[docs] talm: encrypted user values and dry-run secret redaction

[Aleksei Sviridkin (lexfrei)]

What

Adds a 2.4 Encrypted user values and secret redaction section to the next talm install guide.

Why

The talm encrypted-user-values feature — encrypted values-secret.yaml decrypted in memory, honored at both talm template and talm apply, with secrets kept out of committed node files and CI logs — had no user-facing documentation. The new section covers the full workflow (create → encrypt → reference in templateOptions.valueFiles → use in templates) and how secrets are redacted across talm template, talm template -i, and talm apply --dry-run, including --show-secrets / --show-secrets-in-drift and the value-based-matching sharp edge.

Notes

• Lands in next only — the feature ships in talm v0.32.0; not backported to v1.0–v1.4 (older talm).
• Documents the operator-facing side of feat: first-class encrypted user values, honored at template and apply talm#222 (merged).

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	edff884
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/6a3bdbda85a71a000851a4dd
😎 Deploy Preview	https://deploy-preview-590--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Review limit reached

@lexfrei, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 43 minutes and 26 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 19a2b87e-606a-48fe-ba7d-d28366c8a5c7

📥 Commits

Reviewing files that changed from the base of the PR and between a90171c and edff884.

📒 Files selected for processing (1)

• content/en/docs/next/install/kubernetes/talm.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/talm-encrypted-user-values

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[gemini-code-assist]

Code Review

This pull request adds a new section to the Talm documentation explaining how to handle encrypted user values and secret redaction. The feedback suggests formatting the YAML configuration using block style instead of flow style, maintaining American English spelling consistency (e.g., changing 'Behaviour' to 'Behavior' and 'honours' to 'honors'), and correcting a minor grammatical issue.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Using block style for YAML is generally preferred over flow style (JSON-like) in Kubernetes and Helm documentation as it is more readable and consistent with the rest of the examples in this guide.

Suggested change

	templateOptions: { valueFiles: ["values-secret.encrypted.yaml"] }
	templateOptions:
	valueFiles:
	- values-secret.encrypted.yaml

[Aleksei Sviridkin (lexfrei)]

Switched to block style in edff884 — agreed, it reads better and matches the other examples in this guide.

[gemini-code-assist]

The rest of the documentation primarily uses American English spelling (e.g., optimized, customizable, customization). Consider changing Behaviour to Behavior to maintain spelling consistency across the document.

[Aleksei Sviridkin (lexfrei)]

Fixed in edff884 (Behaviour → Behavior).

[gemini-code-assist]

Add a comma after By default to improve readability and grammatical correctness.

[Aleksei Sviridkin (lexfrei)]

Added the comma in edff884.

[gemini-code-assist]

Consider changing honours to honors to remain consistent with the American English spelling used throughout the rest of the documentation.

[Aleksei Sviridkin (lexfrei)]

Fixed in edff884 (honours → honors).