WIP: Adding support for sops

2023-09-26 07:59:04 +02:00 · 2023-09-26 07:59:04 +02:00 · 38307db832
commit 38307db832
parent 1dc76233d5
5 changed files with 41 additions and 1 deletions
--- a/examples/one-config/.sops.yaml
+++ b/examples/one-config/.sops.yaml
@ -0,0 +1,5 @@
+creation_rules:
+  - path_regex: secrets/.*.yaml
+    key_groups:
+      - age:
+          - age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk
--- a/examples/one-config/giops.config.yaml
+++ b/examples/one-config/giops.config.yaml
@ -11,10 +11,18 @@ releases:
    version: latest
    values:
      - ./values/postgresql.yaml
+    secrets: 
+      - ./secrets/postgres.yaml

 clusters:
  - name: cluster-shoebill-test
    git: git@git.badhouseplants.net:allanger/shoebill-test.git
+    sops:
+      creation_rules:
+        - path_regex: secrets/.*.yaml
+          key_groups:
+          - age:
+            - age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk
    provider: flux
    releases:
      - postgresql-server
--- a/examples/one-config/keys.txt
+++ b/examples/one-config/keys.txt
@ -0,0 +1,3 @@
+# created: 2023-09-25T10:45:28+02:00
+# public key: age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk
+AGE-SECRET-KEY-1Y3FGYSHKWSSZ3G8DJ3QD7WKE5J0TTYDWSSD95EXL4A308ZWW0L9SN99ASP
--- a/examples/one-config/secrets/postgresql.yaml
+++ b/examples/one-config/secrets/postgresql.yaml
@ -0,0 +1,25 @@
+global:
+    postgresql:
+        auth:
+            username: ENC[AES256_GCM,data:YwCeuMc=,iv:lXkJy3+me2bqwVhhF/D7tw5OndOghvs26Ut358nfKBk=,tag:MiBPHicUgRMGO0jGlWGTyA==,type:str]
+            password: ENC[AES256_GCM,data:5QV6a1A=,iv:utR62wuLTzwihVwXXPw8DA2Ul7kfU1YgAKteRA+WKm0=,tag:EYuIa6TDmxaR0PSuaJBeBA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SUJpdUtYWjF3K1dzbGc3
+            Z2U0UDVpWmVkYXVvT1V3UWVDM2VTQ1hBU1RBCmFZMlI4ZWxWTTdCd05lVFVCN2hN
+            QkZKRmlFVStXT2kxSVlUNmU0VkZCUDQKLS0tIEQ2aXZ0ZDVXcGc4RE1WMmtOaTV3
+            TDloa0dHTFhyUWhid1V0aEFydmtQbU0Kwkw914se9cGEN4FKNphuJErdC1QlYqRQ
+            +CInCnoy8m0/MZNhehZ/JVReEys6KDNxJ7RhnoRfs7P7wfAgBg984A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-25T09:21:13Z"
+    mac: ENC[AES256_GCM,data:OVWn55iO7gdGkOFjErWvauQ7YVkiMWeCwxbgHNGZO+zR5o5DMPl0bEmAGarMYSSU6tBgWeZ77DR2LPl6No8bUjL1PUaERO9DrLIh221SGGi7LeCdYMS+Rgv6VpLHPbr21nxiL/nnzcnbCa5IRjwGb5y0/l+X6JMYWV32JWr6ATs=,iv:XRpOHI9GzgeCuDnvieEr62XqwWvhJ/MGgCN5y+BBjgc=,tag:t8gW2j/92ijhCwwYaYX3rw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.0
--- a/examples/one-config/values/postgresql.yaml
+++ b/examples/one-config/values/postgresql.yaml
@ -3,4 +3,3 @@ global:
  postgresql:
    auth:
      username: check
-      password: check