKey
      targetPath: backendEnvironmentVariables.ENCRYPTION_KEY
    - kind: Secret
      name: infisical-secret
      valuesKey: authSecret
      targetPath: backendEnvironmentVariables.JWT_AUTH_SECRET
  values:
    fullnameOverride: *name
    backend:
      enabled: true
      replicaCount: 1
      podAnnotations:
        reloader.stakater.com/auto: "true"
    backendEnvironmentVariables:
      SITE_URL: https://infisical.laurivan.com
    mongodb:
      enabled: true
      auth:
        enabled: false
    redis:
      enabled: true
      auth:
        enabled: false