Skip to main content

Migrate Nexus Repository Clustered Deployments to Use External Secrets Operator

As of release 3.74.0, resilient and highly available Sonatype Nexus Repository deployments can use an external secrets operator. This simplifies configuration over other methods of managing secrets (e.g., secrets store CSI).

If you were previously using the secrets store CSI method in an AWS or Azure deployment, take these steps to migrate to using an external secrets operator:

  1. Scale your Sonatype Nexus Repository pods down to 0.

  2. Install the external secrets operator following the external secrets documentation.

  3. Follow the appropriate instructions in the external secrets provider documentation for setting up permissions for the external secrets operator for your provider.

  4. Follow the instructions in our HA README file for updating your values.yaml to use external secrets.

  5. Ensure secret.azure.nexusSecret.enabled and azure.keyvault.enabled are false in your values.yaml.

  6. Scale your Nexus Repository pods back up to your desired number.