From c68db2879f63667df9e0b3e14f3905c77245eebe Mon Sep 17 00:00:00 2001
From: Edward Cheng <edward@cheng.sydney>
Date: Sun, 9 Jun 2024 18:22:27 +1000
Subject: [PATCH] add secrects for the cert-manager and add the sops creation
 rules

---
 kubernetes/.sops.yaml                |  4 ++++
 kubernetes/cert-manager-secrets.yaml | 28 ++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 kubernetes/.sops.yaml
 create mode 100644 kubernetes/cert-manager-secrets.yaml

diff --git a/kubernetes/.sops.yaml b/kubernetes/.sops.yaml
new file mode 100644
index 0000000..ecda816
--- /dev/null
+++ b/kubernetes/.sops.yaml
@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: .*.yaml
+    encrypted_regex: ^(data|stringData)$
+    age: 'age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz'
diff --git a/kubernetes/cert-manager-secrets.yaml b/kubernetes/cert-manager-secrets.yaml
new file mode 100644
index 0000000..f170460
--- /dev/null
+++ b/kubernetes/cert-manager-secrets.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cert-manager-secrets
+type: Opaque
+stringData:
+    email: ENC[AES256_GCM,data:iTZZP5apPwauZcur974jYQMt7w==,iv:e16R6T0oJyze4LgOKvX3OMujXOlEc2b2rfX6/6dU3mg=,tag:BdbrYm9Imcg57uyGfTdiRQ==,type:str]
+    cert-manager-dns01: ENC[AES256_GCM,data:q3XWT8q1KjDw4jRITkFNi+nTF8WpQQKidOzwRm+dA2gcrrt12ghh9A==,iv:+W9fVafKj8gYFhDIFqwvcCifl41cxsDVOmw1yasBJEc=,tag:O/VWJ8hxRR4SLM77ePxQkw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbU1qcitrWTQrMTRjSUMw
+            elJSdStlQ3YwNDBuNlAxWjVsbUlLOVNUUkFzCkhCTHFOdVMzQ1NrZGhvRjRDMFhL
+            aTM1K09aYlFlazBHN09uMWF5SHNxekkKLS0tIFRsSkxDWllJWWl0STROdW16MFd4
+            NmJoSXd3YmIrMzhZdjBJdGtYMDZWU28KGJ15IupnT8nCZeKA95Td3if68YTeQ+q5
+            ZK3XjR3FYW4B8T2W0eWXWSk8LHtt0+ubnv1xpS1zzGMyf8GMo00c8Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-09T08:11:58Z"
+    mac: ENC[AES256_GCM,data:rrK8jw+6xwT3cSyJ8MonoT83J1oPTjZ4WLfdAIYR7OyBVEUoEa43Wg+NVt+Y1a2fuaqIuQU+CMDYz6FmiBV3AIwm7KZXYzn3vLmxCyCWfEId/C9CrWRhWnIzNtqrIwr/fFqZOdKY0idaXzQ2mDl12jzTa3FQKZff3v51AN5u4VQ=,iv:zjFdfvYWe9CCctyTH1UPFCY8E+pfBVYXS+5B5yaTLGg=,tag:qHdxqW4SNSIwbGeJPLUzEg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1