diff --git a/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml b/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml index 91a6680..b8cddbc 100644 --- a/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml +++ b/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml @@ -1,39 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: cert-manager-secrets + name: cert-manager-secrets type: Opaque stringData: - email: ENC[AES256_GCM,data:4yYrxxURWxhSPzDr5JCXQ6aipg==,iv:lLJTPVCZkD+GYU9j5zcYwHOjILqSNO4MqB4wSzFwFA0=,tag:gAwdnDMcZTOVYZedXSzZww==,type:str] - cert-manager-dns01: ENC[AES256_GCM,data:8i+sGAKVXScv9qH9J37r6ahp+qIQlGS+JT3ki8al6MZCGkCIsKyrWg==,iv:z7odOx8pokcgSoE9PUt41KxRo+O+HukjSjKna/bVnRg=,tag:hBXit0BxbBYVnJ4f1NJpgA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2024-06-10T06:28:00Z" - mac: ENC[AES256_GCM,data:GGiFM5tkN3G+zbn0hmu3uLK9PYuWSW/SoDyqP18ci6K/BXeWBeWIgKbB1NSnwZuCAdze6vFtoEN9pvdcJaO5Jq6d+XF1Ky3Intcg7I+K0Chzrj9jrGNZ3D4tb8ZPffMXOemSqrYdU7hlcNZ8pCRi2LfIuAuDTRP5Sid050edIRs=,iv:sEkzsO0wqRRlfJMuOd8HJHXNTfJFrw1VZXRiIaEblNI=,tag:uSrBP0GQMOOZQXIhKUJZBQ==,type:str] - pgp: - - created_at: "2024-06-10T06:28:00Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAzYPaSpJSocKARAAg2VRKoT7Vrmm/3RoSkj68oWuTg8WQ4VHk1wzELG45b/o - mnmHwEN1AiqLQq/NxTN0/0SJTD5AJwdUS+Ps8Tet3I6UxcPdXEEP4MdSRwMzlWsP - VFT4WCAdth1nhHj41UhLDqIgKg8scoKD5TE3mt7W51wYpN20xo60UnkMUFKjtHTU - /gJe0VY3MXkhziExOq6Wx8ZlU+2XXEACaq6O4st6RIdeBJSxmsb+rkpcFfhbkley - V0tVx3KLVo4R1VC/V4vr/tP8dp503150Us18oXTiVU88dvttwz2Vc7dD5sifIoKh - yz5WsPMFhC63aXHNLC7x+QcNgb+uD9MDQCuEyxFSLBZ3ZHOMCnrfCCkdIxh4rmuz - OgJd4SHYiCTSzBa8OETw6v0ag0GG8GtJ6ApKNWEU4Y06iMCY2peDsUUmu9/QXiGf - Z/xv9Z+xwOXaDJUN6/4kl9FU9FSQ+P208aHT04i8A9Nw7OmbrMPzZf9gzRjfUldS - ++XSmTKDhe7/SHRET+wQj2nwbi3B+QQAZrKKHfn5d0hXm32LADsZ1u+UWLVMBWc4 - kXmjO2WnknOO7giPb95cGRF7LGepRn0I+Jl+l3d77M+RZ4xYPKtGkrIu+ipljHeS - ichpt/wvdP+cupyoE4A8OgxRwpoAv1jENRV8agueyY4J2MHMEW8YLmRX11b+lYLS - XgGrYNlK+BZNjOmQkTO8bjXt//uV7hc1kgqFspx5UWLRAleeylyw27+srQXHhwct - brMmGKDonTag8frdCAzs9roTykkYxHyoq4mBAakUYFReO9x3ia6UykLOO0dRSO8= - =WgIw - -----END PGP MESSAGE----- - fp: 6CEA91DDB1964869C94DCEC7AF6E3BB1B44F669B - encrypted_regex: ^(data|stringData)$ - version: 3.8.1 + email: test_email + cert-manager-dns01: test_token \ No newline at end of file diff --git a/kubernetes/apps/cert-manager/cert-manager.yaml b/kubernetes/apps/cert-manager/cert-manager.yaml index c4eff99..df9950f 100644 --- a/kubernetes/apps/cert-manager/cert-manager.yaml +++ b/kubernetes/apps/cert-manager/cert-manager.yaml @@ -11,10 +11,6 @@ spec: kind: GitRepository namespace: flux-system name: home-cluster-ops - decryption: - provider: sops - secretRef: - name: sops-gpg --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization diff --git a/scripts/encript-file-by-age.sh b/scripts/encript-file-by-age.sh new file mode 100644 index 0000000..5c6bf0d --- /dev/null +++ b/scripts/encript-file-by-age.sh @@ -0,0 +1,12 @@ +#!/usr/bin/bash +set -e + +filePath=$1 + +AGE_PUB_KEY"age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz" + +sops --age=$AGE_PUB_KEY --encrypt --encrypted-regex '^(data|stringData)$' --in-place $filePath +echo "File encrypted: $filePath." + +git add $filePath +git commit -am "Encrypt file $filePath by Age." \ No newline at end of file diff --git a/scripts/encript-file-by-gpg.sh b/scripts/encript-file-by-gpg.sh new file mode 100644 index 0000000..c46c49f --- /dev/null +++ b/scripts/encript-file-by-gpg.sh @@ -0,0 +1,10 @@ +#!/usr/bin/bash +set -e + +filePath=$1 + +sops --encrypt --in-place $filePath +echo "File encrypted: $filePath." + +git add $filePath +git commit -am "Encrypt file $filePath by GPG." \ No newline at end of file