diff --git a/bitnami/matomo/CHANGELOG.md b/bitnami/matomo/CHANGELOG.md
index 50498c8af3e7db..0b74e4ef32e5d7 100644
--- a/bitnami/matomo/CHANGELOG.md
+++ b/bitnami/matomo/CHANGELOG.md
@@ -1,8 +1,12 @@
# Changelog
-## 9.2.7 (2025-03-21)
+## 9.3.0 (2025-03-27)
-* [bitnami/matomo] Fix typo in SMTP authentication value for CRAM-MD5 ([#32354](https://github.com/bitnami/charts/pull/32354))
+* [bitnami/matomo] Set `usePasswordFiles=true` by default ([#32363](https://github.com/bitnami/charts/pull/32363))
+
+## 9.2.7 (2025-03-24)
+
+* [bitnami/matomo] Fix typo in SMTP authentication value for CRAM-MD5 (#32354) ([3e8ed41](https://github.com/bitnami/charts/commit/3e8ed41b493b1c92d2dea76d09e5e63c39a006e3)), closes [#32354](https://github.com/bitnami/charts/issues/32354)
## 9.2.6 (2025-03-18)
diff --git a/bitnami/matomo/Chart.yaml b/bitnami/matomo/Chart.yaml
index 5608c7704a9fe3..6e033cc2604d39 100644
--- a/bitnami/matomo/Chart.yaml
+++ b/bitnami/matomo/Chart.yaml
@@ -40,4 +40,4 @@ maintainers:
name: matomo
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/matomo
-version: 9.2.7
+version: 9.3.0
diff --git a/bitnami/matomo/README.md b/bitnami/matomo/README.md
index 64297eb4dc2963..c3e27cbb6f6705 100644
--- a/bitnami/matomo/README.md
+++ b/bitnami/matomo/README.md
@@ -170,15 +170,16 @@ helm install my-release --set persistence.existingClaim=PVC_NAME oci://REGISTRY_
### Common parameters
-| Name | Description | Value |
-| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----- |
-| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
-| `nameOverride` | String to partially override matomo.fullname template (will maintain the release name) | `""` |
-| `fullnameOverride` | String to fully override matomo.fullname template | `""` |
-| `namespaceOverride` | String to fully override common.names.namespace | `""` |
-| `commonAnnotations` | Common annotations to add to all Matomo resources (sub-charts are not considered). Evaluated as a template | `{}` |
-| `commonLabels` | Common labels to add to all Matomo resources (sub-charts are not considered). Evaluated as a template | `{}` |
-| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` |
+| Name | Description | Value |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- | ------ |
+| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
+| `nameOverride` | String to partially override matomo.fullname template (will maintain the release name) | `""` |
+| `fullnameOverride` | String to fully override matomo.fullname template | `""` |
+| `namespaceOverride` | String to fully override common.names.namespace | `""` |
+| `commonAnnotations` | Common annotations to add to all Matomo resources (sub-charts are not considered). Evaluated as a template | `{}` |
+| `commonLabels` | Common labels to add to all Matomo resources (sub-charts are not considered). Evaluated as a template | `{}` |
+| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` |
+| `usePasswordFiles` | Mount credentials as files instead of using environment variables | `true` |
### Matomo parameters
diff --git a/bitnami/matomo/templates/cronjob.yaml b/bitnami/matomo/templates/cronjob.yaml
index 3abdec95a9a440..a6101e4a2006eb 100644
--- a/bitnami/matomo/templates/cronjob.yaml
+++ b/bitnami/matomo/templates/cronjob.yaml
@@ -95,17 +95,26 @@ spec:
value: {{ include "matomo.databaseName" . | quote }}
- name: MATOMO_DATABASE_USER
value: {{ include "matomo.databaseUser" . | quote }}
+ {{- if .Values.usePasswordFiles }}
+ - name: MATOMO_DATABASE_PASSWORD_FILE
+ value: {{ printf "/opt/bitnami/matomo/secrets/%s" (include "matomo.databasePasswordKey" .) }}
+ {{- else }}
- name: MATOMO_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "matomo.databaseSecretName" . }}
key: {{ include "matomo.databasePasswordKey" . | quote }}
+ {{- end }}
{{- if gt (len .Values.cronjobs.archive.extraEnvVars) 0 }}
{{- toYaml .Values.cronjobs.archive.extraEnvVars | nindent 16 }}
{{- end }}
volumeMounts:
- name: matomo-data
mountPath: /bitnami/matomo
+ {{- if .Values.usePasswordFiles }}
+ - name: matomo-secrets
