From 83f5155effa293ac9b3fdbd17adb459a19856070 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 27 Apr 2024 11:40:01 +0200 Subject: [PATCH] chore(snips): migrate to git-age --- snips/.gitattributes | 1 + snips/config/secrets.enc.yml | 40 ------------------------------ snips/kustomization.yaml | 4 +-- snips/resources/secret.snips.yaml | Bin 0 -> 1994 bytes snips/secret-generator.yaml | 11 -------- 5 files changed, 2 insertions(+), 54 deletions(-) create mode 100644 snips/.gitattributes delete mode 100644 snips/config/secrets.enc.yml create mode 100644 snips/resources/secret.snips.yaml delete mode 100644 snips/secret-generator.yaml diff --git a/snips/.gitattributes b/snips/.gitattributes new file mode 100644 index 0000000..0016a56 --- /dev/null +++ b/snips/.gitattributes @@ -0,0 +1 @@ +secret.*.yaml filter=age diff=age merge=age -text diff --git a/snips/config/secrets.enc.yml b/snips/config/secrets.enc.yml deleted file mode 100644 index 947218e..0000000 --- a/snips/config/secrets.enc.yml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: snips-secrets -stringData: - hmackey: ENC[AES256_GCM,data:Srvw37mEYlKUGZ0ep+CBXQQ0xubkcg8ab6jJ1VK2oUC2nFDnC6oExJuoZRUlwCFfahdfju6iB8JyD9dWmWV+Hx1Kq/TlyPQREYol8XIJdqkwv7xe5CO825cU5Zirx/7650WiZpwz9kz7LG6U5HPcvlEv/AZT/wJZMGGOqdogy5E=,iv:P3OEEuuLaBLCq2Rstvhj9xThUYiOr6AUKV2b0EiPiKg=,tag:QFUgQKEsOcbEfATKeYIv1A==,type:str] - authorized_keys: ENC[AES256_GCM,data:vWIUncU3s1XUz+opHZNuNviwecQMTFP2QNIY29LnSZgrGkLb/ws/D8DrNixCgEiqMlU0V7ut58rdIaklNfQ0zc8N95DeIqdbnZora0gQ+xfrmDNMVXfgMdDzEEhKQto1yFqj75MjEsfC9riZxKoGP5tx3qjkXPqfH4tNvx+3Cwtb8m8GQukR5fq9D2K43Qb12yk0rDrEnZ3S0okBbPgmrkfCqKTv+8HrvEiuqvPIRun5Nu5lLHJKtNmfNbmfzzv8eyGJUW9CFM+2qmIIscpGeh3Est1MIk/ubSO7c2iEPMxNcmil7ZmDVJ5dU/9QTgr4M27crS8agWQ8953WJ7pNnbDHFWpTfWsnEhiK4tp4gR3EeQiFHOvdaxa32uDWi1rSBRWQzt7lK6U7fIZ4Gagi0eieogbt++HWuM3zXT+QmLwyRfA3sy4UazUazkyr+WH6ea6F3awaRQEe2og29Ghaepc21cniarZDYZcaAMMKLRqmVFL+WY3+M9YwyTeUZGvyyXHI4DB9UM//Ik1/UxK27d+tHnLpYjOsKbTmxTovi897BFUKOOajYy4YCkK/qLPSEgzm1CVReh7VhX7url/lRSx6/5421zvlx+yKmRIVcD0Hbp2xRkIso8iMRhC6tPDr2uhapyeidcv7GKOLnuSHoqEcse4HqLbnVMSGfbVBUdf9vGfOE8KEjx2bPnZPECUjPlwXgRoJ3lRfpKSJl1V3fJj3/cjwh1fUdnQa+g2D+B6MkR9lOha3pD9Aufv5iTAiNbBEgKBN8+UVZjU5chy2plkRDm3dfrccVAtfwmH3YItkDLSfKFDMRyBB6WZpwo7N9viBqQHy75bq2TJEWY7wou5+tkx9NZOQ1KTELpiedhUwK8RNU+KiIBF2/CikSeJ+5/syoo8zqyOzQ01lRPWywo/3TcUlh6JVRx6xintAkfjqRJ8/huKu8UsAZ0Jh5HXrQacpB+wWGdo52hae5DadMmf6trXxZA==,iv:FTydQ7piJuTYkhgzEImD3RWF6AwWUBkXcEFisykNlSM=,tag:FSu7srqamA4F6dtwLysRgQ==,type:str] - snips: