From 76523ddd1436a89623476f61654fdb8e8848aa03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= <joe@adorsys.de>
Date: Sun, 25 Oct 2020 18:32:44 +0100
Subject: [PATCH] Add remote files

---
 .github/workflows/ci.yaml                     |  1 +
 CHANGELOG.md                                  |  4 ++
 README.md                                     | 21 ++++++++
 scripts/commands/dec.sh                       | 23 ++++----
 scripts/commands/enc.sh                       |  2 +-
 scripts/commands/helm.sh                      | 22 ++++----
 scripts/commands/view.sh                      |  6 ++-
 scripts/install.sh                            | 16 +++---
 scripts/lib/file.sh                           | 50 +++++++++++++++++
 scripts/lib/file/custom.sh                    | 16 ++++++
 .../lib/file/helm-values-getter/Chart.yaml    |  3 ++
 .../helm-values-getter/templates/values.yaml  |  1 +
 .../lib/file/helm-values-getter/values.yaml   |  0
 scripts/lib/file/http.sh                      | 16 ++++++
 scripts/lib/file/local.sh                     | 15 ++++++
 scripts/lib/http.sh                           | 11 ++++
 scripts/run.sh                                | 53 ++++++++++++-------
 tests/assets/values/noop/index.yaml           | 22 --------
 tests/assets/values/sops/index.yaml           | 28 ----------
 tests/assets/values/vault/index.yaml          |  4 --
 tests/it/diff.bats                            | 36 ++++++++++++-
 tests/it/install.bats                         | 41 +++++++++++++-
 tests/it/upgrade.bats                         | 41 +++++++++++++-
 tests/lib/helper.bash                         | 22 ++++++--
 tests/unit/dec.bats                           | 35 ++++++++++--
 tests/unit/edit.bats                          | 30 ++---------
 tests/unit/enc.bats                           | 12 ++---
 tests/unit/template.bats                      | 39 ++++++++++++--
 28 files changed, 413 insertions(+), 157 deletions(-)
 create mode 100644 scripts/lib/file.sh
 create mode 100644 scripts/lib/file/custom.sh
 create mode 100644 scripts/lib/file/helm-values-getter/Chart.yaml
 create mode 100644 scripts/lib/file/helm-values-getter/templates/values.yaml
 create mode 100644 scripts/lib/file/helm-values-getter/values.yaml
 create mode 100644 scripts/lib/file/http.sh
 create mode 100644 scripts/lib/file/local.sh
 create mode 100644 scripts/lib/http.sh
 delete mode 100644 tests/assets/values/noop/index.yaml
 delete mode 100644 tests/assets/values/sops/index.yaml
 delete mode 100644 tests/assets/values/vault/index.yaml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index c4b3536a..92c5f21d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -22,6 +22,7 @@ jobs:
         uses: luizm/action-sh-checker@v0.1.8
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SHELLCHECK_OPTS: -x
         with:
           sh_checker_comment: true
           sh_checker_exclude: "tests"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f2f40d2..cf1c6c4e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,8 +8,12 @@ Allow override sops version on installation
 
 ## [Unreleased]
 
+From this version, the installation on Helm 2 requires additional steps.
+Check [README.md](README.md#installation-on-helm-2) 
+
 ### Added
 - Implement alternate syntax (https://github.com/jkroepke/helm-secrets/pull/52)
+- Remote values support (supporting http:// and helm downloader plugins) (https://github.com/jkroepke/helm-secrets/pull/54)
 
 ## [3.3.5] - 2020-10-16
 
diff --git a/README.md b/README.md
index 11f149f1..22068072 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,27 @@ curl -LsSf https://github.com/jkroepke/helm-secrets/releases/download/v3.3.4/hel
 curl -LsSf https://github.com/jkroepke/helm-secrets/releases/download/v3.3.4/helm-secrets.tar.gz | tar -C "$HOME/.local/share/helm/plugins" -xzf-
 ```
 
+### Installation on Helm 2
+Helm 2 doesn't support downloader plugins. Since unknown keys in `plugin.yaml` are fatal, then plugin installation need special handling.
+
+Error on Helm 2 installation:
+```
+# helm plugin install https://github.com/jkroepke/helm-secrets
+Error: yaml: unmarshal errors:
+  line 12: field platformCommand not found in type plugin.Metadata
+```
+
+Workaround:
+
+1. Install helm-secrets via [manual installation](README.md#manual-installation)
+2. Strip `platformCommand` from `plugin.yaml`:
+   ```
+   sed -i '/platformCommand:/,+2 d' "${HELM_HOME:-"${HOME}/.helm"}/plugins/helm-secrets*/plugin.yaml"
+   ```
+3. Done
+
+Client [here](https://github.com/adorsys-containers/ci-helm/blob/f9a8a5bf8953ab876266ca39ccbdb49228e9f117/images/2.17/Dockerfile#L91) for an example!
