K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test non encrypted secret

Browse Source
This commit is contained in:
Edward Cheng
2024-06-10 21:30:00 +10:00
parent 235142bb34
commit bc151ae5c6
4 changed files with 25 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml
View File

@@ -1,39 +1,8 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: cert-manager-secrets name: cert-manager-secrets
type: Opaque type: Opaque
stringData: stringData:
email: ENC[AES256_GCM,data:4yYrxxURWxhSPzDr5JCXQ6aipg==,iv:lLJTPVCZkD+GYU9j5zcYwHOjILqSNO4MqB4wSzFwFA0=,tag:gAwdnDMcZTOVYZedXSzZww==,type:str] email: test_email
cert-manager-dns01: ENC[AES256_GCM,data:8i+sGAKVXScv9qH9J37r6ahp+qIQlGS+JT3ki8al6MZCGkCIsKyrWg==,iv:z7odOx8pokcgSoE9PUt41KxRo+O+HukjSjKna/bVnRg=,tag:hBXit0BxbBYVnJ4f1NJpgA==,type:str] cert-manager-dns01: test_token
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-06-10T06:28:00Z"
mac: ENC[AES256_GCM,data:GGiFM5tkN3G+zbn0hmu3uLK9PYuWSW/SoDyqP18ci6K/BXeWBeWIgKbB1NSnwZuCAdze6vFtoEN9pvdcJaO5Jq6d+XF1Ky3Intcg7I+K0Chzrj9jrGNZ3D4tb8ZPffMXOemSqrYdU7hlcNZ8pCRi2LfIuAuDTRP5Sid050edIRs=,iv:sEkzsO0wqRRlfJMuOd8HJHXNTfJFrw1VZXRiIaEblNI=,tag:uSrBP0GQMOOZQXIhKUJZBQ==,type:str]
pgp:
- created_at: "2024-06-10T06:28:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzYPaSpJSocKARAAg2VRKoT7Vrmm/3RoSkj68oWuTg8WQ4VHk1wzELG45b/o
mnmHwEN1AiqLQq/NxTN0/0SJTD5AJwdUS+Ps8Tet3I6UxcPdXEEP4MdSRwMzlWsP
VFT4WCAdth1nhHj41UhLDqIgKg8scoKD5TE3mt7W51wYpN20xo60UnkMUFKjtHTU
/gJe0VY3MXkhziExOq6Wx8ZlU+2XXEACaq6O4st6RIdeBJSxmsb+rkpcFfhbkley
V0tVx3KLVo4R1VC/V4vr/tP8dp503150Us18oXTiVU88dvttwz2Vc7dD5sifIoKh
yz5WsPMFhC63aXHNLC7x+QcNgb+uD9MDQCuEyxFSLBZ3ZHOMCnrfCCkdIxh4rmuz
OgJd4SHYiCTSzBa8OETw6v0ag0GG8GtJ6ApKNWEU4Y06iMCY2peDsUUmu9/QXiGf
Z/xv9Z+xwOXaDJUN6/4kl9FU9FSQ+P208aHT04i8A9Nw7OmbrMPzZf9gzRjfUldS
++XSmTKDhe7/SHRET+wQj2nwbi3B+QQAZrKKHfn5d0hXm32LADsZ1u+UWLVMBWc4
kXmjO2WnknOO7giPb95cGRF7LGepRn0I+Jl+l3d77M+RZ4xYPKtGkrIu+ipljHeS
ichpt/wvdP+cupyoE4A8OgxRwpoAv1jENRV8agueyY4J2MHMEW8YLmRX11b+lYLS
XgGrYNlK+BZNjOmQkTO8bjXt//uV7hc1kgqFspx5UWLRAleeylyw27+srQXHhwct
brMmGKDonTag8frdCAzs9roTykkYxHyoq4mBAakUYFReO9x3ia6UykLOO0dRSO8=
=WgIw
-----END PGP MESSAGE-----
fp: 6CEA91DDB1964869C94DCEC7AF6E3BB1B44F669B
encrypted_regex: ^(data|stringData)$
version: 3.8.1

4
kubernetes/apps/cert-manager/cert-manager.yaml
View File

@@ -11,10 +11,6 @@ spec:
kind: GitRepository kind: GitRepository
namespace: flux-system namespace: flux-system
name: home-cluster-ops name: home-cluster-ops
decryption:
provider: sops
secretRef:
name: sops-gpg
--- ---
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization

12
scripts/encript-file-by-age.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/bash
set -e
filePath=$1
AGE_PUB_KEY"age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz"
sops --age=$AGE_PUB_KEY --encrypt --encrypted-regex '^(data|stringData)$' --in-place $filePath
echo "File encrypted: $filePath."
git add $filePath
git commit -am "Encrypt file $filePath by Age."

10
scripts/encript-file-by-gpg.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/bash
set -e
filePath=$1
sops --encrypt --in-place $filePath
echo "File encrypted: $filePath."
git add $filePath
git commit -am "Encrypt file $filePath by GPG."