From f33a56c09401a212f3df02b8af1be301377bf0dc Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Sun, 29 Sep 2024 02:48:27 +0200
Subject: [PATCH 1/7] argo/cm.yaml: enable argocd kustomize plugins

---
 argo/cm.yaml | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/argo/cm.yaml b/argo/cm.yaml
index fafdd79..6189393 100644
--- a/argo/cm.yaml
+++ b/argo/cm.yaml
@@ -9,6 +9,7 @@ metadata:
     app.kubernetes.io/name: argocd-cm
     app.kubernetes.io/part-of: argocd
 data:
+  kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
   statusbadge.enabled: "true"
   resource.customizations: |
     networking.k8s.io/Ingress:
@@ -33,28 +34,3 @@ data:
     # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
     requestedScopes: ["openid", "profile", "email"]
     logoutURL: https://auth.ar21.de/application/o/yolokube-argocd/end-session/
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: argocd-cmd-params-cm
-  namespace: argocd
-  labels:
-    app.kubernetes.io/instance: argocd-ingress
-    app.kubernetes.io/name: argocd-cm
-    app.kubernetes.io/part-of: argocd
-data:
-  server.insecure: "true"
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: argocd-rbac-cm
-  namespace: argocd
-  labels:
-    app.kubernetes.io/instance: argocd-ingress
-    app.kubernetes.io/name: argocd-cm
-    app.kubernetes.io/part-of: argocd
-data:
-  policy.csv: |
-    g, yolokube-general, role:admin
-- 
2.45.2


From da452933657b9039e5ca91edf559d9e92e1e2464 Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Sun, 29 Sep 2024 03:19:10 +0200
Subject: [PATCH 2/7] argo: deploy argo with helm

---
 argo/ingress.yaml | 24 ----------------------
 argo/values.yaml  | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 24 deletions(-)
 delete mode 100644 argo/ingress.yaml
 create mode 100644 argo/values.yaml

diff --git a/argo/ingress.yaml b/argo/ingress.yaml
deleted file mode 100644
index 906bb78..0000000
--- a/argo/ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/tls-acme: "true"
-  name: argocd-ingress
-  namespace: argocd
-spec:
-  rules:
-  - host: "argo.services.yolokube.de"
-    http:
-      paths:
-      - pathType: Prefix
-        path: "/"
-        backend:
-          service:
-            name: argocd-server
-            port:
-              number: 80
-  tls:
-  - hosts:
-      - argo.services.yolokube.de
-    secretName: argocd-tls-key
diff --git a/argo/values.yaml b/argo/values.yaml
new file mode 100644
index 0000000..7240092
--- /dev/null
+++ b/argo/values.yaml
@@ -0,0 +1,51 @@
+global:
+  domain: argo.services.yolokube.de
+configs:
+  cm:
+    create: false
+  params:
+    create: true
+    server.insecure: true
+  rbac:
+    create: true
+    policy.csv: |
+      g, yolokube-general, role:admin
+server:
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/tls-acme: "true"
+    tls: true
+repoServer:
+  volumes:
+    - name: custom-tools
+      emptyDir: {}
+    - name: sops-key
+      secret:
+        secretName: sops-age
+  initContainers:
+    - name: install-ksops
+      image: viaductoss/ksops:v4.3.2
+      command: ["/bin/sh", "-c"]
+      args:
+        - echo "Installing KSOPS...";
+          mv ksops /custom-tools/;
+          mv kustomize /custom-tools/;
+          echo "Done.";
+      volumeMounts:
+        - mountPath: /custom-tools
+          name: custom-tools
+  volumeMounts:
+    - mountPath: /usr/local/bin/kustomize
+      name: custom-tools
+      subPath: kustomize
+    - mountPath: /usr/local/bin/ksops
+      name: custom-tools
+      subPath: ksops
+    - mountPath: /.config/sops/age
+      name: sops-key
+  env:
+    - name: XDG_CONFIG_HOME
+      value: /.config
+    - name: SOPS_AGE_KEY_FILE
+      value: /.config/sops/age/keys.txt
-- 
2.45.2