+
 ## Change secret driver
 
 It's possible to use another secret driver then sops, e.g. Hasicorp Vault.
diff --git a/scripts/commands/dec.sh b/scripts/commands/dec.sh
index b711c61e..1c2a5b63 100644
--- a/scripts/commands/dec.sh
+++ b/scripts/commands/dec.sh
@@ -21,21 +21,21 @@ EOF
 }
 
 decrypt_helper() {
-    file="${1}"
+    encrypted_file="${1}"
 
-    if [ ! -f "$file" ]; then
-        printf 'File does not exist: %s\n' "${file}"
+    if ! encrypted_file_path=$(_file_get "${encrypted_file}"); then
+        printf '[helm-secrets] File does not exist: %s\n' "${encrypted_file}"
         exit 1
     fi
 
-    if ! driver_is_file_encrypted "${file}"; then
+    if ! driver_is_file_encrypted "${encrypted_file_path}"; then
         return 1
     fi
 
-    file_dec="$(file_dec_name "${file}")"
+    encrypted_file_dec="$(_file_dec_name "${encrypted_file_path}")"
 
-    if ! driver_decrypt_file "yaml" "${file}" "${file_dec}"; then
-        printf 'Error while decrypting file: %s\n' "${file}"
+    if ! driver_decrypt_file "yaml" "${encrypted_file_path}" "${encrypted_file_dec}"; then
+        printf '[helm-secrets] Error while decrypting file: %s\n' "${file}"
         exit 1
     fi
 
@@ -50,11 +50,6 @@ dec() {
 
     file="$1"
 
-    if [ ! -f "${file}" ]; then
-        printf 'File does not exist: %s\n' "${file}"
-        exit 1
-    else
-        printf 'Decrypting %s\n' "${file}"
-        decrypt_helper "${file}"
-    fi
+    printf '[helm-secrets] Decrypting %s\n' "${file}"
+    decrypt_helper "${file}"
 }
diff --git a/scripts/commands/enc.sh b/scripts/commands/enc.sh
index afbaf72f..35733803 100644
--- a/scripts/commands/enc.sh
+++ b/scripts/commands/enc.sh
@@ -33,7 +33,7 @@ encrypt_helper() {
         printf 'File does not exist: %s\n' "${dir}/${file}"
         exit 1
     fi
-    file_dec="$(file_dec_name "${file}")"
+    file_dec="$(_file_dec_name "${file}")"
 
     if [ ! -f "${file_dec}" ]; then
         file_dec="${file}"
diff --git a/scripts/commands/helm.sh b/scripts/commands/helm.sh
index d0795ea8..c1159753 100644
--- a/scripts/commands/helm.sh
+++ b/scripts/commands/helm.sh
@@ -24,7 +24,9 @@ Typical usage:
 EOF
 }
 
-helm_wrapper_cleanup() {
+decrypted_files=$(mktemp)
+
+_trap_hook() {
     if [ -s "${decrypted_files}" ]; then
         if [ "${QUIET}" = "false" ]; then
             echo >&2
@@ -33,20 +35,15 @@ helm_wrapper_cleanup() {
         else
             xargs -0 rm >&2 <"${decrypted_files}"
         fi
-    fi
 
-    rm "${decrypted_files}"
+        rm "${decrypted_files}"
+    fi
 }
 
 helm_wrapper() {
-    decrypted_files=$(mktemp)
-
     argc=$#
     j=0
 
-    #cleanup on-the-fly decrypted files
-    trap helm_wrapper_cleanup EXIT
-
     while [ $j -lt $argc ]; do
         case "$1" in
         --)
@@ -71,7 +68,12 @@ helm_wrapper() {
                 ;;
             esac
 
-            file_dec="$(file_dec_name "${file}")"
+            if ! real_file=$(_file_get "${file}"); then
+                printf '[helm-secrets] File does not exist: %s\n' "${file}"
+                exit 1
+            fi
+
+            file_dec="$(_file_dec_name "${real_file}")"
             if [ -f "${file_dec}" ]; then
                 set -- "$@" "$file_dec"
 
@@ -79,7 +81,7 @@ helm_wrapper() {
                     printf '[helm-secrets] Decrypt skipped: %s' "${file}" >&2
                 fi
             else
-                if decrypt_helper "${file}"; then
+                if decrypt_helper "${real_file}"; then
                     set -- "$@" "$file_dec"
                     printf '%s\0' "${file_dec}" >>"${decrypted_files}"
 
diff --git a/scripts/commands/view.sh b/scripts/commands/view.sh
index a4cf382c..a54788ee 100644
--- a/scripts/commands/view.sh
+++ b/scripts/commands/view.sh
@@ -17,12 +17,14 @@ EOF
 view_helper() {
     file="$1"
 
-    if [ ! -f "${file}" ]; then
+    if ! _file_exists "$file"; then
         printf 'File does not exist: %s\n' "${file}"
