bitnami · migruiz4 · Mar 7, 2025 · Mar 7, 2025 · Mar 7, 2025 · Mar 13, 2025
diff --git a/bitnami/matomo/CHANGELOG.md b/bitnami/matomo/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog
 
-## 9.2.7 (2025-03-21)
+## 9.3.0 (2025-03-27)
 
-* [bitnami/matomo] Fix typo in SMTP authentication value for CRAM-MD5 ([#32354](https://github.com/bitnami/charts/pull/32354))
+* [bitnami/matomo] Set `usePasswordFiles=true` by default ([#32363](https://github.com/bitnami/charts/pull/32363))
+
+## <small>9.2.7 (2025-03-24)</small>
+
+* [bitnami/matomo] Fix typo in SMTP authentication value for CRAM-MD5 (#32354) ([3e8ed41](https://github.com/bitnami/charts/commit/3e8ed41b493b1c92d2dea76d09e5e63c39a006e3)), closes [#32354](https://github.com/bitnami/charts/issues/32354)
 
 ## <small>9.2.6 (2025-03-18)</small>
 

diff --git a/bitnami/matomo/Chart.yaml b/bitnami/matomo/Chart.yaml
@@ -40,4 +40,4 @@ maintainers:
 name: matomo
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/matomo
-version: 9.2.7
+version: 9.3.0
diff --git a/bitnami/matomo/README.md b/bitnami/matomo/README.md
@@ -170,15 +170,16 @@ helm install my-release --set persistence.existingClaim=PVC_NAME oci://REGISTRY_
 
 ### Common parameters
 
-| Name                | Description                                                                                                | Value |
-| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----- |
-| `kubeVersion`       | Force target Kubernetes version (using Helm capabilities if not set)                                       | `""`  |
-| `nameOverride`      | String to partially override matomo.fullname template (will maintain the release name)                     | `""`  |
-| `fullnameOverride`  | String to fully override matomo.fullname template                                                          | `""`  |
-| `namespaceOverride` | String to fully override common.names.namespace                                                            | `""`  |
-| `commonAnnotations` | Common annotations to add to all Matomo resources (sub-charts are not considered). Evaluated as a template | `{}`  |
-| `commonLabels`      | Common labels to add to all Matomo resources (sub-charts are not considered). Evaluated as a template      | `{}`  |
-| `extraDeploy`       | Array of extra objects to deploy with the release (evaluated as a template).                               | `[]`  |
+| Name                | Description                                                                                                | Value  |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- | ------ |
+| `kubeVersion`       | Force target Kubernetes version (using Helm capabilities if not set)                                       | `""`   |
+| `nameOverride`      | String to partially override matomo.fullname template (will maintain the release name)                     | `""`   |
+| `fullnameOverride`  | String to fully override matomo.fullname template                                                          | `""`   |
+| `namespaceOverride` | String to fully override common.names.namespace                                                            | `""`   |
+| `commonAnnotations` | Common annotations to add to all Matomo resources (sub-charts are not considered). Evaluated as a template | `{}`   |
+| `commonLabels`      | Common labels to add to all Matomo resources (sub-charts are not considered). Evaluated as a template      | `{}`   |
+| `extraDeploy`       | Array of extra objects to deploy with the release (evaluated as a template).                               | `[]`   |
+| `usePasswordFiles`  | Mount credentials as files instead of using environment variables                                          | `true` |
 
 ### Matomo parameters
 

diff --git a/bitnami/matomo/templates/cronjob.yaml b/bitnami/matomo/templates/cronjob.yaml
@@ -95,17 +95,26 @@ spec:
                   value: {{ include "matomo.databaseName" . | quote }}
                 - name: MATOMO_DATABASE_USER
                   value: {{ include "matomo.databaseUser" . | quote }}
+                {{- if .Values.usePasswordFiles }}
+                - name: MATOMO_DATABASE_PASSWORD_FILE
+                  value: {{ printf "/opt/bitnami/matomo/secrets/%s" (include "matomo.databasePasswordKey" .) }}
+                {{- else }}
                 - name: MATOMO_DATABASE_PASSWORD
                   valueFrom:
                     secretKeyRef:
                       name: {{ include "matomo.databaseSecretName" . }}
                       key: {{ include "matomo.databasePasswordKey" . | quote }}
+                {{- end }}
                 {{- if gt (len .Values.cronjobs.archive.extraEnvVars) 0  }}
                 {{- toYaml .Values.cronjobs.archive.extraEnvVars | nindent 16 }}
                 {{- end }}
               volumeMounts:
                 - name: matomo-data
                   mountPath: /bitnami/matomo
+                {{- if .Values.usePasswordFiles }}
+                - name: matomo-secrets
+                  mountPath: /opt/bitnami/matomo/secrets
+                {{- end }}
                 {{- if .Values.certificates.customCertificate.certificateSecret }}
                 - name: custom-certificate
                   mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
@@ -274,17 +283,26 @@ spec:
                   value: {{ include "matomo.databaseName" . | quote }}
                 - name: MATOMO_DATABASE_USER
                   value: {{ include "matomo.databaseUser" . | quote }}
+                {{- if .Values.usePasswordFiles }}
+                - name: MATOMO_DATABASE_PASSWORD_FILE
+                  value: {{ printf "/opt/bitnami/matomo/secrets/%s" (include "matomo.databasePasswordKey" .) }}
+                {{- else }}
                 - name: MATOMO_DATABASE_PASSWORD
                   valueFrom:
                     secretKeyRef:
                       name: {{ include "matomo.databaseSecretName" . }}
                       key: {{ include "matomo.databasePasswordKey" . | quote }}
+                {{- end }}
                 {{- if gt (len .Values.cronjobs.taskScheduler.extraEnvVars) 0  }}
                 {{- toYaml .Values.cronjobs.taskScheduler.extraEnvVars | nindent 16 }}
                 {{- end }}
               volumeMounts:
                 - name: matomo-data
                   mountPath: /bitnami/matomo
+                {{- if .Values.usePasswordFiles }}
+                - name: matomo-secrets
+                  mountPath: /opt/bitnami/matomo/secrets
+                {{- end }}
                 {{- if .Values.certificates.customCertificate.certificateSecret }}
                 - name: custom-certificate
                   mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
@@ -312,6 +330,13 @@ spec:
               resources: {{- toYaml .Values.cronjobs.taskScheduler.resources | nindent 16 }}
               {{- end }}
           volumes:
+            {{- if .Values.usePasswordFiles }}
+            - name: matomo-secrets
+              projected:
+                sources:
+                  - secret:
+                      name:  {{ include "matomo.databaseSecretName" . }}
+            {{- end }}
             {{- if .Values.certificates.customCAs }}
             - name: etc-ssl-certs
               emptyDir:

diff --git a/bitnami/matomo/templates/deployment.yaml b/bitnami/matomo/templates/deployment.yaml
@@ -102,20 +102,30 @@ spec:
               value: {{ include "matomo.databaseName" . | quote }}
             - name: MATOMO_DATABASE_USER
               value: {{ include "matomo.databaseUser" . | quote }}
+            {{- if .Values.usePasswordFiles }}
+            - name: MATOMO_DATABASE_PASSWORD_FILE
+              value: {{ printf "/secrets/%s" (include "matomo.databasePasswordKey" .) }}
+            {{- else }}
             - name: MATOMO_DATABASE_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "matomo.databaseSecretName" . }}
                   key: {{ include "matomo.databasePasswordKey" . | quote }}
+            {{- end }}
             - name: MATOMO_SKIP_BOOTSTRAP
               value: {{ ternary "yes" "no" .Values.matomoSkipInstall | quote }}
             - name: MATOMO_USERNAME
               value: {{ .Values.matomoUsername | quote }}
+            {{- if .Values.usePasswordFiles }}
+            - name: MATOMO_PASSWORD_FILE
+              value: "/secrets/matomo-password"
+            {{- else }}
             - name: MATOMO_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "matomo.secretName" . }}
                   key: matomo-password
+            {{- end }}
             - name: MATOMO_EMAIL
               value: {{ .Values.matomoEmail | quote }}
             - name: MATOMO_WEBSITE_NAME
@@ -139,12 +149,17 @@ spec:
               value: {{ .Values.smtpUser | quote }}
             {{- end }}
             {{- if or .Values.smtpPassword .Values.smtpExistingSecret }}
+            {{- if .Values.usePasswordFiles }}
+            - name: MATOMO_SMTP_PASSWORD_FILE
+              value: "/secrets/smtp-password"
+            {{- else }}
             - name: MATOMO_SMTP_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "matomo.smtpSecretName" . }}
                   key: smtp-password
             {{- end }}
+            {{- end }}
             {{- if .Values.smtpProtocol }}
             - name: MATOMO_SMTP_PROTOCOL
               value: {{ .Values.smtpProtocol | quote }}
@@ -226,6 +241,10 @@ spec:
           volumeMounts:
             - name: matomo-data
               mountPath: /bitnami/matomo
+            {{- if .Values.usePasswordFiles }}
+            - name: matomo-secrets
+              mountPath: /secrets
+            {{- end }}
             {{- if .Values.certificates.customCertificate.certificateSecret }}
             - name: custom-certificate
               mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
@@ -279,6 +298,19 @@ spec:
         {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
         {{- end }}
       volumes:
+        {{- if .Values.usePasswordFiles }}
+        - name: matomo-secrets
+          projected:
+            sources:
+              - secret:
+                  name:  {{ include "matomo.databaseSecretName" . }}
+              - secret:
+                  name:  {{ include "matomo.secretName" . }}
+              {{- if or .Values.smtpPassword .Values.smtpExistingSecret }}
+              - secret:
+                  name:  {{ include "matomo.smtpSecretName" . }}
+              {{- end }}
+        {{- end }}
         {{- if .Values.certificates.customCAs }}
         - name: etc-ssl-certs
           emptyDir:

diff --git a/bitnami/matomo/values.yaml b/bitnami/matomo/values.yaml
@@ -57,6 +57,10 @@ commonLabels: {}
 ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
 ##
 extraDeploy: []
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
+
 ## @section Matomo parameters
 ##