Skip to content

Configuration

Configure OpenDepot for your environment. All configuration is done through Helm chart values — no config files to manage.

  •  Namespace-Scoped Mode

    Restrict OpenDepot to a single namespace using Role and RoleBinding instead of cluster-wide ClusterRole resources.

  •  GitHub Authentication

    Configure a GitHub App to authenticate API requests and increase rate limits when using the Depot controller with private repositories.

  •  TLS

    Terminate TLS on the OpenDepot server using a Kubernetes Secret, or delegate to an Ingress controller or service mesh.

  •  GPG Signing

    Set up GPG signing for provider SHA256SUMS files so OpenTofu can cryptographically verify provider archives.

  •  Vulnerability Scanning

    Enable Trivy-based vulnerability scanning for provider binaries and source dependencies, with optional policy enforcement to block critical or high findings.