From 2c716791324df34f71379d07ddcf2c8a474f226f Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Thu, 20 Jun 2024 16:56:47 +1000 Subject: [PATCH] Encrypt file certificates/certificate-secrets.yaml by Age. --- .../adguard-home-certificate-secrets.yaml | 30 ------------------- certificates/certificate-secrets.yaml | 30 +++++++++++++++++++ 2 files changed, 30 insertions(+), 30 deletions(-) delete mode 100644 certificates/adguard-home-certificate-secrets.yaml create mode 100644 certificates/certificate-secrets.yaml diff --git a/certificates/adguard-home-certificate-secrets.yaml b/certificates/adguard-home-certificate-secrets.yaml deleted file mode 100644 index b701655..0000000 --- a/certificates/adguard-home-certificate-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: adguard-home-certificate-secrets - namespace: flux-system -type: Opaque -stringData: - email: ENC[AES256_GCM,data:+nWYOMh2SBdIShoGm52tC0aMvg==,iv:5phdbjuwIckyqk8MRgLWiypB2gpPi9VuLE5i83n7/n8=,tag:DxDdwugsgaEXpJA47IVHEw==,type:str] - dns_name: ENC[AES256_GCM,data:o44HZCXtPaVlLtUbMQLSsWhEm+x6,iv:yOYYhI97wFSzFhqRXvjxLtLY4vbKtoCaRgM485GKf9Y=,tag:Hk3IoDiPeOmgj4YbLm1MrQ==,type:str] - tls_keystore_password: ENC[AES256_GCM,data:QeXtY07/TPEBX01NMdgaX5g+7+c=,iv:mUpP3brZQOM5+7nDSfD087PsEv/1vMVdBLkGv9CuZyc=,tag:TWdQWWhsARrule1/IwVGrw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RkJ4bXdVbytJeVBxRitu - b3ZFVG9qVEI0QTdvK3V6THFNNzhlYlczQVd3Cm1PdVpRTXdUTlBxVDNVeC9Nc0V5 - TFQ0OUpzYVJ2SFVXejRSL0NNNlZLMTQKLS0tIFVHUzlEUzh4SzZkM1hqOTFNYkxL - ZWF5NWM0d2hzeW80MU1tVW9lTFprN00KjaCTJ/k6ID7GA67VgagzF3o9O5pxpU3S - cdh5Buj5Jbjaj4sxpuQk0kvtDXoptLVwCKyuToYZioq1VlRPCaiiaA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-20T06:51:08Z" - mac: ENC[AES256_GCM,data:u0OvAOFkrWE70c08yzBnLRH6S/P1E9WvGWOIWjjgsAmhSJ4NEQbK0vqILiWxgJTf4h83X1vSqoHLR3+9lpSEorO9lefQWt8bgkpol0gsrggI0xaWmUIBNj2JOBazs5diBLBOYg4qD/mvBaDSJCA3Oy+F172lWnVTUdOnLkhmjU4=,iv:HyH3KKStXPv2avQGotZ3jIzbYCWPJy7zJubegJb+Y+Y=,tag:bO9nkRs//K4hh4UEsukRpA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.8.1 diff --git a/certificates/certificate-secrets.yaml b/certificates/certificate-secrets.yaml new file mode 100644 index 0000000..11dda5a --- /dev/null +++ b/certificates/certificate-secrets.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Secret +metadata: + name: certificate-secrets + namespace: flux-system +type: Opaque +stringData: + adguard_home_certificate_email: ENC[AES256_GCM,data:fv730eyP0toXVFfQRRiFdo6tVw==,iv:bayGrYbA2+HTK3tOE4J66adzmE4JwaALxWV8Gv8ET7o=,tag:0Gc4CwrW8bZIKzvX5lgAbg==,type:str] + adguard_home_certificate_dns_name: ENC[AES256_GCM,data:HXnMKVnuJuzRRbo44+K1tBUDVpMIMesmvP8U31hBy9wY2g==,iv:DNs5jp7yyDYKyE5WPQuYbQxT3Ek2FvsHWzRI37XLpi0=,tag:NoDtRzMnpsYyT6CgB+R8nw==,type:str] + adguard_home_certificate_tls_keystore_password: ENC[AES256_GCM,data:z1TSy5lrlbcUmYkDA8wIOVlBqB8=,iv:Cm+Pv7FZQOU/lUhBV8fzTCpMYGHOgZzcWvW7L66AlMI=,tag:iekdxH7SxjMeAZGFl89q7A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZXdKS2RnaS9qcW5jSmFC + QXJzTXBJbWJtMHlGMzVIeGtnUWladWFES3dZCk1mQ0VYelRuQlNRaXN4ZVFFMHFN + cHREblJPZWMzeEFaeUsrWTZFOEVYcVkKLS0tIGN2ZkhlcHoxdkZ4MTZyL3dNVlVJ + VG9obW5pTUxkcms2RDc3SnpuSHNJUVUKRUtGMbWPqdf5PUhYkiTMYv2L/QBu4ePJ + TmY/CU1/7EOCDgca8T/P1XzDLnaIgDHjIhB4a0zvTqnV9eX1jFcP/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-20T06:56:47Z" + mac: ENC[AES256_GCM,data:HLSmm+vsp9VPmbET7hsx3YZG8A0steZTGLYP16/NU+BWm+m/mU/3t/2+ZXGMUtwwsCZdLTyNfVUQGLdgvvro+PxYalZ3HfCdAdegimLK7K2feh5AtxpyknXN6y5JJvoKGKAXw+8c7sMl7NKC4Z5e9C23viFF8w9YTQTq8y2mphg=,iv:Ck3HhxLoL2N9E59KPiq8z1gKy8JOyMaLz2KMLk0Esis=,tag:BicesGBePWDI+lsPfkfCkg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1