         exit 1
     fi
 
-    driver_decrypt_file "yaml" "${file}"
+    real_file=$(_file_get "${file}")
+
+    driver_decrypt_file "yaml" "${real_file}"
 }
 
 view() {
diff --git a/scripts/install.sh b/scripts/install.sh
index dda9654c..6e8f5d4e 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -2,6 +2,12 @@
 
 set -eu
 
+# Path to current directory
+SCRIPT_DIR="$(dirname "$0")"
+
+# shellcheck source=scripts/lib/http.sh
+. "${SCRIPT_DIR}/lib/http.sh"
+
 SOPS_DEFAULT_VERSION="v3.6.1"
 SOPS_VERSION="${SOPS_VERSION:-$SOPS_DEFAULT_VERSION}"
 SOPS_LINUX_URL="${SOPS_LINUX_URL:-"https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux"}"
@@ -13,16 +19,6 @@ RED='\033[0;31m'
 #YELLOW='\033[1;33m'
 NOC='\033[0m'
 
-download() {
-    if command -v curl >/dev/null; then
-        curl -sSfL "$1"
-    elif command -v wget >/dev/null; then
-        wget -q -O- "$1"
-    else
-        return 1
-    fi
-}
-
 get_sha_256() {
     if command -v sha256sum >/dev/null; then
         res=$(sha256sum "$1")
diff --git a/scripts/lib/file.sh b/scripts/lib/file.sh
new file mode 100644
index 00000000..5ab5991b
--- /dev/null
+++ b/scripts/lib/file.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env sh
+
+# shellcheck source=scripts/lib/file/local.sh
+. "${SCRIPT_DIR}/lib/file/local.sh"
+
+# shellcheck source=scripts/lib/file/http.sh
+. "${SCRIPT_DIR}/lib/file/http.sh"
+
+# shellcheck source=scripts/lib/file/custom.sh
+. "${SCRIPT_DIR}/lib/file/custom.sh"
+
+_file_get_protocol() {
+    case "$1" in
+    http*)
+        echo "http"
+        ;;
+    *://*)
+        echo "custom"
+        ;;
+    *)
+        echo "local"
+        ;;
+    esac
+}
+
+_file_exists() {
+    file_type=$(_file_get_protocol "${1}")
+
+    _file_"${file_type}"_exists "$@"
+}
+
+_file_get() {
+    file_type=$(_file_get_protocol "${1}")
+
+    _file_"${file_type}"_get "$@"
+}
+
+_file_put() {
+    file_type=$(_file_get_protocol "${1}")
+
+    _file_"${file_type}"_put "$@"
+}
+
+_file_dec_name() {
+    if [ "${DEC_DIR}" != "" ]; then
+        printf '%s' "${DEC_DIR}/$(basename "${1}" ".yaml")${DEC_SUFFIX}"
+    else
+        printf '%s' "$(dirname "${1}")/$(basename "${1}" ".yaml")${DEC_SUFFIX}"
+    fi
+}
diff --git a/scripts/lib/file/custom.sh b/scripts/lib/file/custom.sh
new file mode 100644
index 00000000..86abee80
--- /dev/null
+++ b/scripts/lib/file/custom.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+
+_file_custom_exists() {
+    _file_custom_get "$@" >/dev/null
+}
+
+_file_custom_get() {
+    _tmp_file=$(mktemp)
+    helm template "${SCRIPT_DIR}/lib/file/helm-values-getter" -f "${1}" >"${_tmp_file}"
+    printf '%s' "${_tmp_file}"
+}
+
+_file_custom_put() {
+    echo "Can't write to remote files!"
+    exit 1
+}
diff --git a/scripts/lib/file/helm-values-getter/Chart.yaml b/scripts/lib/file/helm-values-getter/Chart.yaml
new file mode 100644
index 00000000..fea58ff8
--- /dev/null
+++ b/scripts/lib/file/helm-values-getter/Chart.yaml
@@ -0,0 +1,3 @@
+apiVersion: v2
+name: helm-values-getter
+version: 1.0.0
diff --git a/scripts/lib/file/helm-values-getter/templates/values.yaml b/scripts/lib/file/helm-values-getter/templates/values.yaml
new file mode 100644
index 00000000..4bdbf9db
--- /dev/null
+++ b/scripts/lib/file/helm-values-getter/templates/values.yaml
@@ -0,0 +1 @@
+{{- .Values | toYaml -}}
diff --git a/scripts/lib/file/helm-values-getter/values.yaml b/scripts/lib/file/helm-values-getter/values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/scripts/lib/file/http.sh b/scripts/lib/file/http.sh
new file mode 100644
index 00000000..374e229b
--- /dev/null
+++ b/scripts/lib/file/http.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+
+_file_http_exists() {
+    _file_http_get "$@" >/dev/null
+}
+
+_file_http_get() {
+    _tmp_file=$(mktemp)
+    download "${1}" >"${_tmp_file}"
+    printf '%s' "${_tmp_file}"
+}
+
+_file_http_put() {
+    echo "Can't write to remote files!"