ENC[AES256_GCM,data:qM3fmKclXaf2ebI2vz6qTFNuk2HzOO5rYHqU0M7ugffI/damdMpAbTrOe3sa8+A11RMcKWYBEABOjfGesH8f7HJj4kO6cTJ3dSQwA2c7A2NiSLLEhjARBTx7rW57eNGp2nmUCwk2LFZWSTaRyaYhZtWtj6+7Zlt/2Se/zZSuguBNZqc1erOkkErMfRGjUggMu0FhQHiwIt7isofBbBO460sx6EiDsZFGYqJLSptKfQr5FusBBRHNj2vgtki7qLowr5saS3rf+0zGT5OV0CFWMKunX2dAwoquwNWaYdLGH1Yc1E25ofoivBA0i9JLpfdwvsku3WwNxioBeIolW0YqaaDg6XFqWIXW7UAzN2bdTVHq1ln0SFpvXt4ihkYciFlLg5FAO1lAhz/rRA5XBRCDPYU44oo6KsDjnBIOsXSTkqS02cSIiKVgbMqzUChqR2mQD6pfNvpbOZ7IHiPrT4O0oD8W5S12oJnofViZj+4/B/cbf0ZsvVTGo3dmBp0moChv7Sli,iv:cHUL5DJGs8F/cQS1lTFYZUS23TP272XJ0uc8gjRDJSs=,tag:vYy8VUb9rjne2fQVs0TjWQ==,type:str] - snips.pub: ENC[AES256_GCM,data:09R5K9p5QmsBPAdM2/rDZpUja4+t2yaeqYPLQI0JkErRlF/nvdv1GbFqoOmeDL3VYejiguAevAfV+vbOgub95JF6lAH6XQSNCPVCaA+W5b588RyDZ/HAxmb/Lxwxmxb8A1L3,iv:Qa9eYBoGAGjYfwcgClGolhijnWFV/ekRr7OvLyPZFGU=,tag:GWsA3mk1pU2fKLZfattvnw==,type:str] - r2-access-key: ENC[AES256_GCM,data:eJK3BRpEdJDfShlNeUV2BAL6FDs082SsueO6gnQ+Uyk=,iv:bGPbyngp4yCxudHbRUToR8FoFWGYBKpMfg9imbcTxO8=,tag:BUEoS0o4QqCWz8AxSM7x6Q==,type:str] - r2-secret-key: ENC[AES256_GCM,data:aFRc3BO1ue4tITSDmce2Pndzqx/1fD0RnL4u+KPt52VkjtQ65WfI9LOoC4bw9OtIjNBP6iyK0SpdqMmBFEtWVg==,iv:/IEaWqgQ/eNFfxA5If5D92hDaek3DHHdVHTnsyrEfYc=,tag:HPWWp8d3TOH6US0ITIFcRg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZjM1Y0M1TnBlNHd2eFda - cDlqVmt5bCt2WmJ4TXhyR2J2eEFYRGVQR21zCmMvQWpsMWJIVW9IL2xZUWF1MnJn - djRnMmRFMnNEOHI5ZUMwYWtJL3Y0ZWcKLS0tIHlCRFhtV0xkTVI5SUZaT1ZoMnhu - cGVNNVpQU2JRVFVjUjRlamtteXhpd2MK7T3aBSFPit5ulg3FU49vXfvO4q2S2VQl - nb0f+QW8nyKcl1PSsquUM3G7PAg9lLxWlDnwXRxsaZQ0WUuTF0NBwQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNGFERlp1a0ZIMXVjVEFN - ems2VnV2TlZhRlBJcnMrWlhLRDV4cTVqNUhVCkREMm5BRVVrK1NJeWRpWlJCNmJl - UXh6OVhVdXNnTm5lTnlsWnVkbnpQY2cKLS0tIFlQY0VuSklLOU1aN2R4eHNEZ25J - TElVdVRyM05nRjJYMWFCL29YZyt4TjgK56s837z/U6dswH2ZSQH3PA3aJ7blAa0F - sX8koiFtwkVcnrHvdPvKqitKLot7C3fu9BRZkFfcdi4tYh1vAeKS9w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-06T19:44:14Z" - mac: ENC[AES256_GCM,data:BwnqY1C0PCNPOoUidMvOsyjAiTnCiqktfrgPnbwsdKlFZUElccbCn9pF+e03lAjUU6f9vZ7TaEi9pcgLZ6dMIG7/FQN95XLeEyBfzbYqO0bkAdFxlZmQLX4zzrKkb8wC4kFwRz2m0HSd3+CT7W3SPdqNWGNrnsFKKip4F61Akgw=,iv:dCI+9pObu3EvtJFj/zGWYmGPqjprbZEEmMB4pJCVfk0=,tag:9TvUtXve7qfJ6u8lIluyIg==,type:str] - pgp: [] - unencrypted_regex: ^(apiVersion|metadata|kind|type)$ - version: 3.8.1 diff --git a/snips/kustomization.yaml b/snips/kustomization.yaml index a9922c3..1db0151 100644 --- a/snips/kustomization.yaml +++ b/snips/kustomization.yaml @@ -19,6 +19,7 @@ labels: resources: - resources/namespace.yaml + - resources/secret.snips.yaml - resources/statefulset.yaml - resources/service.yaml - resources/routes.yaml @@ -30,6 +31,3 @@ configMapGenerator: - name: litestream-config files: - config/litestream.yml - -generators: - - ./secret-generator.yaml \ No newline at end of file diff --git a/snips/resources/secret.snips.yaml b/snips/resources/secret.snips.yaml new file mode 100644 index 0000000000000000000000000000000000000000..60eb20532cba35fff19b55ea97915f8972d6002e GIT binary patch literal 1994 zcmV;*2Q~O%XJsvAZewzJaCB*JZZ2DWDX-`FBQ!-;tGiO+6bv1TUYH&?dF;xmnXf$?cL2qeEW;0b~FK0)1WlnHY zS9daQNNF%M|DC`VQY6dMrcoCOiy7q zHg+{qL1S5IYi>|aEh(u6nsu zC_D9by0M`lxW%-w%DUBaC$b^;YkJhJvQM$@GcQHNv)GNx$^KZr^H)Sn>X* z{qYAI7QD5@N=t3amgv*%V}}0-f(4+ZW?XjSAUrbOw#90;Nva9!N8| zNZ`mwNtTWbGw;0zfzVEcgDEr{qqq6B)tA|)gY@~@J{5>-a`i*E!bDKbA;D2)T1a&%^x+SPF33w zY8zrVu7qhGs90N&OOwqUwyRCruzP4+S#imh)OFfU`d3B}G7*~nke)W={nK5tCL0N2 zrr4lOK~p3L=WSyVD0!*w5F)gIq2~P`SS5^*i>qB4!xjoMTt`z7`Tm6rO3)3o4aDrqjjE&BBXF zk{pee&(~HMeYzbCZpz5NQb7AM$p{sJ3Cy4}`8cf@U;f%cX_ty-m$WlpfUpTLWLBErA^@|kkM zSKd;ItJnqHq>uN)Oa6OkQH@Ye4z%Dg1p&KPU9+YLTrT2@7*-s&f&O2F-}@vvdOHuE zwfP%Nq8lO1$uM_?Z=yN7IC82ykX;@Tus2?3QR@l{kWt@6?>IdLz>wM+o);!F*cW%Y zXtG!kcc~$E__R$_K)MynMN5{xU2dvhkXz%Y6XH|THnL;%^;q8<&4}ggRAqh}-AJ#S za%ifN^<6n01Wl22F|oN?hIpqO!TM!tUMt?)nmt{))xxSEk^7eiBh=BVq@jBi8K8u~ zXU$WOddLjIe=`-PXBD^Cdp^~QumGZOWxSBhD4 zTRBg784C=9A-8JbMTOvQg-i-Oie%cL*di~)47_?@5~r(*DS zwHF5iDk##@LH5xxysjo5dQVylIA&4}!p4*R-TmU>rFTp*XFsdLlR1&`bK?7h(dGK! z-{1=0zl*o-V_K!Ca_wQSR7(z9V1N?65+|&Z=pI~_+B8wvOGdg!2dZbKv`I&nG3>Pf zuVoZERwBAPbO+j}?% zt^KoEjmhOZyUBGpG&L;+@#EZ-sw^r=)MV}EA&!`H`n)gs)o;_iNrv40x3(gXZKumR cA5Bb0D&_E9xf0OvC)NviF3;jWSV>MS$bI#<2LJ#7 literal 0 HcmV?d00001 diff --git a/snips/secret-generator.yaml b/snips/secret-generator.yaml deleted file mode 100644 index 6d9c2df..0000000 --- a/snips/secret-generator.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - # Specify a name - name: snips-secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - config/secrets.enc.yml \ No newline at end of file