add age encryption related scripts

2024-07-15 09:45:02 +10:00
parent 5a803b92bd
commit fe75874c7f
4 changed files with 3663 additions and 0 deletions
--- a/scripts/3.install-sops.sh
+++ b/scripts/3.install-sops.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.arm64 &&
+sudo mv sops-v3.8.1.linux.arm64 /usr/local/bin/sops &&
+chmod +x /usr/local/bin/sops
+sudo apt install age -y
--- a/scripts/4.add-age-key.sh
+++ b/scripts/4.add-age-key.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+cat /mnt/nfs/agekey/age.agekey |
+kubectl create secret generic sops-age \
+--namespace=argocd \
+--from-file=age.agekey=/dev/stdin
--- a/scripts/argocd-values-orig.yaml
+++ b/scripts/argocd-values-orig.yaml
--- a/scripts/encript-file-by-age.sh
+++ b/scripts/encript-file-by-age.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+set -e
+
+filePath=$1
+
+AGE_PUB_KEY="age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz"
+
+sops --age=$AGE_PUB_KEY --encrypt --encrypted-regex '^(data|stringData)$' --in-place $filePath
+echo "File encrypted: $filePath."
+
+git add $filePath
+git commit -am "Encrypt file $filePath by Age."