From 094514c88edbe9a5c877f1a9993146e4cbed1bcc Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Mon, 30 Sep 2024 19:04:49 +0200
Subject: [PATCH 3/7] renovate.json: enable kubernetes update handler

---
 renovate.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/renovate.json b/renovate.json
index c522108..870240c 100644
--- a/renovate.json
+++ b/renovate.json
@@ -5,6 +5,10 @@
   "argocd": {
     "fileMatch": ["^app-files/core-deployments\\.yaml$"]
   },
+  "kubernetes": {
+    "enabled": true,
+    "fileMatch": ["\\.yaml$"]
+  },
   "packageRules": [
     {
       "matchPackageNames": ["kube-prometheus-stack"],
-- 
2.45.2


From 25b4123b5d12c00684f2616dd10e6b584ea17f46 Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Mon, 30 Sep 2024 19:10:44 +0200
Subject: [PATCH 4/7] argo: add argo sops key & kustomization file

---
 .gitignore                 |  4 ++--
 .sops.yaml                 | 11 +++++++++++
 argo/kustomization.yaml    |  6 ++++++
 argo/secret-generator.yaml | 10 ++++++++++
 argo/sops-secret.yaml      | 37 +++++++++++++++++++++++++++++++++++++
 5 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 .sops.yaml
 create mode 100644 argo/kustomization.yaml
 create mode 100644 argo/secret-generator.yaml
 create mode 100644 argo/sops-secret.yaml

diff --git a/.gitignore b/.gitignore
index 83bc8e9..e152f54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-**/secret.yaml
 **/temp.yaml
 **/credentials
-**/.DS_Store
\ No newline at end of file
+**/.DS_Store
+*.agekey
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..2f5281c
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,11 @@
+---
+keys:
+  - &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
+  - &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
+creation_rules:
+  - path_regex: .*
+    encrypted_regex: ^(data|stringData)$
+    key_groups:
+      - age:
+          - *argo
+          - *tom
diff --git a/argo/kustomization.yaml b/argo/kustomization.yaml
new file mode 100644
index 0000000..dd98dfe
--- /dev/null
+++ b/argo/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+generators:
+  - ./secret-generator.yaml
+resources:
+  - ./cm.yaml
diff --git a/argo/secret-generator.yaml b/argo/secret-generator.yaml
new file mode 100644
index 0000000..271743c
--- /dev/null
+++ b/argo/secret-generator.yaml
@@ -0,0 +1,10 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ksops
+files:
+  - ./sops-secret.yaml
diff --git a/argo/sops-secret.yaml b/argo/sops-secret.yaml
new file mode 100644
index 0000000..821e183
--- /dev/null
+++ b/argo/sops-secret.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: sops-age
+    namespace: argocd
+type: Opaque
+data:
+    keys.txt: ENC[AES256_GCM,data:EQvfQQy6rco2iqbVLn/3jxsNTcU1tbfCkkAP9D3ggD/MJcIaQ3ZdxonbnnYUS34mmhEwba9R3vn80EQCj0M5jU5ucMeU+E25HbQAJFPBI2pvXuRQy8nMVtRwgrJZdaFKBUzGjtNrSj04y1y6QdIsIMqkn8byi5RthJ86IYo4if4WNPJp1EyiM/3+PTn/fLT/QtzU83LUz8D/hPTtUYJCxyeHEYBuC/niHfT1NgqsBRspI13bPUmxBjmtew1docQL61QSRdflopD7vxb9b6elQ/Zj4vs/TK0ILT5do1KkRGnZT8hRTnqnArcLdTr8xR5gVlIFFInncvzdLPsN,iv:JvuOYExMwMBlgM/W83ttlnvUPkuFPVvkBNwzumBxpLU=,tag:AXJOv4ZO0znONF9VG+5j3g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeitkMzBjTGxSM09RTnFB
+            N0UxRytKMmszMHhKVFY3b0pNcHIwWHcwbUNjClY4cHMvemhzRkNXRVhtcVRtN1c4
+            OGtaWFkwTWYwNHNTL3lMVmlYOGREYTAKLS0tIEZxNm1IMmFxdzB2dUhvdlNsUUxl
+            UHdKaW8ydkpoLzQ0dEVyc0plaVhCTlUK6PF6CVvLDDTIozhRYHZxgcNeeKQPJAPr
+            Ay/35PSwzZ4RVJyAKqyhkkQSXkwLsytV1AC527NEZbmBniGgioyFHA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1BmeUNLT1RQR3cybzQx
+            aTRJVXkzQTFmNVowTmpVckJHdmRWTlVtSEV3Cm1oakp0c0NoRnF5c3pIb01ja2g3
+            UE1hUXV2bmNqeFlPM2tsY0J0UndYVTgKLS0tIDRBaGVBK0xlSFVFVVdXZjQ1RXhQ
+            UUo1Q0lXVjNGWllzYnlJS29qZHdZZGsK8Z1JWhY9HSY5xm6gZaT3TB2eqMysNxgL
+            MDk4gaQq8qbrMF/jN40ljt1ZgtAlY2gQKFyqygUNiwgHxN8iC2upng==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-30T17:09:05Z"
+    mac: ENC[AES256_GCM,data:Qvm2+3NQy9oywWveAhJdvnmg9tQzdCwjQSczYAS2j5Y0nPw3VeCT27Efm0A591fsvUhjukcDnX2ogEkKtPPJgq5VAJtGLXh2akAdjFxYxm8UPkgw8e6ev/R4kQQdTQ0if8qeeIO3CHEvAKhmrGimbg4DDHgPvyGoiHtTbBBFFr0=,iv:EDmPxMOXpHdyTmGbHFYAholnzi+WLc+GBXmu0k3GAuE=,tag:ThMbGppwFUocX7g2bsWI7w==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0
-- 
2.45.2


