How to force to specify --set option on helm install|upgrade?

in my case, some required environment variables. (e.g. "database.password")

Files

.
|-- Chart.yaml
|-- templates
|   |-- NOTES.txt
|   |-- _helpers.tpl
|   |-- deployment.yaml
|   |-- ingress.yaml
|   |-- secret.yaml
|   `-- service.yaml
`-- values.yaml

values.yaml (snip)

#...
database:
  useExternal: no
  host: "pgsql"
  port: "5432"
  name: "myapp"
  userName: "myapp_user"
  # password shouldn't write here.
  # I want to be inject this value to secret.
  password: ""
#...

templates/secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: myapp-secrets
type: Opaque
data:
  app-database-password: {{required .Values.database.password | b64enc | quote }}

templates/deployment.yaml (snip)

#...
env:
  - name: APP_DATABASE_HOST
    value: {{ .Values.database.host | quote }}
  - name: APP_DATABASE_PORT
    value: {{ .Values.database.port | quote }}
  - name: APP_DATABASE_NAME
    value: {{ .Values.database.name | quote }}
  - name: APP_DATABASE_USERNAME
    value: {{ .Values.database.username | quote }}
  - name: APP_DATABASE_PASSWORD
    valueFrom:
      secretKeyRef:
        name: myapp-secrets
        key: app-database-password
#...

command

# Retrieve from GCP KMS(prod) or define directly(dev)
DATABASE_PASSWORD=$( ... )

# Deploy.
helm upgrade --install \
  -f ./values.yaml \
  --set database.password=$DATABASE_PASSWORD \
  myapp-dev ./ --dry-run --debug

It's failed with error.

Error: render error in "myapp/templates/secret.yaml": template: myapp/templates/secret.yaml:7:28: executing "myapp/templates/secret.yaml" at <required>: wrong number of args for required: want 2 got 1

It seems the required function is evaluate template file statically when parsing.

I need matters below:

• database.password is switchable by env such as "prod" or "stage".
• database.password should store to secret.
• I want to set the actual database.password value using env vars on command execution.

Any ideas?