From ac7cd01e7ca345a85004d67c3bbcca749a7c10b1 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Mon, 4 Nov 2024 21:01:17 +0100 Subject: [PATCH] more secrets --- drone/kustomization.yaml | 5 +++++ drone/secret-generator.yaml | 11 ++++++++++ drone/secret.yaml | 37 +++++++++++++++++++++++++++++++++ surveybot/kustomization.yaml | 7 +++++++ surveybot/secret-generator.yaml | 11 ++++++++++ surveybot/secret.yaml | 37 +++++++++++++++++++++++++++++++++ 6 files changed, 108 insertions(+) create mode 100644 drone/kustomization.yaml create mode 100644 drone/secret-generator.yaml create mode 100644 drone/secret.yaml create mode 100644 surveybot/kustomization.yaml create mode 100644 surveybot/secret-generator.yaml create mode 100644 surveybot/secret.yaml diff --git a/drone/kustomization.yaml b/drone/kustomization.yaml new file mode 100644 index 0000000..d840c3c --- /dev/null +++ b/drone/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml diff --git a/drone/secret-generator.yaml b/drone/secret-generator.yaml new file mode 100644 index 0000000..7f9b73e --- /dev/null +++ b/drone/secret-generator.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./secret.yaml diff --git a/drone/secret.yaml b/drone/secret.yaml new file mode 100644 index 0000000..26fc6c3 --- /dev/null +++ b/drone/secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-secrets + namespace: drone +type: Opaque +data: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:9wEps0DmvV8Qqx2dARB6M1stwAdf547n5rbVBEiaa4lL5GPAbHMgOI7bYIo=,iv:3SAA0PNJT1ajUx1SJWNpX2AiJnmcFf8tJCrvOW3fJqk=,tag:Z3yuE/jfyAldVjrdIcPlFg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycHkzcHNDOVdBYjJLRGpz + MkZ5T1UwOEEwTG44aGVuWk5zcnV2NlFPK0NRCkh0VVIzOVh2dWlaWG1hVmJQRE1p + VmhrNERFMHBpS2RTM3EySXdTSExmY3cKLS0tIFpWK3hMUG1TS0dTcTU2VUlkemNt + WlNZY0JmbVFWaVgxaUFlUU55THlRb0UK+P9mB8LDRFlnvYn0CXxzLSa8rB+ms2WF + INPTca+SW4sC37wc3zoIrdzrGuNai6FZbKRwrUtt40eDwgU2n/TANA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YmJiQ2RvQ2pKN0xQbHdQ + bDM3SWFPM0pUQXB4eW1tbEJEbWdSWjVTeXg0CjE3cVNEM2Y1UHBLbStrRnpsQUM4 + cUh6aWROY0wzYnljdTJRZUtKODVBU2MKLS0tIGFybkhLUFF2ajdiZlQySENRc1lu + OXlPbmxsbDJQSlloSmtQb2ZQMDduUEUKnwnwWe3/oovkPlyZtUpoJVWAiW0rPFl+ + PHbo0vrkCkvkKjtXSBP9RPE0sgdPHaYDez9Ea7Q3qdKyYsCKTebapg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-04T20:00:35Z" + mac: ENC[AES256_GCM,data:8gPH1/iWNTkUcCcW5A/+QBSHIOphnCFz7PDc7muwOfgdS7CRfpUrMbsT7smZzsC5TXuy6n/tzYajNqOkuJNzAXeHTAulD5wD/HqwLrFjhO+2zo4m35l8eN9q+AYjTvMXCvK3Yo929gAJa65PXnMmx1kjjSC061KjPrF/Ka0o87w=,iv:Mtn8rx6Lwm9nXh+9km4JyWUr6xFkr+wk2w04QTLdLac=,tag:fL1mFqS9d/HOvZZfPP625A==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/surveybot/kustomization.yaml b/surveybot/kustomization.yaml new file mode 100644 index 0000000..aac1a5a --- /dev/null +++ b/surveybot/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml +resources: + - ./surveybot.yaml diff --git a/surveybot/secret-generator.yaml b/surveybot/secret-generator.yaml new file mode 100644 index 0000000..7f9b73e --- /dev/null +++ b/surveybot/secret-generator.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./secret.yaml diff --git a/surveybot/secret.yaml b/surveybot/secret.yaml new file mode 100644 index 0000000..092d9f5 --- /dev/null +++ b/surveybot/secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: surveybot-token + namespace: surveybot +type: Opaque +data: + TOKEN: ENC[AES256_GCM,data:HZpvxzlqgtHIXstqo+wH5h1SVfBBS7aV7fPEIGO3gq0Hu8wbqMDq8nzBnGHQik+5jR0AoYQvRKLqD+VyIPgHQX8Nc/15er+pyCxa2kLXXPg=,iv:3dcWIVEU7HzkBCA8IT6lHPzsywmW3nCM0HK3Wr8r5eA=,tag:QplCTrlD08dpZvZjBdvlbQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd1ZReHRHazZzN1VKZVFK + eXo1OVhhL1hjeW5WMG5GNzUyWmFMUXFoa0dvCnhvaDNSNFRnMUJVMkxGRlVtRTR4 + WERLanJPbEs0ZTlGSEhudTQ0ckFDbG8KLS0tIDlQTDc2NGxDelMvZXk4WHJ2cTZS + dzkycGRVTW1FRDAwYk5OSFhoSkVPVG8Kvuhx+kEUCLwVlTxVWq2HXzszM4nJE09r + 4nOrW4ytSsC6BM4DR1WR/hbqY+cz/xaHEbCfQBaH4NYQUuaONLICxg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCN3pEOFZCSm90eDFBOEhS + T3RSVWh1ZVI1WS9pZTRkbnJMR0E0S04wdUhVCitFdk5hWjhWNGNqenp3c0dCZGNk + S2NrSk1Ocmx5WDkzeFRFMk5id3VheGMKLS0tIDU3a2Rvb2VKUHEwWVJFY2k4UHNl + dGdSTmkrRmVNWlovVC9JbTRROFgvbUEKEDg6EIYvD2xbVwMxWirkDA9lLOPt64zb + dhgGwbvL8ijAKVPKXLJ73IOWrwk5dCLv7oe8RDhkNDtuSus9HOqD9Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-04T20:00:41Z" + mac: ENC[AES256_GCM,data:dIghUTmsUH2deQGDv9Jykicf+kV4A2XYHqxOHq0TcR7G5V329U25tm4ID07kQKmJjSgPwTx/6Vadxu/Bo3ADrvMj5+bOCUENP5FcJEp8htkJHNlzn1syQ9VXu+Vbka0e0PpPJ4AlxM3toPdmRX4k7tP5FzVlMkxSwAjMsVivHYo=,iv:1094lyciqTvwdmJjCI761sRi42AXxyiFyPw2CSUqfA4=,tag:0LlLhMOn7l4NrFzmbcfPcQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0