Add secret files

dnum-mi · Sep 21, 2023 · c42041e · c42041e
1 parent 48c4d64
commit c42041e
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,7 +11,7 @@ logs/
 temp/
 *openrc.sh
 .terraform*
-.secrets
+*.secrets*
 version.txt
 *.crt
 *.pem
diff --git a/infra/kube/helm/templates/preprod.sops.enc.yaml b/infra/kube/helm/templates/preprod.sops.enc.yaml
@@ -0,0 +1,33 @@
+apiVersion: isindir.github.com/v1alpha3
+kind: SopsSecret
+metadata:
+    name: mysecret-sops
+spec:
+    secretTemplates:
+        - name: ENC[AES256_GCM,data:QDKKdWH0omcJNyfMmfm32RtGOj0fZA==,iv:3wBqAxzgVM1Fre3S1K2ZwsrC5Q61o0WI0yFTmfeC4po=,tag:B04LsiuX3aSZ2kcQVw2OdA==,type:str]
+          stringData:
+            API_OVH_TOKEN: ENC[AES256_GCM,data:dweXYXxjtnlvJyE33bY6MOxLjXcmsCYHcYcki99dRS4t8HQ75N8HsytXVi1U/k6VFLhsCg==,iv:XaOgqMj9z3IzaexbC0Auv6UyMtdi9PO2krHpHYQT8Xg=,tag:PrmReCSXkzigBbE/GREnLQ==,type:str]
+            OS_PASSWORD: ENC[AES256_GCM,data:p8BR8qdwjVUb29p2Hkk/jN3Bq3hsrcPuNmDeK5roe9w=,iv:EZn4UwuE8Q+SLxV9AoBaIpxq9ss/nP0wjQdkkFNnWVM=,tag:Kqy6QQkT+5AjY6hAvQrfVQ==,type:str]
+            OS_PROJECT_NAME: ENC[AES256_GCM,data:NkBf22Oe4NgLb26mAosrxQ==,iv:yqV8ko8NNfKVMM1uIgoalAwRqjfbYWCLifDxqiKJISE=,tag:i9uNNu2HzKQV+XCW6n9gcw==,type:int]
+            OS_USERNAME: ENC[AES256_GCM,data:PaHeycEUCYxQAdujJ5AwePs=,iv:9e/B1bJwmZCEw3vNbxvDf/j/f2yAxZspNk6iwY72XLI=,tag:3ZouzW87YCV1QzXDSTMp8Q==,type:str]
+            X_OVH_TOKEN: ENC[AES256_GCM,data:ys1cpsrjT+Epazd5GQfoNwXJQKmFrjwQuWXVs+q+gCGjFXJp,iv:56AQh3TXIud7gXnNrq59L/EZpjixBVQjZlwwwtTlACc=,tag:xhkqFJirnuAEf65F6g1gIw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1g867s7tcftkgkdraz3ezs8xk5c39x6l4thhekhp9s63qxz0m7cgs5kan9a
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVEZtRE5RYUxvdC9rOE1q
+            WERNdEs2VUlsQTZDMm9ScXZQM0hHRmtXdFFVClpVWHk5a0Y1UHNKd0VHUzBrRzI2
+            VEdXUHBLcE1tL05OUCtOd2xIM25FancKLS0tIFk0M1h5ei8rR2FtZlp2NkhVMDM5
+            R1QyRFdTNDZYWXFtcmV5MUpwR0Z5a2cKSAj0ISAZv1QBcydEXu/x+gopkYCuKfVP
+            s4X8GX8gLTlp30rHgx0V8pSHSH5oAljd8lWQo44+rTJMwk9Pnv8kkg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-21T16:01:34Z"
+    mac: ENC[AES256_GCM,data:FX8WJHxudKLomghSfCeI5SNMEAKjMJpDLXqzjdQZMu6kWos10HYf5oHfSfFjRtZXRgpvzmGgNqnFjqHcGnz0NIz3/atbsYuk0iFniC1ju9OodGyKrq36aKpKKQ0wcxzB23z6GYAHlGTO9DpJKzOeLPBZne35lEnaEoB8fSP+3Fg=,iv:hOrzovN8zvi8xfQVmV5lILYDdLvmmMm8Fhp3biSNyoE=,tag:kbGFOCK2WDSJxTkId8arvg==,type:str]
+    pgp: []
+    encrypted_suffix: Templates
+    version: 3.7.1
diff --git a/infra/kube/helm/templates/prod.sops.enc.yaml b/infra/kube/helm/templates/prod.sops.enc.yaml
@@ -0,0 +1,33 @@
