aaron/woodpecker-deployment
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add sops to secrets

Browse source
This commit is contained in:
Aaron Riedel 2024-09-30 20:14:16 +02:00
parent 42ec988b42
commit 31aef2e676
Signed by: aaron
GPG key ID: 643004654D40D577
2 changed files with 108 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
.sops.yaml Normal file
View file

@ -0,0 +1,14 @@
---
keys:
- &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
- &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
- &aaron age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
creation_rules:
- path_regex: .*
encrypted_regex: ^(data|stringData)$
key_groups:
- age:
- *argo
- *tom
- *aaron

94
secrets.enc.yaml Normal file
View file

@ -0,0 +1,94 @@
apiVersion: v1
kind: Namespace
metadata:
name: woodpecker
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aFZDRHB2bW9NeUk2djdX
ellnaytvcjliT0MxSnZZeHcrSkhvY3JaUm13CnNjODNhMVZFeFh5Y3lNV1hTTjJ3
ZnFVdU1uSEdqdHVnQ0hZWEY1T2VieFEKLS0tIDMzZkd3WmVlaWUrenUyK0s1enlU
T241OWhqYU1zejAvS0xqN1FNK3AxWUUKsdzHdRlDkTHidJLlMvWKR9w/C3YeWTyM
JETfjVvox3wDAVqy+4zufx0z0SOfKrm6dXGMvZKk1N/u8gmWG4ACmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQndQdzlsSGdtQlhyUEFF
WEhCNGdUNDV1M29NVDdaSnFRNE1FaGYvSnlVCnpIbWJyYU5VRnphelFwOUlEK3di
MXYzbW9iL1lmazRZakw4OS9ySWNBTFkKLS0tIEFTZnhpWm1ONFl2UE15YWhCYUZv
UjBxM25mYy92VUNqVytjcmJ6eWNOQTQKyCVe2FImAbJja95gzqGB6ZRk3MNP6qz5
KVmNVAI3UcDOv1dmzYHf/YpcghFOArXXNoPJWIChldX04kfjHuXl6A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIV0dKV3RnV2xpSnNOQ3Nu
YlJOUHR2b0w5YjhucTU0MHNtMVpIZEJyN1RJClVYNS9TUWpLbmg1aWJ3TkgrTUhC
T0E0WWVhYVhJV2lBT1F6VVhQSHNyWk0KLS0tIGNKeWo5NlZLZkdIMmkvd3hUYno2
Vk9UdWVhOXZLb2VidVd0d2lWWnRYZGMKil6LpzwYXZ8oRZZlpEmsebfiKb+4G53R
50JtWsmvYOaXtigxDD0ICp3WQeJ0DmObX0Pf7X7eQVUtwrl552QczA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-30T18:05:39Z"
mac: ENC[AES256_GCM,data:mibT5xjxb3+8DPAZLjCexX9LVL0T56KFvUJ/99EJvIQIeWHLxGO3R6yEyTYsg5SXIOS5ck20gfhdu7Xzr8OQ0ZqXEGA+xsb/KciMQ0p/gyIworvXtRZExLMy/Wpp4cDxinzmhSifWsBnc2lgMiu6yBDHCVsouYpoPcOe79QEeUg=,iv:UoYoghdGR+1IzbTEDiD/yFnhZ3FcY8gOvKPyGmwGm+Q=,tag:QzAnnnhyabXTMKJw5fzBFw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0
---
apiVersion: v1
kind: Secret
metadata:
name: woodpecker-forgejo
namespace: woodpecker
labels:
app.kubernetes.io/instance: woodpecker