From c36720ef4eef6e705806b56d8a3d578b11c88cb5 Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Mon, 30 Sep 2024 19:11:18 +0200
Subject: [PATCH 5/7] app-files/core-deployments.yaml: replace argocd-ingress
 with the entire argo deployment

---
 app-files/core-deployments.yaml | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml
index 3fe9d20..52a988f 100644
--- a/app-files/core-deployments.yaml
+++ b/app-files/core-deployments.yaml
@@ -32,14 +32,24 @@ spec:
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: argocd-ingress
+  name: argocd
   namespace: argocd
 spec:
   project: default
-  source:
-    repoURL: https://git.ar21.de/yolokube/core-deployments.git
-    targetRevision: HEAD
-    path: argo
+  sources:
+    - repoURL: https://argoproj.github.io/argo-helm
+      chart: argo-cd
+      targetRevision: 7.6.6
+      helm:
+        releaseName: argo
+        valueFiles:
+        - $values/argo/values.yaml
+    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
+      targetRevision: HEAD
+      ref: values
+    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
+      targetRevision: HEAD
+      path: argo
   destination:
     server: https://kubernetes.default.svc
     namespace: argocd
@@ -47,7 +57,8 @@ spec:
     syncOptions:
     - CreateNamespace=true
     automated:
-      prune: true
+      selfHeal: true
+      prune: false
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
-- 
2.45.2


From 514ea0632719f9847356c9d0cf0d8d33464e8742 Mon Sep 17 00:00:00 2001
From: Aaron Riedel <git@ar21.de>
Date: Mon, 30 Sep 2024 19:35:07 +0200
Subject: [PATCH 6/7] argo: add aarons age key

