Is there a procedure for rotatin the secretKey / encrpytion key ?

[rayisbadat]

Can you rotate the encryption key that is stored in /etc/core/key (the one set .Values.secretKey)? or would that break things?
I have an instance deployed via the helm chart and I tried. LDAP auth stopped being able to auth since it couldn't bind to our search DN anymore. Rolled back that value, everything resumed working afterwards. I am guessing it lost the ability to decrypt that info out of the db, which makes sense. I'm guessing tokens would also be broken, but i didn't try.

So i was wondering if there is a way to rotate that key without doing a new deploy or regenerating/resetting everything? Or if my error was not expected behavior and i need to set some time aside to debug.

[Vad1mo]

Everything that has an auto-generated setting in the Helm chart can be rotated, everything else can't. You can't roatat the encryption key, you can only do that in combination with re-encrypting the database.