From 38307db832b5fd63311d7c97ae63f07674873623 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Sep 2023 07:59:04 +0200 Subject: [PATCH] WIP: Adding support for sops --- examples/one-config/.sops.yaml | 5 +++++ examples/one-config/giops.config.yaml | 8 +++++++ examples/one-config/keys.txt | 3 +++ examples/one-config/secrets/postgresql.yaml | 25 +++++++++++++++++++++ examples/one-config/values/postgresql.yaml | 1 - 5 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 examples/one-config/.sops.yaml create mode 100644 examples/one-config/keys.txt create mode 100644 examples/one-config/secrets/postgresql.yaml diff --git a/examples/one-config/.sops.yaml b/examples/one-config/.sops.yaml new file mode 100644 index 0000000..613e3a4 --- /dev/null +++ b/examples/one-config/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: secrets/.*.yaml + key_groups: + - age: + - age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk diff --git a/examples/one-config/giops.config.yaml b/examples/one-config/giops.config.yaml index a083bed..5dff16c 100644 --- a/examples/one-config/giops.config.yaml +++ b/examples/one-config/giops.config.yaml @@ -11,10 +11,18 @@ releases: version: latest values: - ./values/postgresql.yaml + secrets: + - ./secrets/postgres.yaml clusters: - name: cluster-shoebill-test git: git@git.badhouseplants.net:allanger/shoebill-test.git + sops: + creation_rules: + - path_regex: secrets/.*.yaml + key_groups: + - age: + - age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk provider: flux releases: - postgresql-server diff --git a/examples/one-config/keys.txt b/examples/one-config/keys.txt new file mode 100644 index 0000000..bd734b9 --- /dev/null +++ b/examples/one-config/keys.txt @@ -0,0 +1,3 @@ +# created: 2023-09-25T10:45:28+02:00 +# public key: age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk +AGE-SECRET-KEY-1Y3FGYSHKWSSZ3G8DJ3QD7WKE5J0TTYDWSSD95EXL4A308ZWW0L9SN99ASP diff --git a/examples/one-config/secrets/postgresql.yaml b/examples/one-config/secrets/postgresql.yaml new file mode 100644 index 0000000..5c2177f --- /dev/null +++ b/examples/one-config/secrets/postgresql.yaml @@ -0,0 +1,25 @@ +global: + postgresql: + auth: + username: ENC[AES256_GCM,data:YwCeuMc=,iv:lXkJy3+me2bqwVhhF/D7tw5OndOghvs26Ut358nfKBk=,tag:MiBPHicUgRMGO0jGlWGTyA==,type:str] + password: ENC[AES256_GCM,data:5QV6a1A=,iv:utR62wuLTzwihVwXXPw8DA2Ul7kfU1YgAKteRA+WKm0=,tag:EYuIa6TDmxaR0PSuaJBeBA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16svfskd8x75g62f5uwpmgqzth52rr3wgv9m6rxchqv6v6kzmzf0qvhr2pk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SUJpdUtYWjF3K1dzbGc3 + Z2U0UDVpWmVkYXVvT1V3UWVDM2VTQ1hBU1RBCmFZMlI4ZWxWTTdCd05lVFVCN2hN + QkZKRmlFVStXT2kxSVlUNmU0VkZCUDQKLS0tIEQ2aXZ0ZDVXcGc4RE1WMmtOaTV3 + TDloa0dHTFhyUWhid1V0aEFydmtQbU0Kwkw914se9cGEN4FKNphuJErdC1QlYqRQ + +CInCnoy8m0/MZNhehZ/JVReEys6KDNxJ7RhnoRfs7P7wfAgBg984A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-25T09:21:13Z" + mac: ENC[AES256_GCM,data:OVWn55iO7gdGkOFjErWvauQ7YVkiMWeCwxbgHNGZO+zR5o5DMPl0bEmAGarMYSSU6tBgWeZ77DR2LPl6No8bUjL1PUaERO9DrLIh221SGGi7LeCdYMS+Rgv6VpLHPbr21nxiL/nnzcnbCa5IRjwGb5y0/l+X6JMYWV32JWr6ATs=,iv:XRpOHI9GzgeCuDnvieEr62XqwWvhJ/MGgCN5y+BBjgc=,tag:t8gW2j/92ijhCwwYaYX3rw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/examples/one-config/values/postgresql.yaml b/examples/one-config/values/postgresql.yaml index 5822b22..a441540 100644 --- a/examples/one-config/values/postgresql.yaml +++ b/examples/one-config/values/postgresql.yaml @@ -3,4 +3,3 @@ global: postgresql: auth: username: check - password: check