---
 .sops.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.sops.yaml b/.sops.yaml
index 2f5281c..2d66535 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@
 keys:
   - &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
   - &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
+  - &aaron age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
 creation_rules:
   - path_regex: .*
     encrypted_regex: ^(data|stringData)$
@@ -9,3 +10,4 @@ creation_rules:
       - age:
           - *argo
           - *tom
+          - *aaron
-- 
2.45.2


From c51e7b396fb40e87d740db334d69976c47ae5a67 Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Mon, 30 Sep 2024 20:26:54 +0200
Subject: [PATCH 7/7] argo/sops-secret.yaml: reencrypt secret with new key

---
 argo/sops-secret.yaml | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/argo/sops-secret.yaml b/argo/sops-secret.yaml
index 821e183..3cafd8f 100644
--- a/argo/sops-secret.yaml
+++ b/argo/sops-secret.yaml
@@ -5,7 +5,7 @@ metadata:
     namespace: argocd
 type: Opaque
 data:
-    keys.txt: ENC[AES256_GCM,data:EQvfQQy6rco2iqbVLn/3jxsNTcU1tbfCkkAP9D3ggD/MJcIaQ3ZdxonbnnYUS34mmhEwba9R3vn80EQCj0M5jU5ucMeU+E25HbQAJFPBI2pvXuRQy8nMVtRwgrJZdaFKBUzGjtNrSj04y1y6QdIsIMqkn8byi5RthJ86IYo4if4WNPJp1EyiM/3+PTn/fLT/QtzU83LUz8D/hPTtUYJCxyeHEYBuC/niHfT1NgqsBRspI13bPUmxBjmtew1docQL61QSRdflopD7vxb9b6elQ/Zj4vs/TK0ILT5do1KkRGnZT8hRTnqnArcLdTr8xR5gVlIFFInncvzdLPsN,iv:JvuOYExMwMBlgM/W83ttlnvUPkuFPVvkBNwzumBxpLU=,tag:AXJOv4ZO0znONF9VG+5j3g==,type:str]
+    keys.txt: ENC[AES256_GCM,data:fY3isf0iaornjPYAGu7quWYC2O+LIm+gMvmjjhYgLWKK1YzIlOnW+ECaXRsmESr6F14rXayCGSlFzsEVJlVnaHvR+XgqX5Qj+ZUD8BCHW/cNcAcEWThVKZp6+CNIO9QsekkVv+huKpEZ/WPPr/dQZ/J8kuMHp7sCjoieG9tVXp0LbsGzMkodwrVKlE6kASKDsFZshtsQBhkx03MDLc/HC3z8eFwLV31fJ7MJTwZnhz9ONAexyFXwsjclWRR5nGizOCV0/tC8E3nOHugFX0Ae1GmWn69sTSf3lqNmT2RMm0iAZABJCdjcuBVZhegIyuGkrbL4GhKteNpqYVqe,iv:CuOiL/LTGp/W+7pOJPSb3b/UDewIusKs18MNKdsoC3s=,tag:ii1NFa2j4RxXgDfbMyJGjQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,23 +15,32 @@ sops:
         - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeitkMzBjTGxSM09RTnFB
-            N0UxRytKMmszMHhKVFY3b0pNcHIwWHcwbUNjClY4cHMvemhzRkNXRVhtcVRtN1c4
-            OGtaWFkwTWYwNHNTL3lMVmlYOGREYTAKLS0tIEZxNm1IMmFxdzB2dUhvdlNsUUxl
-            UHdKaW8ydkpoLzQ0dEVyc0plaVhCTlUK6PF6CVvLDDTIozhRYHZxgcNeeKQPJAPr