+    exit 1
+}
diff --git a/scripts/lib/file/local.sh b/scripts/lib/file/local.sh
new file mode 100644
index 00000000..1fc72638
--- /dev/null
+++ b/scripts/lib/file/local.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+
+set -eu
+
+_file_local_exists() {
+    test -f "${1}"
+}
+
+_file_local_get() {
+    _file_local_exists "$@" && printf '%s' "${1}"
+}
+
+_file_local_put() {
+    cat - >"${1}"
+}
diff --git a/scripts/lib/http.sh b/scripts/lib/http.sh
new file mode 100644
index 00000000..201008cc
--- /dev/null
+++ b/scripts/lib/http.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+download() {
+    if command -v curl >/dev/null; then
+        curl -sSfL "$1"
+    elif command -v wget >/dev/null; then
+        wget -q -O- "$1"
+    else
+        return 1
+    fi
+}
diff --git a/scripts/run.sh b/scripts/run.sh
index 16be25cc..d047cee7 100755
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -5,6 +5,9 @@ set -eu
 # Path to current directory
 SCRIPT_DIR="$(dirname "$0")"
 
+# Create temporary directory
+TMPDIR="${HELM_SECRETS_DEC_TMP_DIR:-$(mktemp -d)}"
+
 # Output debug infos
 QUIET="${HELM_SECRETS_QUIET:-false}"
 
@@ -19,6 +22,24 @@ DEC_DIR="${HELM_SECRETS_DEC_DIR:-}"
 # Make sure HELM_BIN is set (normally by the helm command)
 HELM_BIN="${HELM_BIN:-helm}"
 
+# shellcheck source=scripts/lib/file.sh
+. "${SCRIPT_DIR}/lib/file.sh"
+
+# shellcheck source=scripts/lib/http.sh
+. "${SCRIPT_DIR}/lib/http.sh"
+
+_trap_hook() {
+    true
+}
+
+_trap() {
+    rm -rf "${TMPDIR}"
+
+    _trap_hook
+}
+
+trap _trap EXIT
+
 usage() {
     cat <<EOF
 Secrets encryption in Helm Charts
@@ -52,29 +73,21 @@ is_help() {
     esac
 }
 
-file_dec_name() {
-    if [ "${DEC_DIR}" != "" ]; then
-        printf '%s' "${DEC_DIR}/$(basename "${1}" ".yaml")${DEC_SUFFIX}"
-    else
-        printf '%s' "$(dirname "${1}")/$(basename "${1}" ".yaml")${DEC_SUFFIX}"
-    fi
-}
-
 load_secret_driver() {
     driver="${1}"
-    if [ -f "${driver}" ]; then
+    if [ -f "${SCRIPT_DIR}/drivers/${driver}.sh" ]; then
+        # shellcheck source=scripts/drivers/sops.sh
+        . "${SCRIPT_DIR}/drivers/${driver}.sh"
+    else
         # Allow to load out of tree drivers.
+        if [ ! -f "${driver}" ]; then
 
-        # shellcheck disable=SC1090
-        . "${driver}"
-    else
-        if [ ! -f "${SCRIPT_DIR}/drivers/${driver}.sh" ]; then
             echo "Can't find secret driver: ${driver}"
             exit 1
         fi
 
         # shellcheck disable=SC1090
-        . "${SCRIPT_DIR}/drivers/${driver}.sh"
+        . "${driver}"
     fi
 }
 
@@ -83,7 +96,7 @@ load_secret_driver "$SECRET_DRIVER"
 while true; do
     case "${1:-}" in
     enc)
-        # shellcheck disable=SC1090
+        # shellcheck source=scripts/commands/enc.sh
         . "${SCRIPT_DIR}/commands/enc.sh"
 
         if [ $# -lt 2 ]; then
@@ -95,7 +108,7 @@ while true; do
         break
         ;;
     dec)
-        # shellcheck disable=SC1090
+        # shellcheck source=scripts/commands/dec.sh
         . "${SCRIPT_DIR}/commands/dec.sh"
 
         if [ $# -lt 2 ]; then
@@ -107,7 +120,7 @@ while true; do
         break
         ;;
     view)
-        # shellcheck disable=SC1090
+        # shellcheck source=scripts/commands/view.sh
         . "${SCRIPT_DIR}/commands/view.sh"
 
         if [ $# -lt 2 ]; then
@@ -119,7 +132,7 @@ while true; do
         break
         ;;
     edit)
-        # shellcheck disable=SC1090
+        # shellcheck source=scripts/commands/edit.sh
         . "${SCRIPT_DIR}/commands/edit.sh"
 
         if [ $# -lt 2 ]; then
@@ -131,7 +144,7 @@ while true; do
         break
         ;;
     clean)
-        # shellcheck disable=SC1090
+        # shellcheck source=scripts/commands/clean.sh
         . "${SCRIPT_DIR}/commands/clean.sh"
 
         if [ $# -lt 2 ]; then
@@ -159,7 +172,7 @@ while true; do
         exit 1
         ;;
     *)
-        # shellcheck disable=SC1090
+        # shellcheck source=scripts/commands/helm.sh
         . "${SCRIPT_DIR}/commands/helm.sh"
         helm_command "$@"
         break
diff --git a/tests/assets/values/noop/index.yaml b/tests/assets/values/noop/index.yaml
deleted file mode 100644
index 8cfa01f2..00000000
--- a/tests/assets/values/noop/index.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-global_secret: global_bar
-key: |-
-    -----BEGIN PGP MESSAGE-----
-
-    wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P
-    PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI
-    3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY
-    c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj
-    yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE
-    PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9
-    GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i
-    yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0
-    GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1
-    K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr
-    DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS
-    4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi
-    EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h
-    EzAA
-    =jf7D
-    -----END PGP MESSAGE-----
-service:
-    port: 81
diff --git a/tests/assets/values/sops/index.yaml b/tests/assets/values/sops/index.yaml
deleted file mode 100644
index c6923e24..00000000
--- a/tests/assets/values/sops/index.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-global_secret: ENC[AES256_GCM,data:QSuqKj9jUft+Ug==,iv:CXfhR2O5l6IF8KI5SSDxMiWQ7kghfHHb1wASAJ7JMPw=,tag:g/n7/KeltD1ODvolNCLD1w==,type:str]
-key: ENC[AES256_GCM,data:9nAQWTLrA71vJ82ebiEWOP/bt3B3AjCllGRiAU1szxcN95papkFeNRl3mBJT0fqhbsMD/B3hmO+kRbxxzoDAezXI0gDIrlo9fyxoSwzsRxYBzHqg4USFs6iI+THFQLkxDaCu45Ku2cxksdBTBFpswkyk0ZBFhASLfT59GhWji4+n19MXPwb0tyGiCyIpgteXBA7FdMCiLc4ZRTZechZVpvfu1EJf5UgDT39dBAn9+Rwn0oQpDKTHij908VLsH18XcCgISYnixyoShqQxtmFbLipi1Blzs5zqgYFE7BbZ6ZgdCm69/WSXBiLabG+KYMPeEYXI6IRMbf+5qteWqEriRLmjKKbRFRjIdPI3+6ysySje0xYSUHOD3YjpzzeiQPT0OqzPJ/H7LZAO+/MUhel7h83HxzWYR33ieJLE/MghpQYN4zPgqzK4XQpb5ERHtpGrXSbzcSIcICTDrlNf9T7r3SzmHXulUMAIx/AH0s3Kyuv0BzUKWYNNgwj9j99FxofQsdJHx16qph0vu7y1iKu9/Jy89rPWn/LOh8llCGztQj+TXygnUyUfMHXMBAe0X+abCu7WcWuij9ow+adA9HxCA8ezue1pPPDoPTk0OnM7FUxVdgLgEBZu0gEl3jkhVEhouLIka08fE6eJL/iNmepqFb+x815pPVVsJkDDeKxjxt+YwAYgm3BX+ZZdLZVtg93AIEPUeBgZRGw4bYQWvsKwmC8zZhLvMsyX4NwKTj+gViXsCrSv92i1epZZwrzj+xszExz3k3633VdwMOqNtK0/c9GhzSNSktkw9yKMSGTEp4O8TYepovjM/Vei0M9FQ0+rQfLEaRyPMeCIhysh2ggXxIWr5kQdEH3KCIm1aJDRA9QVOvUeXcenfN7x9pG9mqMNkumVu4ops4rDCOy/NlSvJW+n7vk+wHqSIKtwWZxNX+HRQgSmHZmvQS8IEyK5vQOxD8rQD2Er+w6Io6PvLm2F1Op1mV7ea+Lvg2pStFkQVCgRP/TbejN7gNBEsNTkel1D1uEgT2wvN+j2iFvNyEhUFUylaeUBYmDHJ9ZjQqJ2/3QZzR2yN2i+HN9sVZGdHm6bBH08GtDmjliqh8CKRjh0OMJfCZ1ZcoSBz1/m0E5zAZl3ZMuTDZaW70QsO4FoxA0oUqD14c4nxhqL3B9SxA6ErrYWY1+j3vo/ws6sBzWWzLXC59SwlwMg3PytxNWLpw==,iv:w0KBImdBsS63co+HyQVOYOxOFI/tLeRYnr+L+lCcNo8=,tag:ReQ99Km7LDQwEnlN/ppmxg==,type:str]
-service:
-    port: ENC[AES256_GCM,data:o3U=,iv:9NmG3nt9dutvAlXUk4cPFIiq69F+5Npf5vFDMLKipuE=,tag:Y/wUBGdB05WfC4FTokGvzw==,type:int]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    lastmodified: '2020-05-06T20:54:31Z'
-    mac: ENC[AES256_GCM,data:pgCBRi189SbfeNz1DnI7kAaEC/GwfjjfW+bWTU2OHrBRGmkioC4aaRMdGJJ1i98DFyxAhfSha5wzNsipN8tg4ZYstp8OrIjXbi3KWAzRzWqwECK8W3SgRhReZ48hHd+vVvxK7xFoV2cCtPIvJnXESZ+3PetMULxgjzAnJhIiNGE=,iv:meLE4+eocQV3GhZwLhdTsJbOWmIlZD/VLHGkXUMfUIo=,tag:1qfijLq9RVu7qPi0WdPjfQ==,type:str]
-    pgp:
-    -   created_at: '2020-05-06T20:54:30Z'
-        enc: |
-            -----BEGIN PGP MESSAGE-----
-
-            hQEMA9ce5qCwOO4MAQgAhLFu+zlo/fPrfAVGeQVEIEttihpMzo7CSRJDGYqSqgOO
-            g/NbA/hDVWkE9jzGnxDY01W9RR4FOss+yd1SHlNzsPDDfkXi8e2PA8tNR6XKyoSq
-            aCMYE4TP8JnH2hplxWucib5va2EUkgwAF+86I/ISlMLIXqeVE6xKJAuGcPQ8UwDG
-            YUO5KzcLF8oTyoRGxvakIiCAfCWrzz7wBkT8KG5t8pQvucTtvzOpiexRL/9OU+SA
-            Spgp8WPds+A9WArkLVQ7lcZhI0XiMxITmZdBgXGIG+1pMoGjajXUk2SA5FXeHkgH
-            kgfAhsDlEI3mfSwYMwuFP5/659Wl3gWkMIlTpfBY2NJeAUeCmOKYRwTHR8UFa2Gg
-            wF7wB+aj71S6v4kO932ZFHNNL0JS8OGqg/IigOhgjIC/7ozHehhKNIxCUre2g1Ws
-            dj7U81vziuDuH/sOrgwYdqfQHa6ytoomZbiYLQl4wg==
-            =5Jl6
-            -----END PGP MESSAGE-----
-        fp: D6174A02027050E59C711075B430C4E58E2BBBA3
-    unencrypted_suffix: _unencrypted
-    version: 3.5.0
diff --git a/tests/assets/values/vault/index.yaml b/tests/assets/values/vault/index.yaml
deleted file mode 100644
index 8ccf04b1..00000000
--- a/tests/assets/values/vault/index.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-global_secret: !vault secret/production#global_secret
-key: !vault secret/gpg#key
-service:
-  port: !vault secret/production#port
diff --git a/tests/it/diff.bats b/tests/it/diff.bats
index 70ce602d..f8c5904a 100755
--- a/tests/it/diff.bats
+++ b/tests/it/diff.bats
@@ -223,7 +223,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "diff: helm diff upgrade w/ chart + secrets.yaml + sops://" {
-    if is_windows || [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if is_windows || ! is_driver_sops; then
         skip
     fi
 
@@ -237,3 +237,37 @@ load '../bats/extensions/bats-file/load'
     assert_success
     assert_output --partial "port: 81"
 }
+
+@test "diff: helm diff upgrade w/ chart + secrets.yaml + http://" {
+    helm_plugin_install "diff"
