Helm - Is kong.conf ignored?

I’m using Helm to deploy Kong to a Kubernetes cluster. Due to my organisation’s security constraints, I’m not allowed to use Kubernetes Secrets to store sensitive values, such as pg_password. Thus, I cannot do this in Helm values.yaml:

env:
  # ...
  pg_password:
    valueFrom:
      secretKeyRef:
        name: db-creds
        key: db-password

What I’d like to do instead, is to have an initContainer that would read sensitive values from an external storage, write them to kong.conf and mount it to /etc/kong/kong.conf for the main Kong container to use.

For proof-of-concept purposes, I’ve started off by creating a ConfigMap with kong.conf:

pg_password = "password"

and mounting it to Kong container via Helm values:

deployment:
  # ...
  userDefinedVolumes:
  - name: kong-conf
    configMap:
      name: kong-conf
  userDefinedVolumeMounts:
  - name: kong-conf
    mountPath: /etc/kong/kong.conf
    subPath: kong.conf

This does not have any effect for me though, as if kong.conf was ignored when Kong is deployed via Helm (I’m getting “failed authentication” logs). I’ve exec-ed into the container and verified the file is mounted correctly.

Is that actually the case? Is there any way to make kong.conf work in conjunction with environment variables set in values.yaml? Any ideas what I could be missing here?

P.S. I’m aware of the Secrets Management Beta feature, but it doesn’t support Google Secret Manager which I have to use (and it’s beta anyway).