-            Ay/35PSwzZ4RVJyAKqyhkkQSXkwLsytV1AC527NEZbmBniGgioyFHA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Z2lHdHB1bDBMNGFDb3gw
+            blJOU2RpTlRlTXM4OEdXL0oxczd4d2Y0TDNrCnFBWnluUDZhRVEyTVRoWC9HaXly
+            eTVsenRiTVFxU2h6VXFneEM0KzNWNFUKLS0tIDZLMHRNbm1rS04xUXBxdHlOVHAx
+            a0d1SW93TEROWkRpekt1VHlQZHhCRFEKsz8LUmpDrR7a7p7pd0FotGtxuEPwEeOY
+            L9lg0WJNJ9OAqJDBXoygedyQ4bWqFdDnr1U3RoPzbnOOgvAk9aPj3Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1BmeUNLT1RQR3cybzQx
-            aTRJVXkzQTFmNVowTmpVckJHdmRWTlVtSEV3Cm1oakp0c0NoRnF5c3pIb01ja2g3
-            UE1hUXV2bmNqeFlPM2tsY0J0UndYVTgKLS0tIDRBaGVBK0xlSFVFVVdXZjQ1RXhQ
-            UUo1Q0lXVjNGWllzYnlJS29qZHdZZGsK8Z1JWhY9HSY5xm6gZaT3TB2eqMysNxgL
-            MDk4gaQq8qbrMF/jN40ljt1ZgtAlY2gQKFyqygUNiwgHxN8iC2upng==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVkNZWFBIQnhxbEJ4T01J
+            aVlKa2NrcVAxdGNWY0JDaWk3UDlxeE90b2x3CjhMVm1Zb0ozdzB2VVlVckdwUUk5
+            dkZBeUo3aW1BM2ZmQVhpZ29TSm15RGsKLS0tIDZNc01xMVFnOGpLV3JGYytHTlgv
+            T3hQZHVZVDA1cjFNNEtBWkF2VkdFbjQKg4yy1rWCprRYmpXtMA0++x4VGJPEKAyx
+            b8+RC5TV82yWhqtF9pWpkIuzJ/5zKih49is9rSo5PoaL+QOpLYR5yw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-30T17:09:05Z"
-    mac: ENC[AES256_GCM,data:Qvm2+3NQy9oywWveAhJdvnmg9tQzdCwjQSczYAS2j5Y0nPw3VeCT27Efm0A591fsvUhjukcDnX2ogEkKtPPJgq5VAJtGLXh2akAdjFxYxm8UPkgw8e6ev/R4kQQdTQ0if8qeeIO3CHEvAKhmrGimbg4DDHgPvyGoiHtTbBBFFr0=,iv:EDmPxMOXpHdyTmGbHFYAholnzi+WLc+GBXmu0k3GAuE=,tag:ThMbGppwFUocX7g2bsWI7w==,type:str]
+        - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMmZ6ekNxMEdCZXJKUCtp
+            YVV4RzBuQllGQlpZeDZ4UkpQV1l4Q0pIeWtjCjNlK3Y2Z21LRERVMkxZNVFYUHdU
+            NGhkdm9TSGtaNWo1ZEV0eTFNR2ZhNkkKLS0tIEpKOU44SU5EeC81aGRUektyUFl0
+            dE84M3JQeW1iY25ZaTdqMG8ySG9Cam8KQS8eKuIjhcTVBbcdkcyFezqoi9S6dc74
+            hWbNlP+BSHZD/Sx+6oYHIpJPYtJ8/IqZAwdQavyqj27AnsiKzY4rnw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-30T18:24:55Z"
+    mac: ENC[AES256_GCM,data:4+/TztJYPPFOY/b9XEo3XfzDHD2tVZJc6/tDF0u5+DvTzGdp2/YvSTI/UPS2iEprsvG0lyveqPxdgweEgXMGcnpEcMhK6gzW1LVJmzFgWev0WjrmCxNNnMPMkU0hGG0WdgSAAlx4FLnms/gdEHDYnkXYqHH01N5EUSP9c8JpTIg=,iv:XJ+JuI5WjqXPTIgX1Jklc+kJzmIcEa6QAEGJISo4QBE=,tag:bMBGUfchsJE6I0h04aUB4Q==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.9.0
-- 
2.45.2