+    FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
+    RELEASE="diff-$(date +%s)-${SEED}"
+
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets diff upgrade --no-color --allow-unreleased "${RELEASE}" "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "port: 81"
+    assert_output --partial "[helm-secrets] Removed: "
+    assert [ ! -f "${FILE}.dec" ]
+}
+
+@test "diff: helm install w/ chart + secrets.yaml + git://" {
+    if ! is_driver_sops || is_windows; then
+        skip
+    fi
+
+    helm_plugin_install "git"
+    FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
+    RELEASE="diff-$(date +%s)-${SEED}"
+
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets diff upgrade --no-color --allow-unreleased "${RELEASE}" "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "port: 81"
+    assert_output --partial "[helm-secrets] Removed: "
+    assert [ ! -f "${FILE}.dec" ]
+}
diff --git a/tests/it/install.bats b/tests/it/install.bats
index 3742f3d5..d9c2ec51 100755
--- a/tests/it/install.bats
+++ b/tests/it/install.bats
@@ -241,7 +241,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "install: helm install w/ chart + secrets.yaml + sops://" {
-    if is_windows || [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if is_windows || ! is_driver_sops; then
         skip
     fi
 
@@ -257,3 +257,42 @@ load '../bats/extensions/bats-file/load'
     assert_success
     assert_output --partial "port: 81"
 }
+
+@test "install: helm install w/ chart + secrets.yaml + http://" {
+    FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
+    RELEASE="install-$(date +%s)-${SEED}"
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets install "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "STATUS: deployed"
+    assert_output --partial "[helm-secrets] Removed: "
+    assert [ ! -f "${FILE}.dec" ]
+
+    run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
+    assert_success
+    assert_output --partial "port: 81"
+}
+
+@test "install: helm install w/ chart + secrets.yaml + git://" {
+    if ! is_driver_sops || is_windows; then
+        skip
+    fi
+
+    helm_plugin_install "git"
+    FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
+    RELEASE="install-$(date +%s)-${SEED}"
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets install "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "STATUS: deployed"
+    assert_output --partial "[helm-secrets] Removed: "
+    assert [ ! -f "${FILE}.dec" ]
+
+    run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
+    assert_success
+    assert_output --partial "port: 81"
+}
diff --git a/tests/it/upgrade.bats b/tests/it/upgrade.bats
index cd75df98..027703f7 100755
--- a/tests/it/upgrade.bats
+++ b/tests/it/upgrade.bats
@@ -240,7 +240,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "upgrade: helm upgrade w/ chart + secrets.yaml + sops://" {
-    if is_windows || [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if is_windows || ! is_driver_sops; then
         skip
     fi
 
@@ -256,3 +256,42 @@ load '../bats/extensions/bats-file/load'
     assert_success
     assert_output --partial "port: 81"
 }
+
+@test "upgrade: helm upgrade w/ chart + secrets.yaml + http://" {
+    FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
+    RELEASE="upgrade-$(date +%s)-${SEED}"
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets upgrade -i "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "STATUS: deployed"
+    assert_output --partial "[helm-secrets] Removed: "
+    assert [ ! -f "${FILE}.dec" ]
+
+    run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
+    assert_success
+    assert_output --partial "port: 81"
+}
+
+@test "upgrade: helm install w/ chart + secrets.yaml + git://" {
+    if ! is_driver_sops || is_windows; then
+        skip
+    fi
+
+    helm_plugin_install "git"
+    FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
+    RELEASE="upgrade-$(date +%s)-${SEED}"
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets upgrade -i "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "STATUS: deployed"
+    assert_output --partial "[helm-secrets] Removed: "
+    assert [ ! -f "${FILE}.dec" ]
+
+    run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
+    assert_success
+    assert_output --partial "port: 81"
+}
diff --git a/tests/lib/helper.bash b/tests/lib/helper.bash
index 3f31abbf..07fe97d7 100644
--- a/tests/lib/helper.bash
+++ b/tests/lib/helper.bash
@@ -5,7 +5,11 @@ HELM_CACHE="${TEST_DIR}/.tmp/cache/$(uname)/helm"
 REAL_HOME="${HOME}"
 
 is_windows() {
-    ! [[ "$(uname)" == "Darwin" || "$(uname)" == "Linux"  ]]
+    ! [[ "$(uname)" == "Darwin" || "$(uname)" == "Linux" ]]
+}
+