+ mountPath: /opt/bitnami/matomo/secrets
+ {{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
@@ -274,17 +283,26 @@ spec:
value: {{ include "matomo.databaseName" . | quote }}
- name: MATOMO_DATABASE_USER
value: {{ include "matomo.databaseUser" . | quote }}
+ {{- if .Values.usePasswordFiles }}
+ - name: MATOMO_DATABASE_PASSWORD_FILE
+ value: {{ printf "/opt/bitnami/matomo/secrets/%s" (include "matomo.databasePasswordKey" .) }}
+ {{- else }}
- name: MATOMO_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "matomo.databaseSecretName" . }}
key: {{ include "matomo.databasePasswordKey" . | quote }}
+ {{- end }}
{{- if gt (len .Values.cronjobs.taskScheduler.extraEnvVars) 0 }}
{{- toYaml .Values.cronjobs.taskScheduler.extraEnvVars | nindent 16 }}
{{- end }}
volumeMounts:
- name: matomo-data
mountPath: /bitnami/matomo
+ {{- if .Values.usePasswordFiles }}
+ - name: matomo-secrets
+ mountPath: /opt/bitnami/matomo/secrets
+ {{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
@@ -312,6 +330,13 @@ spec:
resources: {{- toYaml .Values.cronjobs.taskScheduler.resources | nindent 16 }}
{{- end }}
volumes:
+ {{- if .Values.usePasswordFiles }}
+ - name: matomo-secrets
+ projected:
+ sources:
+ - secret:
+ name: {{ include "matomo.databaseSecretName" . }}
+ {{- end }}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
emptyDir:
diff --git a/bitnami/matomo/templates/deployment.yaml b/bitnami/matomo/templates/deployment.yaml
index b5acae8d8ea3a0..942d46eb9ea8bd 100644
--- a/bitnami/matomo/templates/deployment.yaml
+++ b/bitnami/matomo/templates/deployment.yaml
@@ -102,20 +102,30 @@ spec:
value: {{ include "matomo.databaseName" . | quote }}
- name: MATOMO_DATABASE_USER
value: {{ include "matomo.databaseUser" . | quote }}
+ {{- if .Values.usePasswordFiles }}
+ - name: MATOMO_DATABASE_PASSWORD_FILE
+ value: {{ printf "/secrets/%s" (include "matomo.databasePasswordKey" .) }}
+ {{- else }}
- name: MATOMO_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "matomo.databaseSecretName" . }}
key: {{ include "matomo.databasePasswordKey" . | quote }}
+ {{- end }}
- name: MATOMO_SKIP_BOOTSTRAP
value: {{ ternary "yes" "no" .Values.matomoSkipInstall | quote }}
- name: MATOMO_USERNAME
value: {{ .Values.matomoUsername | quote }}
+ {{- if .Values.usePasswordFiles }}
+ - name: MATOMO_PASSWORD_FILE
+ value: "/secrets/matomo-password"
+ {{- else }}
- name: MATOMO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "matomo.secretName" . }}
key: matomo-password
+ {{- end }}
- name: MATOMO_EMAIL
value: {{ .Values.matomoEmail | quote }}
- name: MATOMO_WEBSITE_NAME
@@ -139,12 +149,17 @@ spec:
value: {{ .Values.smtpUser | quote }}
{{- end }}
{{- if or .Values.smtpPassword .Values.smtpExistingSecret }}
+ {{- if .Values.usePasswordFiles }}
+ - name: MATOMO_SMTP_PASSWORD_FILE
+ value: "/secrets/smtp-password"
+ {{- else }}
- name: MATOMO_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "matomo.smtpSecretName" . }}
key: smtp-password
{{- end }}
+ {{- end }}
{{- if .Values.smtpProtocol }}
- name: MATOMO_SMTP_PROTOCOL
value: {{ .Values.smtpProtocol | quote }}
@@ -226,6 +241,10 @@ spec:
volumeMounts:
- name: matomo-data
mountPath: /bitnami/matomo
+ {{- if .Values.usePasswordFiles }}
+ - name: matomo-secrets
+ mountPath: /secrets
+ {{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
@@ -279,6 +298,19 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
+ {{- if .Values.usePasswordFiles }}
+ - name: matomo-secrets
+ projected:
+ sources:
+ - secret:
+ name: {{ include "matomo.databaseSecretName" . }}
+ - secret:
+ name: {{ include "matomo.secretName" . }}
+ {{- if or .Values.smtpPassword .Values.smtpExistingSecret }}
+ - secret:
+ name: {{ include "matomo.smtpSecretName" . }}
+ {{- end }}
+ {{- end }}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
emptyDir:
diff --git a/bitnami/matomo/values.yaml b/bitnami/matomo/values.yaml
index c684fce72841fa..060c61f9c79a16 100644
--- a/bitnami/matomo/values.yaml
+++ b/bitnami/matomo/values.yaml
@@ -57,6 +57,10 @@ commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
+
## @section Matomo parameters
##