test non encrypted secret

2024-06-10 21:30:00 +10:00
parent 235142bb34
commit bc151ae5c6
4 changed files with 25 additions and 38 deletions
--- a/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml
+++ b/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml
@@ -1,39 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-    name: cert-manager-secrets
+  name: cert-manager-secrets
 type: Opaque
 stringData:
-    email: ENC[AES256_GCM,data:4yYrxxURWxhSPzDr5JCXQ6aipg==,iv:lLJTPVCZkD+GYU9j5zcYwHOjILqSNO4MqB4wSzFwFA0=,tag:gAwdnDMcZTOVYZedXSzZww==,type:str]
-    cert-manager-dns01: ENC[AES256_GCM,data:8i+sGAKVXScv9qH9J37r6ahp+qIQlGS+JT3ki8al6MZCGkCIsKyrWg==,iv:z7odOx8pokcgSoE9PUt41KxRo+O+HukjSjKna/bVnRg=,tag:hBXit0BxbBYVnJ4f1NJpgA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age: []
-    lastmodified: "2024-06-10T06:28:00Z"
-    mac: ENC[AES256_GCM,data:GGiFM5tkN3G+zbn0hmu3uLK9PYuWSW/SoDyqP18ci6K/BXeWBeWIgKbB1NSnwZuCAdze6vFtoEN9pvdcJaO5Jq6d+XF1Ky3Intcg7I+K0Chzrj9jrGNZ3D4tb8ZPffMXOemSqrYdU7hlcNZ8pCRi2LfIuAuDTRP5Sid050edIRs=,iv:sEkzsO0wqRRlfJMuOd8HJHXNTfJFrw1VZXRiIaEblNI=,tag:uSrBP0GQMOOZQXIhKUJZBQ==,type:str]
-    pgp:
-        - created_at: "2024-06-10T06:28:00Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzYPaSpJSocKARAAg2VRKoT7Vrmm/3RoSkj68oWuTg8WQ4VHk1wzELG45b/o
-            mnmHwEN1AiqLQq/NxTN0/0SJTD5AJwdUS+Ps8Tet3I6UxcPdXEEP4MdSRwMzlWsP
-            VFT4WCAdth1nhHj41UhLDqIgKg8scoKD5TE3mt7W51wYpN20xo60UnkMUFKjtHTU
-            /gJe0VY3MXkhziExOq6Wx8ZlU+2XXEACaq6O4st6RIdeBJSxmsb+rkpcFfhbkley
-            V0tVx3KLVo4R1VC/V4vr/tP8dp503150Us18oXTiVU88dvttwz2Vc7dD5sifIoKh
-            yz5WsPMFhC63aXHNLC7x+QcNgb+uD9MDQCuEyxFSLBZ3ZHOMCnrfCCkdIxh4rmuz
-            OgJd4SHYiCTSzBa8OETw6v0ag0GG8GtJ6ApKNWEU4Y06iMCY2peDsUUmu9/QXiGf
-            Z/xv9Z+xwOXaDJUN6/4kl9FU9FSQ+P208aHT04i8A9Nw7OmbrMPzZf9gzRjfUldS
-            ++XSmTKDhe7/SHRET+wQj2nwbi3B+QQAZrKKHfn5d0hXm32LADsZ1u+UWLVMBWc4
-            kXmjO2WnknOO7giPb95cGRF7LGepRn0I+Jl+l3d77M+RZ4xYPKtGkrIu+ipljHeS
-            ichpt/wvdP+cupyoE4A8OgxRwpoAv1jENRV8agueyY4J2MHMEW8YLmRX11b+lYLS
-            XgGrYNlK+BZNjOmQkTO8bjXt//uV7hc1kgqFspx5UWLRAleeylyw27+srQXHhwct
-            brMmGKDonTag8frdCAzs9roTykkYxHyoq4mBAakUYFReO9x3ia6UykLOO0dRSO8=
-            =WgIw
-            -----END PGP MESSAGE-----
-          fp: 6CEA91DDB1964869C94DCEC7AF6E3BB1B44F669B
-    encrypted_regex: ^(data|stringData)$
-    version: 3.8.1
+  email: test_email
+  cert-manager-dns01: test_token
--- a/kubernetes/apps/cert-manager/cert-manager.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager.yaml
@@ -11,10 +11,6 @@ spec:
    kind: GitRepository
    namespace: flux-system
    name: home-cluster-ops
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-gpg
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
--- a/scripts/encript-file-by-age.sh
+++ b/scripts/encript-file-by-age.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+set -e
+
+filePath=$1
+
+AGE_PUB_KEY"age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz"
+
+sops --age=$AGE_PUB_KEY --encrypt --encrypted-regex '^(data|stringData)$' --in-place $filePath
+echo "File encrypted: $filePath."
+
+git add $filePath
+git commit -am "Encrypt file $filePath by Age."
--- a/scripts/encript-file-by-gpg.sh
+++ b/scripts/encript-file-by-gpg.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/bash
+set -e
+
+filePath=$1
+
+sops --encrypt --in-place $filePath
+echo "File encrypted: $filePath."
+
+git add $filePath
+git commit -am "Encrypt file $filePath by GPG."