From 73b5816834101862b85e39c777c6dfdd7472fb9a Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 10 Jun 2024 11:19:07 +1000 Subject: [PATCH 1/2] update encryption of the secret --- .../app/cert-manager-secrets.yaml | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/kubernetes/rpi5-cluster/apps/cert-manager/app/cert-manager-secrets.yaml b/kubernetes/rpi5-cluster/apps/cert-manager/app/cert-manager-secrets.yaml index f170460..0da5522 100644 --- a/kubernetes/rpi5-cluster/apps/cert-manager/app/cert-manager-secrets.yaml +++ b/kubernetes/rpi5-cluster/apps/cert-manager/app/cert-manager-secrets.yaml @@ -1,28 +1,29 @@ apiVersion: v1 kind: Secret metadata: - name: cert-manager-secrets + name: cert-manager-secrets type: Opaque stringData: - email: ENC[AES256_GCM,data:iTZZP5apPwauZcur974jYQMt7w==,iv:e16R6T0oJyze4LgOKvX3OMujXOlEc2b2rfX6/6dU3mg=,tag:BdbrYm9Imcg57uyGfTdiRQ==,type:str] - cert-manager-dns01: ENC[AES256_GCM,data:q3XWT8q1KjDw4jRITkFNi+nTF8WpQQKidOzwRm+dA2gcrrt12ghh9A==,iv:+W9fVafKj8gYFhDIFqwvcCifl41cxsDVOmw1yasBJEc=,tag:O/VWJ8hxRR4SLM77ePxQkw==,type:str] + email: ENC[AES256_GCM,data:CWBTa/CLV0zm+iXsgHCPD5Z3SQ==,iv:fAEIbyjQGlMo6WMzjnTZwIHC4uF/SNKbVV8ipbrKW3U=,tag:y+zkPUEJ0gE2efcxz4ok4g==,type:str] + cert-manager-dns01: ENC[AES256_GCM,data:dAWpnTqAFr2WHd83zx+fgij0/phBKsTtQ5sVXGTnG8NX+hhtWNZjRA==,iv:dUnEzF/p2hPlzAkythNpnwFiigWDgFtikopbw4VZec4=,tag:ZdVu+zMbFC24QXylJcOFIg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbU1qcitrWTQrMTRjSUMw - elJSdStlQ3YwNDBuNlAxWjVsbUlLOVNUUkFzCkhCTHFOdVMzQ1NrZGhvRjRDMFhL - aTM1K09aYlFlazBHN09uMWF5SHNxekkKLS0tIFRsSkxDWllJWWl0STROdW16MFd4 - NmJoSXd3YmIrMzhZdjBJdGtYMDZWU28KGJ15IupnT8nCZeKA95Td3if68YTeQ+q5 - ZK3XjR3FYW4B8T2W0eWXWSk8LHtt0+ubnv1xpS1zzGMyf8GMo00c8Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-09T08:11:58Z" - mac: ENC[AES256_GCM,data:rrK8jw+6xwT3cSyJ8MonoT83J1oPTjZ4WLfdAIYR7OyBVEUoEa43Wg+NVt+Y1a2fuaqIuQU+CMDYz6FmiBV3AIwm7KZXYzn3vLmxCyCWfEId/C9CrWRhWnIzNtqrIwr/fFqZOdKY0idaXzQ2mDl12jzTa3FQKZff3v51AN5u4VQ=,iv:zjFdfvYWe9CCctyTH1UPFCY8E+pfBVYXS+5B5yaTLGg=,tag:qHdxqW4SNSIwbGeJPLUzEg==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.8.1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTFNzTWpPMDFPVTM5SkRR + d2dZWHNrKzFXa29KSW10MTVyaVJENDFHL3dVClFBWUJMVUVlWlp4c0FRMysvRGFW + Z2c5RFlPOXJpaFN4ekE2OTQrK0FWS0UKLS0tIHlESTRCOG1OOVE1V3Qvdm83OExM + MEg1WjQ3VVptNEdSWGV6L25yRjBIQ2sKrCPW35t09nMGXAoWuc2WFdsZGgCT8qQW + at1j2zrZ0MCD834Fy+mLFYoVmWJMm1fmdmK+upos3lS+BfjT2mEV1A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-10T01:17:17Z" + mac: ENC[AES256_GCM,data:njuB3Vjnww581iyVBJEqY5sovvB/pui0IJSPqkkUuSNfQ7FJzYI4PnLTfIUNGFqsxW7VrSP53PZVW0+Yb6ww5FWt7c8TCc7Fi1sogwBNkOozjsWnIJidGTL3EzK9P189SKvnao4goKVNocLGjAtr/ISwzrJxQL2kDXOXca8IIXE=,iv:NXgPVs4OQp9p/PRQA28> + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 + From b0e0876e7a0f604866371e1d5067bf6816188929 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 10 Jun 2024 11:20:29 +1000 Subject: [PATCH 2/2] update encryption of the secret --- .sops.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index 7ef7fab..132ff53 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,4 +1,4 @@ creation_rules: - - path_regex: .*.ya?ml + - path_regex: \.ya?ml$ encrypted_regex: ^(data|stringData)$ age: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz