test in app secret decrypt and import

secrets/env/k3s-cluster/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: app-secrets
+description: Applications
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "1.0"

secrets/env/k3s-cluster/config.json

@@ -0,0 +1,11 @@
+{
+  "appName": "app-secrets",
+  "userGivenName": "app-secrets",
+  "destNamespace": "argocd",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "secrets/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

secrets/env/k3s-cluster/templates/secrets.yaml

@@ -0,0 +1,10 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: app-secrets
+  namespace: argocd
+spec:
+  source:
+    helm:
+      valueFiles:
+        - secrets://secrets/postgresql.yaml

secrets/env/k3s-cluster/templates/secrets/postgresql.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgresql-secrets
+  namespace: flux-system
+type: Opaque
+stringData:
+  postgres_password: ENC[AES256_GCM,data:zue+FIUT+6iVqetulQIPegJKuJg=,iv:YEIaGAFPK73+qXZ3lx95kEbVCELSvMCwdeiryZXK+kQ=,tag:VHbpcCVTpHuMGR2Sh+5Zjg==,type:str]
+  username: ENC[AES256_GCM,data:OiDwHKxM,iv:rWmb9BV1qZ7I5bg/MZjSyHroz1esi4xNl6hrfEm/53o=,tag:vPcZAHDqCYk2JsFwgqwE7A==,type:str]
+  password: ENC[AES256_GCM,data:UjKHr0IGhiK7vlwg0URqpxUXONM=,iv:B5AYc4HCxcaImlYxKYNNeRcpznGXlkFqA0ybxf8duLY=,tag:mpLmMvTzahTp0iIiBtYGrw==,type:str]
+  database: ENC[AES256_GCM,data:TxW5MxlS6DY=,iv:bOoQvdNz7mul5ibqDjiJ/C1UoHS37OxjK/seXHn1UCc=,tag:O5OSrqSf0ziNGnxVZP6+Zg==,type:str]
+  replication_password: ENC[AES256_GCM,data:NbeXfZuVCbyeAdMA7l7mX6jJyTQ=,iv:P0l1LOr7GyVoE+lYchU0w1KUgoqEbxR6Fy5OYFhjW8E=,tag:3+uKwk3a71nQNIaCKVCV9Q==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqUlc3dUF6bnp2L0J5UXpx
+        NU5XWlZhdDhHWGJDVTljYUtxd2xWOUozSXdVCnN2UnZIRWt1d2xoWXpYYmI1Z2pC
+        ZE5MTy9LdTgza2VPUmYvSHplU2JiTEEKLS0tIGhTVjU3M3dDd3Jpb21aM2J0QmlF
+        ZHFxd3dFZTJxcG9QTFA5dFRZK1JicTgKRM29yMy9JVrXe/9LZ/XnsNyVXUEJ1qBS
+        0mhGIkv/zukXzmJ0VAJ+pAgJMcgcOYNPg9Mjhny3zYvdONGlcGj2HA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-06-18T03:05:29Z"
+  mac: ENC[AES256_GCM,data:hwEwWTOy164Cnu2xRkP4GiyJhgUuIvHwRb970OMYPLM2cYGN0DudIjkB2qbjtR8DSgaVT2h+sJrkWdgp4sjlROLeEbeZDMrZZ/RxNjeb364guJpmpAZts6DaYWCc9VukCpGnFTRzARoyEiYin8fw4KhfdwuzuOQq2fkQOued0mw=,iv:Os10YeN0KM1a676aUbuSDxmgc+FfqzP0FEJ5417okfw=,tag:2fJbvY9V9Ixm6Mn6JfOJEQ==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.8.1