diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..551d614 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*secret.properties.enc diff=sopsdiffer \ No newline at end of file diff --git a/.gitignore b/.gitignore index 92b2793..076c80a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .direnv +*secret.properties diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8496b09 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: .*secret\.properties$ + key_groups: + - pgp: + - B19E3F4A2D806AB4793FDF2FC73D37CBED7BFC77 # Florian RICHER diff --git a/README.md b/README.md index b728ca6..df38f04 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,22 @@ - minikube addons enable metrics-server - minikube dashboard - minikube addons enable ingress -- curl --resolve "nginx.example:80:$( minikube ip )" -i http://nginx.example \ No newline at end of file +- curl --resolve "nginx.example:80:$( minikube ip )" -i http://nginx.example + +## Sops + +### How run kubectl with sops + +```console +function sops_kubectl() { + find . -type f -name '*secret.properties.enc' -exec sh -c 'sops -d "$1" > "${1%.enc}"' _ {} \; + kubectl $@ + find . -type f -name '*secret.properties' -exec sh -c 'rm "$1"' _ {} \; +} +``` + +### Git config + +```console +git config diff.sopsdiffer.textconv "sops decrypt" +``` \ No newline at end of file diff --git a/flake.nix b/flake.nix index d41a237..2094fdd 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ minikube kubectl docker-machine-kvm2 # Required for run on NixOS + sops ]; }; }; diff --git a/mysql/kustomize/overlays/default/mysql-secret.properties b/mysql/kustomize/overlays/default/mysql-secret.properties deleted file mode 100644 index c7d5768..0000000 --- a/mysql/kustomize/overlays/default/mysql-secret.properties +++ /dev/null @@ -1 +0,0 @@ -mysql-root-password=root \ No newline at end of file diff --git a/mysql/kustomize/overlays/default/mysql-secret.properties.enc b/mysql/kustomize/overlays/default/mysql-secret.properties.enc new file mode 100644 index 0000000..cadae5d --- /dev/null +++ b/mysql/kustomize/overlays/default/mysql-secret.properties.enc @@ -0,0 +1,21 @@ +{ + "data": "ENC[AES256_GCM,data:T8UvyASRpFU5kiYUHeADJvqJmRQb+37cKQ==,iv:JBLXkI3gxyH+gsdDXaoxYCusrwz0aPfKwjt/bVWyW68=,tag:+Da5+sbl0/a+8WvnUBPOBw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2025-03-27T15:50:10Z", + "mac": "ENC[AES256_GCM,data:MnaiNqqXZnck3AqfuRhfRsUWCfqnzbcjMKk+bqvjEUCiw8g4Sr7UyZi5c0fT3VTt1SB+fqnMeODacrI3j9dZjMn6d2Z0d29XeM8wMsm1d7hRMdsPX40v5dlwwHJjRerTCijaNB94wqk2FPe01aV+fRGZDAQpxoh0yUwELlrpPOQ=,iv:aGzrSUATiM4eLx93lFyf5f83XozDf2Z3o0q50cQajMQ=,tag:srJPYXajaXjmRM6Ig8XEIA==,type:str]", + "pgp": [ + { + "created_at": "2025-03-27T15:50:10Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQILA1Ns3cJaRR/oAQ/47zt92dMABV3LCuyYDvkgVx8XX4NHSIpjhGmF/Y32SwT5\nwbTHO2MKmlv/Ks9w5v+A1vdMLeKyxXRmE7dabllsHWRhNCVR9AlmZep/gA6vId+0\nXqku7PZkKdfvM31xY3PYBlOcGPzijU2jqnuB6j+WToWW6HiR6Kpv5HfSl5hqfKqs\n68SAOdSLj1cH1k7AbsmquSq6WMZmGKHTUzKzSjtwVkVzsxoR92l+166amxbKZqeu\nKNtsWD6iojJ5e4OkAz0vcu5HlYdTI/XlZIUnwFRtPKf2RqNCwHyRdt7dqKCYZ2wd\nFbboeS28Qgj+6+oIAaCPupjJR92JYYz6+TP+RBqHGKdxsKIUTx6IgjN1cLPGfea/\nmpy3rceF3MYv57fCAA9Aj5omaipNc9gIBIDU3nkiIvuYEfcMYnmS0ApxrekBgvJY\nZC6/fD6r5RXjYP3iTR8E5q+qERljCqYnewT754hMAku7gwzh51KucaGlR3FqN2Hp\nyqfuL3oe1c0KhKdbygiv749prM34Y0KR1iK0zvUkizUHdLhJpMgDCR3sFCuNiG2/\nmuRD+7TGHF/MCTQrXKfKS+PShPprHtNrqEAamABWZcYL1qkn0qcPByTlN1UTCu7h\nqIOO0fKJlwAVkJxDC1Roi2ZBdtBhlPt1ZTyqDdOhmhTNg+QLB03eDcQdSripI9JY\nAZVzahXLOu5J2LqE1HZPeQarZ91MuTqJX3PuyARnmW859c1OjDOqhLcVFR2UroLZ\nHcHMrV736facmI2Nq2Wu+FiYgySQpFUGR+TxFTTy1vtk50v1x9REzw==\n=s5mu\n-----END PGP MESSAGE-----", + "fp": "B19E3F4A2D806AB4793FDF2FC73D37CBED7BFC77" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file