argo/sops-secret.yaml: reencrypt secret with new key

.sops.yaml

@@ -2,6 +2,7 @@
 keys:
   - &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
   - &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
+  - &aaron age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
 creation_rules:
   - path_regex: .*
     encrypted_regex: ^(data|stringData)$
@@ -9,3 +10,4 @@ creation_rules:
       - age:
           - *argo
           - *tom
+          - *aaron

app-files/core-deployments.yaml

@@ -32,14 +32,24 @@ spec:
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: argocd-ingress
+  name: argocd
   namespace: argocd
 spec:
   project: default
-  source:
+  sources:
-    repoURL: https://git.ar21.de/yolokube/core-deployments.git
+    - repoURL: https://argoproj.github.io/argo-helm
-    targetRevision: HEAD
+      chart: argo-cd
-    path: argo
+      targetRevision: 7.6.6
+      helm:
+        releaseName: argo
+        valueFiles:
+        - $values/argo/values.yaml
+    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
+      targetRevision: HEAD
+      ref: values
+    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
+      targetRevision: HEAD
+      path: argo
   destination:
     server: https://kubernetes.default.svc
     namespace: argocd
@@ -47,7 +57,8 @@ spec:
     syncOptions:
     - CreateNamespace=true
     automated:
-      prune: true
+      selfHeal: true
+      prune: false
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application

