Keycloak install with helm on GKE with Cloud SQL (external) database

I'm trying to install keycloak on GKE cluster in GCP with external database, i.e. CloudSQL postrges db. I want to use helm to install it, so:

helm repo add bitnami https://charts.bitnami.com/bitnami

I've downloaded Values.yml file from bitnami repo, and I've updated "externalDatabase.externalSecret" section of this file, since I don't want to enter credentials in plain text. Instead I've created Kubernetes Secret:

$ kubectl get secret keycloak-db-secret -o yaml
apiVersion: v1
data:
  POSTGRES_DATABASE: <value>
  POSTGRES_EXTERNAL_ADDRESS: <value>
  POSTGRES_EXTERNAL_PORT: <value>
  POSTGRES_PASSWORD: <value>
  POSTGRES_USERNAME: <value>
kind: Secret
metadata:
...

And modifications in Values.yml are (the rest of the file is not changed):

postgresql:
  enabled: false
externalDatabase:
  existingSecret:
    name: keycloak-db-secret
    keyMapping:
      host: POSTGRES_EXTERNAL_ADDRESS
      port: POSTGRES_EXTERNAL_PORT
      user: POSTGRES_USERNAME
      password: POSTGRES_PASSWORD
      database: POSTGRES_DATABASE

When I run

helm install --debug my-keycloak bitnami/keycloak -f Values.yml

I get an error message

install.go:173: [debug] Original chart version: ""
install.go:190: [debug] CHART PATH: /home/michal/.cache/helm/repository/keycloak-5.0.7.tgz

coalesce.go:203: warning: destination for existingSecret is a table. Ignoring non-table value
coalesce.go:203: warning: destination for existingSecret is a table. Ignoring non-table value
Error: YAML parse error on keycloak/templates/statefulset.yaml: error converting YAML to JSON: yaml: line 88: mapping values are not allowed in this context
helm.go:81: [debug] error converting YAML to JSON: yaml: line 88: mapping values are not allowed in this context
YAML parse error on keycloak/templates/statefulset.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
        /home/circleci/helm.sh/helm/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
        /home/circleci/helm.sh/helm/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
        /home/circleci/helm.sh/helm/pkg/action/action.go:165
helm.sh/helm/v3/pkg/action.(*Install).Run
        /home/circleci/helm.sh/helm/pkg/action/install.go:240
main.runInstall
        /home/circleci/helm.sh/helm/cmd/helm/install.go:242
main.newInstallCmd.func2
        /home/circleci/helm.sh/helm/cmd/helm/install.go:120
github.com/spf13/cobra.(*Command).execute
        /go/pkg/mod/github.com/spf13/[email protected]/command.go:850
github.com/spf13/cobra.(*Command).ExecuteC
        /go/pkg/mod/github.com/spf13/[email protected]/command.go:958
github.com/spf13/cobra.(*Command).Execute
        /go/pkg/mod/github.com/spf13/[email protected]/command.go:895
main.main
        /home/circleci/helm.sh/helm/cmd/helm/helm.go:80
runtime.main
        /usr/local/go/src/runtime/proc.go:204
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1374

I've checked the templates/statefulset.yaml but couldn't find anything which could be a problem (I'm the helm beginner). The line 88 refers to generated yaml file and not the template file which makes the bug hunting harder.

What am I missing in my configuration? How can I debug it further? please help

PS. The documentation for connecting Keycloak to external database is here :( https://docs.bitnami.com/kubernetes/apps/keycloak/configuration/use-external-database/

The externalDatabase.existingSecret key just expects a secret name.
The relevant line is here.

e.g.

postgresql:
  enabled: false
externalDatabase:
  existingSecret: keycloak-db-secret
  host: pg.ns.svc.cluster.local
  port: 5432
  user: pg_username
  database: db_name

NOTE: The secret must have a key of "password", to use a fully customized version populate either auth.existingSecret or auth.existingSecretPerPassword