+is_driver_sops() {
+    [ "${HELM_SECRETS_DRIVER}" == "sops" ]
 }
 
 _shasum() {
@@ -46,6 +50,9 @@ setup() {
     TEST_TEMP_DIR="$(TMPDIR="${W_TEMP:-/tmp/}" mktemp -d)"
     HOME="$(mktemp -d)"
 
+    # shellcheck disable=SC2034
+    XDG_DATA_HOME="${HOME}"
+
     # Windows
     # See: https://github.com/helm/helm/blob/b4f8312dbaf479e5f772cd17ae3768c7a7bb3832/pkg/helmpath/lazypath_windows.go#L22
     # shellcheck disable=SC2034
@@ -59,7 +66,6 @@ setup() {
         mkdir "${SPECIAL_CHAR_DIR}"
     fi
 
-
     # install helm plugin
     helm plugin install "${GIT_ROOT}"
 
@@ -133,12 +139,20 @@ helm_plugin_install() {
         if ! env APPDATA="${HELM_CACHE}/home/" HOME="${HELM_CACHE}/home/" helm plugin list | grep -q "${1}"; then
             case "${1}" in
             kubeval)
-                env APPDATA="${HELM_CACHE}/home/" HOME="${HELM_CACHE}/home/" helm plugin install https://github.com/instrumenta/helm-kubeval
+                URL="https://github.com/instrumenta/helm-kubeval"
                 ;;
             diff)
-                env APPDATA="${HELM_CACHE}/home/" HOME="${HELM_CACHE}/home/" helm plugin install https://github.com/databus23/helm-diff
+                URL="https://github.com/databus23/helm-diff"
+                ;;
+            git)
+                # See: https://github.com/aslafy-z/helm-git/pull/120
+                #URL="https://github.com/aslafy-z/helm-git"
+                URL="https://github.com/jkroepke/helm-git"
+                VERSION="patch-1"
                 ;;
             esac
+
+            env APPDATA="${HELM_CACHE}/home/" HOME="${HELM_CACHE}/home/" helm plugin install "${URL}" ${VERSION:+--version ${VERSION}}
         fi
 
         cp -r "${HELM_CACHE}/home/." "${HOME}"
diff --git a/tests/unit/dec.bats b/tests/unit/dec.bats
index 71367329..5fab280d 100755
--- a/tests/unit/dec.bats
+++ b/tests/unit/dec.bats
@@ -28,7 +28,7 @@ load '../bats/extensions/bats-file/load'
 
     run helm secrets dec "${FILE}"
     assert_success
-    assert_output "Decrypting ${FILE}"
+    assert_output "[helm-secrets] Decrypting ${FILE}"
     assert_file_exist "${FILE}.dec"
 
     run cat "${FILE}.dec"
@@ -42,7 +42,7 @@ load '../bats/extensions/bats-file/load'
 
     run helm secrets dec "${FILE}"
     assert_success
-    assert_output "Decrypting ${FILE}"
+    assert_output "[helm-secrets] Decrypting ${FILE}"
     assert_file_exist "${FILE}.dec"
 
     run cat "${FILE}.dec"
@@ -60,7 +60,7 @@ load '../bats/extensions/bats-file/load'
 
     run helm secrets dec "${FILE}"
     assert_success
-    assert_output "Decrypting ${FILE}"
+    assert_output "[helm-secrets] Decrypting ${FILE}"
     assert_file_exist "${FILE}.dec"
 
     run cat "${FILE}.dec"
@@ -77,7 +77,7 @@ load '../bats/extensions/bats-file/load'
 
     run helm secrets dec "${FILE}"
     assert_success
-    assert_output "Decrypting ${FILE}"
+    assert_output "[helm-secrets] Decrypting ${FILE}"
     assert [ -e "${FILE}.test" ]
 
     run cat "${FILE}.test"
@@ -94,7 +94,7 @@ load '../bats/extensions/bats-file/load'
 
     run helm secrets dec "${FILE}"
     assert_success
-    assert_output "Decrypting ${FILE}"
+    assert_output "[helm-secrets] Decrypting ${FILE}"
     assert_file_exist "${HELM_SECRETS_DEC_DIR}/secrets.yaml.dec"
 
     run cat "${HELM_SECRETS_DEC_DIR}/secrets.yaml.dec"
@@ -102,3 +102,28 @@ load '../bats/extensions/bats-file/load'
     assert_output --partial 'global_secret: '
     assert_output --partial 'global_bar'
 }
+
+@test "dec: Decrypt secrets.yaml + http://" {
+    if ! is_driver_sops; then
+        skip
+    fi
+
+    FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
+
+    run helm secrets dec "${FILE}"
+    assert_success
+    assert_output "[helm-secrets] Decrypting ${FILE}"
+}
+
+@test "dec: Decrypt secrets.yaml + git://" {
+    if ! is_driver_sops || is_windows; then
+        skip
+    fi
+
+    helm_plugin_install "git"
+    FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
+
+    run helm secrets dec "${FILE}"
+    assert_success
+    assert_output "[helm-secrets] Decrypting ${FILE}"
+}
diff --git a/tests/unit/edit.bats b/tests/unit/edit.bats
index 46d2a9cb..a8184a13 100755
--- a/tests/unit/edit.bats
+++ b/tests/unit/edit.bats
@@ -18,28 +18,20 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "edit: File if not exits + no valid encryption config" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops || is_windows; then
         skip
     fi
 
-    if is_windows; then
-        skip "Skip on Windows"
-    fi
-
     run helm secrets edit nonexists
     assert_failure
     assert_output --partial 'config file not found and no keys provided through command line options'