argo/sops-secret.yaml

@@ -5,7 +5,7 @@ metadata:
     namespace: argocd
 type: Opaque
 data:
-    keys.txt: ENC[AES256_GCM,data:EQvfQQy6rco2iqbVLn/3jxsNTcU1tbfCkkAP9D3ggD/MJcIaQ3ZdxonbnnYUS34mmhEwba9R3vn80EQCj0M5jU5ucMeU+E25HbQAJFPBI2pvXuRQy8nMVtRwgrJZdaFKBUzGjtNrSj04y1y6QdIsIMqkn8byi5RthJ86IYo4if4WNPJp1EyiM/3+PTn/fLT/QtzU83LUz8D/hPTtUYJCxyeHEYBuC/niHfT1NgqsBRspI13bPUmxBjmtew1docQL61QSRdflopD7vxb9b6elQ/Zj4vs/TK0ILT5do1KkRGnZT8hRTnqnArcLdTr8xR5gVlIFFInncvzdLPsN,iv:JvuOYExMwMBlgM/W83ttlnvUPkuFPVvkBNwzumBxpLU=,tag:AXJOv4ZO0znONF9VG+5j3g==,type:str]
+    keys.txt: ENC[AES256_GCM,data:fY3isf0iaornjPYAGu7quWYC2O+LIm+gMvmjjhYgLWKK1YzIlOnW+ECaXRsmESr6F14rXayCGSlFzsEVJlVnaHvR+XgqX5Qj+ZUD8BCHW/cNcAcEWThVKZp6+CNIO9QsekkVv+huKpEZ/WPPr/dQZ/J8kuMHp7sCjoieG9tVXp0LbsGzMkodwrVKlE6kASKDsFZshtsQBhkx03MDLc/HC3z8eFwLV31fJ7MJTwZnhz9ONAexyFXwsjclWRR5nGizOCV0/tC8E3nOHugFX0Ae1GmWn69sTSf3lqNmT2RMm0iAZABJCdjcuBVZhegIyuGkrbL4GhKteNpqYVqe,iv:CuOiL/LTGp/W+7pOJPSb3b/UDewIusKs18MNKdsoC3s=,tag:ii1NFa2j4RxXgDfbMyJGjQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,23 +15,32 @@ sops:
         - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeitkMzBjTGxSM09RTnFB
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Z2lHdHB1bDBMNGFDb3gw
-            N0UxRytKMmszMHhKVFY3b0pNcHIwWHcwbUNjClY4cHMvemhzRkNXRVhtcVRtN1c4
+            blJOU2RpTlRlTXM4OEdXL0oxczd4d2Y0TDNrCnFBWnluUDZhRVEyTVRoWC9HaXly
-            OGtaWFkwTWYwNHNTL3lMVmlYOGREYTAKLS0tIEZxNm1IMmFxdzB2dUhvdlNsUUxl
+            eTVsenRiTVFxU2h6VXFneEM0KzNWNFUKLS0tIDZLMHRNbm1rS04xUXBxdHlOVHAx
-            UHdKaW8ydkpoLzQ0dEVyc0plaVhCTlUK6PF6CVvLDDTIozhRYHZxgcNeeKQPJAPr
+            a0d1SW93TEROWkRpekt1VHlQZHhCRFEKsz8LUmpDrR7a7p7pd0FotGtxuEPwEeOY
-            Ay/35PSwzZ4RVJyAKqyhkkQSXkwLsytV1AC527NEZbmBniGgioyFHA==
+            L9lg0WJNJ9OAqJDBXoygedyQ4bWqFdDnr1U3RoPzbnOOgvAk9aPj3Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1BmeUNLT1RQR3cybzQx
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVkNZWFBIQnhxbEJ4T01J
-            aTRJVXkzQTFmNVowTmpVckJHdmRWTlVtSEV3Cm1oakp0c0NoRnF5c3pIb01ja2g3
+            aVlKa2NrcVAxdGNWY0JDaWk3UDlxeE90b2x3CjhMVm1Zb0ozdzB2VVlVckdwUUk5
-            UE1hUXV2bmNqeFlPM2tsY0J0UndYVTgKLS0tIDRBaGVBK0xlSFVFVVdXZjQ1RXhQ
+            dkZBeUo3aW1BM2ZmQVhpZ29TSm15RGsKLS0tIDZNc01xMVFnOGpLV3JGYytHTlgv
-            UUo1Q0lXVjNGWllzYnlJS29qZHdZZGsK8Z1JWhY9HSY5xm6gZaT3TB2eqMysNxgL
+            T3hQZHVZVDA1cjFNNEtBWkF2VkdFbjQKg4yy1rWCprRYmpXtMA0++x4VGJPEKAyx
-            MDk4gaQq8qbrMF/jN40ljt1ZgtAlY2gQKFyqygUNiwgHxN8iC2upng==
+            b8+RC5TV82yWhqtF9pWpkIuzJ/5zKih49is9rSo5PoaL+QOpLYR5yw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-30T17:09:05Z"
+        - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
-    mac: ENC[AES256_GCM,data:Qvm2+3NQy9oywWveAhJdvnmg9tQzdCwjQSczYAS2j5Y0nPw3VeCT27Efm0A591fsvUhjukcDnX2ogEkKtPPJgq5VAJtGLXh2akAdjFxYxm8UPkgw8e6ev/R4kQQdTQ0if8qeeIO3CHEvAKhmrGimbg4DDHgPvyGoiHtTbBBFFr0=,iv:EDmPxMOXpHdyTmGbHFYAholnzi+WLc+GBXmu0k3GAuE=,tag:ThMbGppwFUocX7g2bsWI7w==,type:str]
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMmZ6ekNxMEdCZXJKUCtp
+            YVV4RzBuQllGQlpZeDZ4UkpQV1l4Q0pIeWtjCjNlK3Y2Z21LRERVMkxZNVFYUHdU
+            NGhkdm9TSGtaNWo1ZEV0eTFNR2ZhNkkKLS0tIEpKOU44SU5EeC81aGRUektyUFl0
+            dE84M3JQeW1iY25ZaTdqMG8ySG9Cam8KQS8eKuIjhcTVBbcdkcyFezqoi9S6dc74
+            hWbNlP+BSHZD/Sx+6oYHIpJPYtJ8/IqZAwdQavyqj27AnsiKzY4rnw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-30T18:24:55Z"
+    mac: ENC[AES256_GCM,data:4+/TztJYPPFOY/b9XEo3XfzDHD2tVZJc6/tDF0u5+DvTzGdp2/YvSTI/UPS2iEprsvG0lyveqPxdgweEgXMGcnpEcMhK6gzW1LVJmzFgWev0WjrmCxNNnMPMkU0hGG0WdgSAAlx4FLnms/gdEHDYnkXYqHH01N5EUSP9c8JpTIg=,iv:XJ+JuI5WjqXPTIgX1Jklc+kJzmIcEa6QAEGJISo4QBE=,tag:bMBGUfchsJE6I0h04aUB4Q==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.9.0