Try with sops

This commit is contained in:
Florian RICHER 2025-03-27 16:52:50 +01:00
parent 956ce0deb9
commit 2f9da68ad2
7 changed files with 48 additions and 2 deletions

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
*secret.properties.enc diff=sopsdiffer

1
.gitignore vendored
View file

@ -1 +1,2 @@
.direnv
*secret.properties

5
.sops.yaml Normal file
View file

@ -0,0 +1,5 @@
creation_rules:
- path_regex: .*secret\.properties$
key_groups:
- pgp:
- B19E3F4A2D806AB4793FDF2FC73D37CBED7BFC77 # Florian RICHER <florian.richer@protonmail.com>

View file

@ -7,4 +7,22 @@
- minikube addons enable metrics-server
- minikube dashboard
- minikube addons enable ingress
- curl --resolve "nginx.example:80:$( minikube ip )" -i http://nginx.example
- curl --resolve "nginx.example:80:$( minikube ip )" -i http://nginx.example
## Sops
### How run kubectl with sops
```console
function sops_kubectl() {
find . -type f -name '*secret.properties.enc' -exec sh -c 'sops -d "$1" > "${1%.enc}"' _ {} \;
kubectl $@
find . -type f -name '*secret.properties' -exec sh -c 'rm "$1"' _ {} \;
}
```
### Git config
```console
git config diff.sopsdiffer.textconv "sops decrypt"
```

View file

@ -20,6 +20,7 @@
minikube
kubectl
docker-machine-kvm2 # Required for run on NixOS
sops
];
};
};

View file

@ -1 +0,0 @@
mysql-root-password=root

View file

@ -0,0 +1,21 @@
{
"data": "ENC[AES256_GCM,data:T8UvyASRpFU5kiYUHeADJvqJmRQb+37cKQ==,iv:JBLXkI3gxyH+gsdDXaoxYCusrwz0aPfKwjt/bVWyW68=,tag:+Da5+sbl0/a+8WvnUBPOBw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2025-03-27T15:50:10Z",
"mac": "ENC[AES256_GCM,data:MnaiNqqXZnck3AqfuRhfRsUWCfqnzbcjMKk+bqvjEUCiw8g4Sr7UyZi5c0fT3VTt1SB+fqnMeODacrI3j9dZjMn6d2Z0d29XeM8wMsm1d7hRMdsPX40v5dlwwHJjRerTCijaNB94wqk2FPe01aV+fRGZDAQpxoh0yUwELlrpPOQ=,iv:aGzrSUATiM4eLx93lFyf5f83XozDf2Z3o0q50cQajMQ=,tag:srJPYXajaXjmRM6Ig8XEIA==,type:str]",
"pgp": [
{
"created_at": "2025-03-27T15:50:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQILA1Ns3cJaRR/oAQ/47zt92dMABV3LCuyYDvkgVx8XX4NHSIpjhGmF/Y32SwT5\nwbTHO2MKmlv/Ks9w5v+A1vdMLeKyxXRmE7dabllsHWRhNCVR9AlmZep/gA6vId+0\nXqku7PZkKdfvM31xY3PYBlOcGPzijU2jqnuB6j+WToWW6HiR6Kpv5HfSl5hqfKqs\n68SAOdSLj1cH1k7AbsmquSq6WMZmGKHTUzKzSjtwVkVzsxoR92l+166amxbKZqeu\nKNtsWD6iojJ5e4OkAz0vcu5HlYdTI/XlZIUnwFRtPKf2RqNCwHyRdt7dqKCYZ2wd\nFbboeS28Qgj+6+oIAaCPupjJR92JYYz6+TP+RBqHGKdxsKIUTx6IgjN1cLPGfea/\nmpy3rceF3MYv57fCAA9Aj5omaipNc9gIBIDU3nkiIvuYEfcMYnmS0ApxrekBgvJY\nZC6/fD6r5RXjYP3iTR8E5q+qERljCqYnewT754hMAku7gwzh51KucaGlR3FqN2Hp\nyqfuL3oe1c0KhKdbygiv749prM34Y0KR1iK0zvUkizUHdLhJpMgDCR3sFCuNiG2/\nmuRD+7TGHF/MCTQrXKfKS+PShPprHtNrqEAamABWZcYL1qkn0qcPByTlN1UTCu7h\nqIOO0fKJlwAVkJxDC1Roi2ZBdtBhlPt1ZTyqDdOhmhTNg+QLB03eDcQdSripI9JY\nAZVzahXLOu5J2LqE1HZPeQarZ91MuTqJX3PuyARnmW859c1OjDOqhLcVFR2UroLZ\nHcHMrV736facmI2Nq2Wu+FiYgySQpFUGR+TxFTTy1vtk50v1x9REzw==\n=s5mu\n-----END PGP MESSAGE-----",
"fp": "B19E3F4A2D806AB4793FDF2FC73D37CBED7BFC77"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}