From e5eaeaeffc6e17147a70dbe8b03c1355408c25e4 Mon Sep 17 00:00:00 2001 From: Sarah G Date: Fri, 22 Sep 2023 17:39:05 +0200 Subject: [PATCH] Use single secret file, add quotes for num var in secret --- .gitlab-ci-dso.yml | 1 - .../kube/helm/templates/preprod.sops.enc.yaml | 33 --------------- infra/kube/helm/templates/prod.sops.enc.yaml | 33 --------------- infra/kube/helm/templates/sops.enc.yaml | 40 +++++++++++++++++++ 4 files changed, 40 insertions(+), 67 deletions(-) delete mode 100644 infra/kube/helm/templates/preprod.sops.enc.yaml delete mode 100644 infra/kube/helm/templates/prod.sops.enc.yaml create mode 100644 infra/kube/helm/templates/sops.enc.yaml diff --git a/.gitlab-ci-dso.yml b/.gitlab-ci-dso.yml index afd29d71..bea57bb5 100644 --- a/.gitlab-ci-dso.yml +++ b/.gitlab-ci-dso.yml @@ -11,7 +11,6 @@ default: variables: TAG: "${CI_COMMIT_REF_SLUG}" - DOCKERFILE: Dockerfile REGISTRY_URL: "${REGISTRY_HOST}/${PROJECT_PATH}" stages: diff --git a/infra/kube/helm/templates/preprod.sops.enc.yaml b/infra/kube/helm/templates/preprod.sops.enc.yaml deleted file mode 100644 index 13797fe5..00000000 --- a/infra/kube/helm/templates/preprod.sops.enc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: isindir.github.com/v1alpha3 -kind: SopsSecret -metadata: - name: basegun-preprod-secret -spec: - secretTemplates: - - name: ENC[AES256_GCM,data:QDKKdWH0omcJNyfMmfm32RtGOj0fZA==,iv:3wBqAxzgVM1Fre3S1K2ZwsrC5Q61o0WI0yFTmfeC4po=,tag:B04LsiuX3aSZ2kcQVw2OdA==,type:str] - stringData: - API_OVH_TOKEN: ENC[AES256_GCM,data:dweXYXxjtnlvJyE33bY6MOxLjXcmsCYHcYcki99dRS4t8HQ75N8HsytXVi1U/k6VFLhsCg==,iv:XaOgqMj9z3IzaexbC0Auv6UyMtdi9PO2krHpHYQT8Xg=,tag:PrmReCSXkzigBbE/GREnLQ==,type:str] - OS_PASSWORD: ENC[AES256_GCM,data:p8BR8qdwjVUb29p2Hkk/jN3Bq3hsrcPuNmDeK5roe9w=,iv:EZn4UwuE8Q+SLxV9AoBaIpxq9ss/nP0wjQdkkFNnWVM=,tag:Kqy6QQkT+5AjY6hAvQrfVQ==,type:str] - OS_PROJECT_NAME: ENC[AES256_GCM,data:NkBf22Oe4NgLb26mAosrxQ==,iv:yqV8ko8NNfKVMM1uIgoalAwRqjfbYWCLifDxqiKJISE=,tag:i9uNNu2HzKQV+XCW6n9gcw==,type:int] - OS_USERNAME: ENC[AES256_GCM,data:PaHeycEUCYxQAdujJ5AwePs=,iv:9e/B1bJwmZCEw3vNbxvDf/j/f2yAxZspNk6iwY72XLI=,tag:3ZouzW87YCV1QzXDSTMp8Q==,type:str] - X_OVH_TOKEN: ENC[AES256_GCM,data:ys1cpsrjT+Epazd5GQfoNwXJQKmFrjwQuWXVs+q+gCGjFXJp,iv:56AQh3TXIud7gXnNrq59L/EZpjixBVQjZlwwwtTlACc=,tag:xhkqFJirnuAEf65F6g1gIw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1g867s7tcftkgkdraz3ezs8xk5c39x6l4thhekhp9s63qxz0m7cgs5kan9a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVEZtRE5RYUxvdC9rOE1q - WERNdEs2VUlsQTZDMm9ScXZQM0hHRmtXdFFVClpVWHk5a0Y1UHNKd0VHUzBrRzI2 - VEdXUHBLcE1tL05OUCtOd2xIM25FancKLS0tIFk0M1h5ei8rR2FtZlp2NkhVMDM5 - R1QyRFdTNDZYWXFtcmV5MUpwR0Z5a2cKSAj0ISAZv1QBcydEXu/x+gopkYCuKfVP - s4X8GX8gLTlp30rHgx0V8pSHSH5oAljd8lWQo44+rTJMwk9Pnv8kkg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-21T16:01:34Z" - mac: ENC[AES256_GCM,data:FX8WJHxudKLomghSfCeI5SNMEAKjMJpDLXqzjdQZMu6kWos10HYf5oHfSfFjRtZXRgpvzmGgNqnFjqHcGnz0NIz3/atbsYuk0iFniC1ju9OodGyKrq36aKpKKQ0wcxzB23z6GYAHlGTO9DpJKzOeLPBZne35lEnaEoB8fSP+3Fg=,iv:hOrzovN8zvi8xfQVmV5lILYDdLvmmMm8Fhp3biSNyoE=,tag:kbGFOCK2WDSJxTkId8arvg==,type:str] - pgp: [] - encrypted_suffix: Templates - version: 3.7.1 diff --git a/infra/kube/helm/templates/prod.sops.enc.yaml b/infra/kube/helm/templates/prod.sops.enc.yaml deleted file mode 100644 index 49aace01..00000000 --- a/infra/kube/helm/templates/prod.sops.enc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: isindir.github.com/v1alpha3 -kind: SopsSecret -metadata: - name: basegun-prod-secret -spec: - secretTemplates: - - name: ENC[AES256_GCM,data:MGF+Cg8jPcly/TGzE2R9H6zYoA==,iv:gSqKhBxRSMu5vrHX1gPQX94zoDgjvAjCX6yqHFB53Hs=,tag:Wr2WLdGddVy10gMgkL1BTg==,type:str] - stringData: - API_OVH_TOKEN: ENC[AES256_GCM,data:CGNiLb8gWQy5kovokidV85GMyM3XEGOb4u3BH+yVYWjuENcoFcEL5BnBbLlYXtuCFPxSig==,iv:ZeSpZhtxQZPcGCUvtXD7u/hXAlpdf0EDCYfBBOZLE6g=,tag:tfRdSR1t3oxqbrMC0FKjAQ==,type:str] - OS_PASSWORD: ENC[AES256_GCM,data:SdgWAzfqfnjObwlEbSHWtYRZMdlUDp3wx2O0mNK8vaM=,iv:Ue3Woy+djv0nrtQxGV/ujK7+zyGSt4cnwFamLR2gQ7o=,tag:c40Tr9OA7jT3bHYupjF/qg==,type:str] - OS_PROJECT_NAME: ENC[AES256_GCM,data:H8F/HDm/ghnVe+VWZ3QZkw==,iv:gCP7Wxj2vdoMvxC7tHdOYkdtSUs1cGn94/3QmO8X6FI=,tag:3FRKS3zNY71IMYZobq61tQ==,type:int] - OS_USERNAME: ENC[AES256_GCM,data:pR09XJZt7TychLv4W1OFQyA=,iv:PEeEy1L0EpFq59eAyZra5Ld2FSoj2BHfpI7DL3zJFMM=,tag:I1kGN5PZ7asFXe/sC/45kw==,type:str] - X_OVH_TOKEN: ENC[AES256_GCM,data:GAxiBcS/wXuDJm+jOLaU4jNX5ZNRa9ncJqHEi0Y/QstlmT2S,iv:gkNFkWhbAiEFmmLw28a2fZLXRPFaY22es8QD3F8vUlA=,tag:7KRs5F5jhtbO/Tba7ODo5Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1g867s7tcftkgkdraz3ezs8xk5c39x6l4thhekhp9s63qxz0m7cgs5kan9a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTnhvai8wcEo5RGQ1NUtx - cWFwNUQ2ZjdmOW9lUEVocHZuM0NpTlBqRHdvClRXRit3aFNPY2VwS25mODJCZ3BV - QklrNFpycm5meWhLSTZyc2JaU0g3MUkKLS0tIEtnUDByREVkQkdpWFhEV2RLZVdY - amtnbGxjaEJRalZobGdBRmxHYkRKMzQKjcK2A73GNRD3aJP9dB5QNT86UTNZM+7G - Z3D7m2hkGMQ+p8CMeJ3HxF2SxTbAI904rp/W0wOgiDC7THR/gb3KZQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-21T16:01:45Z" - mac: ENC[AES256_GCM,data:pv1Ry8cpIP9kiB4zVaXJJj+bfWUXp5Yf6Kw3AVO3hW85B+w2nk9s7MuiEeRiAhwzm1jxwqVhamCw8Z3A1h6xUhPz+fmJNOP+euDgY60lz+ZCkkQyjfMe5ehwatG65W7mx5ubhVU4dfmVMZ1MsECJx5FkIfGqP7biq4PmYLf29lo=,iv:4pen5TU+kAtLdBc/F7gsi0YKgYsIcK/PfTf3ceJfEBk=,tag:K7TK8jbEUV3wRy/uYhq3mg==,type:str] - pgp: [] - encrypted_suffix: Templates - version: 3.7.1 diff --git a/infra/kube/helm/templates/sops.enc.yaml b/infra/kube/helm/templates/sops.enc.yaml new file mode 100644 index 00000000..6e512361 --- /dev/null +++ b/infra/kube/helm/templates/sops.enc.yaml @@ -0,0 +1,40 @@ +apiVersion: isindir.github.com/v1alpha3 +kind: SopsSecret +metadata: + name: basegun-secret +spec: + secretTemplates: + - name: ENC[AES256_GCM,data:1ZVVbDmj5i+r+av13XfioxgPob5+qQ==,iv:G+9020/Elg9I/vibSbY2PqtuU20P4zmHoy36n5oyFMs=,tag:wZzhqetYFjjAZWgyHGPorg==,type:str] + stringData: + API_OVH_TOKEN: ENC[AES256_GCM,data:HKZrlxJAnNjavhsWs600eVz7AZMJTs/U44d3FcL2NZGLzjTwk5oIFqD/oA9vjpm97gMMHg==,iv:NZ4Jyd5DYgrkdaLWZpqrNNjnmMGQzQMzrY84mMaOx8k=,tag:uwr0mqOtslR9TPVcZuAl/g==,type:str] + OS_PASSWORD: ENC[AES256_GCM,data:9GZZczK/pnc12dg/Xu6qXiiWh2Yrk9gPzNDHnq5HHqU=,iv:Lez5jeuALUgKKhsDsETdCBMLXJZb3/gBKjrekO2ouyE=,tag:firbyiIG7zjmeIaFgzz3lw==,type:str] + OS_PROJECT_NAME: ENC[AES256_GCM,data:OP2sH/0PNPTw8M0bgVanxQ==,iv:neIdYvAMV38nZzqIyp+OOf86QO96GG0Nlq2wNme/5GM=,tag:4GAkiT3ZzDZwzOIxkTTSBw==,type:str] + OS_USERNAME: ENC[AES256_GCM,data:W/2F5zRt8ZZVB/JWgGfurSg=,iv:EfrkEn7tGC8R6Wq9VcziLAlaY1jUYCE4z4wBM3+l0tU=,tag:V+Ao+Y1zL3EEgTnAFe2nkA==,type:str] + X_OVH_TOKEN: ENC[AES256_GCM,data:guzE1OgwWmfQ8K002SSIePIvx1dYyats4RnHxVwew5iIFHBd,iv:J29ZUWFtu9O4ygzMuhOFGjoEi5XCeuBe+s63pD1mCX0=,tag:q/PAqU+IX10BN/QoyQoROA==,type:str] + - name: ENC[AES256_GCM,data:Y8lMlflbQgX5PKV7sIGE5sIKsw==,iv:PTQFWABaFa4TAxsxeIOHkNN4+qh2W/VP7MbfrkrADpA=,tag:HBUl3hmG2dlW3DMTXidtVw==,type:str] + stringData: + API_OVH_TOKEN: ENC[AES256_GCM,data:4fKk+Dyr0UZu9Yt9ImATQISNdLo1J3cIbdK71Jj+YSleI1mz3n53upVunqh7cZfpD1za2Q==,iv:kCHkM3ZxDpXOLS0poBBmmyfoJdF9dPlw5x39HZXmp9c=,tag:Go07oKCOAWydBK7WzSTK6A==,type:str] + OS_PASSWORD: ENC[AES256_GCM,data:Z79SFvSc8Xpf/BoHD0K2tj/PdPgrErvTriEGpERTd8k=,iv:MzMQOP31o9U4CmtX8bZoJD4nDw75J5Mfnza6ZXIbb00=,tag:3e9kmSrmn/NOcQ9jz4h23A==,type:str] + OS_PROJECT_NAME: ENC[AES256_GCM,data:TiWAobmoZz2BLB/kLoibQQ==,iv:QN3j1/IY5KBTI6WQntGo8LcHnGHpq3GSwHC14lxxKpQ=,tag:UL2mTaTCYPbS5drPY8Dm+w==,type:str] + OS_USERNAME: ENC[AES256_GCM,data:hGE3/vJuVgWgdRo6YKXq2xw=,iv:Fldxv4POaB+l80jhuTT7K6dHuce7OjhOFBaA+9pnxic=,tag:4m4aGs9tQKMzJL3BFQ5BJw==,type:str] + X_OVH_TOKEN: ENC[AES256_GCM,data:xtHI61wsw/OeLhdXse9M8ZSHM2Zekl/LZ7Wl+XxmCs2Lre5j,iv:dQicS9TRt2utUyjKmJwWkmEl4lCUEgBno7TGPMCXwGY=,tag:gsaLeKh6/NCsUHF3+0Plvg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1g867s7tcftkgkdraz3ezs8xk5c39x6l4thhekhp9s63qxz0m7cgs5kan9a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT0VaSmUwQ3FvaXM0N2hB + M1RodXRFMTExZ2pjWC91cGFZdGpJVzBRNzFnCjlXN2YvcHlRcW1OTTdGR3M0a3Rk + NWdGSE9LYzB5c0F4RGVicWFKMXJiVDQKLS0tIDlCKzR3ZGVrS082UGlRbEQvMExn + ZlVyaVM4Sml5Tm0rcnlUR0Rob01YSFkKznVB850hTwq756oEhCZr3lZ1rMeYMFTJ + 4M4s3VU271XjM336M3Yk2wG3WlSKzI4NSMfrv5zJL6mWDO+SoFO9Tw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-22T15:37:24Z" + mac: ENC[AES256_GCM,data:Xmx2WR0+a/n1zz6FB8nzMTCwqjpal8DcT8PmHqUPswKKFVDqqh5mZMZru2CFBS4vG5jJ4j+DOA6uAxW+p5R0hRz6y6To43ZWc5olHmbjgpjdEWHZrdXTOx9N86DxPRfp4qFR5pEcp9gSrWSSmSKYV/IKl+Aw8dfWKy27UV1nBnc=,iv:rMI2UepCiiRXXjYQfcETfE2siqAio9T2k0ErYO2Li8E=,tag:pTCeYPM+CM6HQ3+vuEik7w==,type:str] + pgp: [] + encrypted_suffix: Templates + version: 3.7.1