 }
 
 @test "edit: File if not exits + valid encryption config" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops || is_windows; then
         skip
     fi
 
-    if is_windows; then
-        skip "Skip on Windows"
-    fi
-
     EDITOR="${TEST_DIR}/assets/mock-editor/editor.sh"
     export EDITOR
 
@@ -54,14 +46,10 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "edit: secrets.yaml" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops || is_windows; then
         skip
     fi
 
-    if is_windows; then
-        skip "Skip on Windows"
-    fi
-
     EDITOR="${TEST_DIR}/assets/mock-editor/editor.sh"
     export EDITOR
 
@@ -76,14 +64,10 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "edit: some-secrets.yaml" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops || is_windows; then
         skip
     fi
 
-    if is_windows; then
-        skip "Skip on Windows"
-    fi
-
     EDITOR="${TEST_DIR}/assets/mock-editor/editor.sh"
     export EDITOR
 
@@ -99,14 +83,10 @@ load '../bats/extensions/bats-file/load'
 
 
 @test "edit: secrets.yaml + special path" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops || is_windows; then
         skip
     fi
 
-    if is_windows; then
-        skip "Skip on Windows"
-    fi
-
     EDITOR="${TEST_DIR}/assets/mock-editor/editor.sh"
     export EDITOR
 
diff --git a/tests/unit/enc.bats b/tests/unit/enc.bats
index 9bfadadf..bea201dd 100755
--- a/tests/unit/enc.bats
+++ b/tests/unit/enc.bats
@@ -24,7 +24,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "enc: Encrypt secrets.yaml" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops; then
         skip
     fi
 
@@ -42,7 +42,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "enc: Encrypt some-secrets.yaml" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops; then
         skip
     fi
 
@@ -60,7 +60,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "enc: Encrypt secrets.yaml.dec" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops; then
         skip
     fi
 
@@ -80,7 +80,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "enc: Encrypt secrets.yaml + special char directory name" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops; then
         skip
     fi
 
@@ -102,7 +102,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "enc: Encrypt secrets.yaml with HELM_SECRETS_DEC_SUFFIX" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops; then
         skip
     fi
     FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.dec.yaml"
@@ -123,7 +123,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "enc: Encrypt secrets.tmp.yaml" {
-    if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if ! is_driver_sops; then
         skip
     fi
 
diff --git a/tests/unit/template.bats b/tests/unit/template.bats
index 5de68fbe..58e0973c 100755
--- a/tests/unit/template.bats
+++ b/tests/unit/template.bats
@@ -197,7 +197,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "template: helm template w/ chart + secrets.yaml + sops://" {
-    if is_windows || [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if is_windows || ! is_driver_sops; then
         skip
     fi
 
@@ -211,7 +211,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "template: helm template w/ chart + secrets.yaml + secret://" {
-    if is_windows || [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if is_windows || ! is_driver_sops; then
         skip
     fi
 
@@ -225,7 +225,7 @@ load '../bats/extensions/bats-file/load'
 }
 
 @test "template: helm template w/ chart + secrets.yaml + secrets://" {
-    if is_windows || [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then
+    if is_windows || ! is_driver_sops; then
         skip
     fi
 
@@ -237,3 +237,36 @@ load '../bats/extensions/bats-file/load'
     assert_success
     assert_output --partial "port: 81"
 }
+
+@test "template: helm template w/ chart + secrets.yaml + http://" {
+    if ! is_driver_sops; then
+        skip
+    fi
+
+    FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
+
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "port: 81"
+    assert_output --partial "[helm-secrets] Removed: "
+}
+
+@test "template: helm template w/ chart + secrets.yaml + git://" {
+    if ! is_driver_sops || is_windows; then
+        skip
+    fi
+
+    helm_plugin_install "git"
+    FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
+
+    create_chart "${TEST_TEMP_DIR}"
+
+    run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
+    assert_success
+    assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
+    assert_output --partial "port: 81"
+    assert_output --partial "[helm-secrets] Removed: "
+}