type: Opaque
data:
WOODPECKER_FORGEJO_CLIENT: ENC[AES256_GCM,data:kAq2eLNJHoe8j/2X+uf2H4GO8vW6idO17/FQfy42He5hcGD55g+hCqjYAsAUbS5zpVA00A==,iv:im64HVYag5cWwo3+wINzoHMbfaiAYu67GeNexm6ffsA=,tag:tmcvECtawJw+qf7qKV7Uig==,type:str]
WOODPECKER_FORGEJO_SECRET: ENC[AES256_GCM,data:AoYNcM3KTHSJ/R03kmeqEmBleGkY4h4DGtfvCPyZQSi0iJLmqfeZgMsfWfC3HF1SXYmYZqpcLzis7dK0iTARvaiB0xCng+/kcR6Ijg==,iv:4VaEMHf7K+2lEYZAMCTo+Ot018SNIzCNJs27RovaN+I=,tag:E1T/ylRZrBwqRNcHQXXbqA==,type:str]
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:Tw4bzOUGe/NytL2uy/axoXP9OVXYF2TslCCen6DcLeVHRYbRUQ1MKRM/8PWvwYTgOAWE6ZYRUyM7UN5g2cTWcXu0yosp4briCNGN1aUn0xuWr/+EcuWmgv7DFwE6se8eH+khdbfSc4C+2V1U,iv:DyuzOYf/bvUUm8NT4+8dk2hEgyqeVxOJqmt0mKCw2SQ=,tag:WOHbllnzIlMSE5kqGOEtTg==,type:str]
WOODPECKER_PROMETHEUS_AUTH_TOKEN: ENC[AES256_GCM,data:Y05VPcpG9vtu+FjYPr9Gp7Chp6oD2mJad3WjvrpvGLpoCFvuWDIIeAmOM5c=,iv:bhaaf9CCSHLkhYgdsTvNlZD/FFQCL6FanhIgsaXLfOA=,tag:KDfZ6Xmfd515GgiES+EaaQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aFZDRHB2bW9NeUk2djdX
ellnaytvcjliT0MxSnZZeHcrSkhvY3JaUm13CnNjODNhMVZFeFh5Y3lNV1hTTjJ3
ZnFVdU1uSEdqdHVnQ0hZWEY1T2VieFEKLS0tIDMzZkd3WmVlaWUrenUyK0s1enlU
T241OWhqYU1zejAvS0xqN1FNK3AxWUUKsdzHdRlDkTHidJLlMvWKR9w/C3YeWTyM
JETfjVvox3wDAVqy+4zufx0z0SOfKrm6dXGMvZKk1N/u8gmWG4ACmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQndQdzlsSGdtQlhyUEFF
WEhCNGdUNDV1M29NVDdaSnFRNE1FaGYvSnlVCnpIbWJyYU5VRnphelFwOUlEK3di
MXYzbW9iL1lmazRZakw4OS9ySWNBTFkKLS0tIEFTZnhpWm1ONFl2UE15YWhCYUZv
UjBxM25mYy92VUNqVytjcmJ6eWNOQTQKyCVe2FImAbJja95gzqGB6ZRk3MNP6qz5
KVmNVAI3UcDOv1dmzYHf/YpcghFOArXXNoPJWIChldX04kfjHuXl6A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIV0dKV3RnV2xpSnNOQ3Nu
YlJOUHR2b0w5YjhucTU0MHNtMVpIZEJyN1RJClVYNS9TUWpLbmg1aWJ3TkgrTUhC
T0E0WWVhYVhJV2lBT1F6VVhQSHNyWk0KLS0tIGNKeWo5NlZLZkdIMmkvd3hUYno2
Vk9UdWVhOXZLb2VidVd0d2lWWnRYZGMKil6LpzwYXZ8oRZZlpEmsebfiKb+4G53R
50JtWsmvYOaXtigxDD0ICp3WQeJ0DmObX0Pf7X7eQVUtwrl552QczA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-30T18:05:39Z"
mac: ENC[AES256_GCM,data:mibT5xjxb3+8DPAZLjCexX9LVL0T56KFvUJ/99EJvIQIeWHLxGO3R6yEyTYsg5SXIOS5ck20gfhdu7Xzr8OQ0ZqXEGA+xsb/KciMQ0p/gyIworvXtRZExLMy/Wpp4cDxinzmhSifWsBnc2lgMiu6yBDHCVsouYpoPcOe79QEeUg=,iv:UoYoghdGR+1IzbTEDiD/yFnhZ3FcY8gOvKPyGmwGm+Q=,tag:QzAnnnhyabXTMKJw5fzBFw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0