+apiVersion: isindir.github.com/v1alpha3
+kind: SopsSecret
+metadata:
+    name: mysecret-sops
+spec:
+    secretTemplates:
+        - name: ENC[AES256_GCM,data:MGF+Cg8jPcly/TGzE2R9H6zYoA==,iv:gSqKhBxRSMu5vrHX1gPQX94zoDgjvAjCX6yqHFB53Hs=,tag:Wr2WLdGddVy10gMgkL1BTg==,type:str]
+          stringData:
+            API_OVH_TOKEN: ENC[AES256_GCM,data:CGNiLb8gWQy5kovokidV85GMyM3XEGOb4u3BH+yVYWjuENcoFcEL5BnBbLlYXtuCFPxSig==,iv:ZeSpZhtxQZPcGCUvtXD7u/hXAlpdf0EDCYfBBOZLE6g=,tag:tfRdSR1t3oxqbrMC0FKjAQ==,type:str]
+            OS_PASSWORD: ENC[AES256_GCM,data:SdgWAzfqfnjObwlEbSHWtYRZMdlUDp3wx2O0mNK8vaM=,iv:Ue3Woy+djv0nrtQxGV/ujK7+zyGSt4cnwFamLR2gQ7o=,tag:c40Tr9OA7jT3bHYupjF/qg==,type:str]
+            OS_PROJECT_NAME: ENC[AES256_GCM,data:H8F/HDm/ghnVe+VWZ3QZkw==,iv:gCP7Wxj2vdoMvxC7tHdOYkdtSUs1cGn94/3QmO8X6FI=,tag:3FRKS3zNY71IMYZobq61tQ==,type:int]
+            OS_USERNAME: ENC[AES256_GCM,data:pR09XJZt7TychLv4W1OFQyA=,iv:PEeEy1L0EpFq59eAyZra5Ld2FSoj2BHfpI7DL3zJFMM=,tag:I1kGN5PZ7asFXe/sC/45kw==,type:str]
+            X_OVH_TOKEN: ENC[AES256_GCM,data:GAxiBcS/wXuDJm+jOLaU4jNX5ZNRa9ncJqHEi0Y/QstlmT2S,iv:gkNFkWhbAiEFmmLw28a2fZLXRPFaY22es8QD3F8vUlA=,tag:7KRs5F5jhtbO/Tba7ODo5Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1g867s7tcftkgkdraz3ezs8xk5c39x6l4thhekhp9s63qxz0m7cgs5kan9a
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTnhvai8wcEo5RGQ1NUtx
+            cWFwNUQ2ZjdmOW9lUEVocHZuM0NpTlBqRHdvClRXRit3aFNPY2VwS25mODJCZ3BV
+            QklrNFpycm5meWhLSTZyc2JaU0g3MUkKLS0tIEtnUDByREVkQkdpWFhEV2RLZVdY
+            amtnbGxjaEJRalZobGdBRmxHYkRKMzQKjcK2A73GNRD3aJP9dB5QNT86UTNZM+7G
+            Z3D7m2hkGMQ+p8CMeJ3HxF2SxTbAI904rp/W0wOgiDC7THR/gb3KZQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-21T16:01:45Z"
+    mac: ENC[AES256_GCM,data:pv1Ry8cpIP9kiB4zVaXJJj+bfWUXp5Yf6Kw3AVO3hW85B+w2nk9s7MuiEeRiAhwzm1jxwqVhamCw8Z3A1h6xUhPz+fmJNOP+euDgY60lz+ZCkkQyjfMe5ehwatG65W7mx5ubhVU4dfmVMZ1MsECJx5FkIfGqP7biq4PmYLf29lo=,iv:4pen5TU+kAtLdBc/F7gsi0YKgYsIcK/PfTf3ceJfEBk=,tag:K7TK8jbEUV3wRy/uYhq3mg==,type:str]
+    pgp: []
+    encrypted_suffix: Templates
+    version: 3.7.1
diff --git a/infra/kube/helm/values-dso.yaml b/infra/kube/helm/values-dso.yaml
@@ -65,14 +65,7 @@ backend:
     workspace: preprod
   secret:
     create: false
-    # If create is true, you can provide values else it use existing secret
-    #values:
-    #  OS_PASSWORD: ""
-    #  OS_PROJECT_NAME: ""
-    #  OS_USERNAME: ""
-    #  X_OVH_TOKEN: "test"
-    #  API_OVH_TOKEN: "test"
-    secretName: "basegun-secret"
+    secretName: basegun-preprod-secret
   resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little