diff --git a/vaultwarden/.gitattributes b/vaultwarden/.gitattributes new file mode 100644 index 0000000..b00dc4d --- /dev/null +++ b/vaultwarden/.gitattributes @@ -0,0 +1 @@ +*.env filter=age diff=age merge=age -text diff --git a/vaultwarden/config/api-env.enc.yaml b/vaultwarden/config/api-env.enc.yaml deleted file mode 100644 index 31ae526..0000000 --- a/vaultwarden/config/api-env.enc.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: vaultwarden-api-config -type: Opaque -stringData: - DOMAIN: ENC[AES256_GCM,data:FNfA7lakNlpg1URgLofv+k4TItLu,iv:8Ulj/WqUGLrCGE6m553NPtgdFsfaGE37Pla06ziPwns=,tag:6YThAqZ0xb9dvmHmrLKHqg==,type:str] - #ENC[AES256_GCM,data:JOoWSgo0vKQy7Wod6Z+3OrCLfnxtAvJzwrtwZz7rNOqtFopfd2vGvMqDjpz5n4+sinZpoxVq8e4kJz5jgMXSxkrj5FuHWNv4nY1v/eM=,iv:VKp+jCV/CcS+lcRXTGGlhwVgSXiH5316RANZSHbrtJo=,tag:KTJ2CF7j+SVkSVDrg3orKg==,type:comment] - PUSH_ENABLED: ENC[AES256_GCM,data:U6uztw==,iv:BZF8Helqt6jkeoxqNn72DG6BTGDZoN+0yeouHBAOy5k=,tag:V+hWdhf7+0tSu3p3Bk19gg==,type:str] - PUSH_INSTALLATION_ID: ENC[AES256_GCM,data:5EqZWWv6q7Kzeqmm1ujEkOAVEfybl2FkHJ1uyBTIJ/3ONi0s,iv:benEN9qkAhob2Nx58fralAXPt0ZOb7Iir/w44NWDC7E=,tag:CQrihd0cO0fvAZV3yBuBxQ==,type:str] - PUSH_INSTALLATION_KEY: ENC[AES256_GCM,data:8vsxMGX9lenepxu/DgnXJGbEXPQ=,iv:btBOZ9fyKkmEoiD9lFQO6kWgftGvjIqTaVaKC0XeRvU=,tag:wnO37fjx6HHP6S0mtEKDeQ==,type:str] - #ENC[AES256_GCM,data:9AIq3r4rJttpyUlriHXOKEuML2uiE+SwgWsfPnV7DYbiP/l2,iv:ailvo4Lj8MpH6mlNsTdLI3iKqUpiZyBE1YyLO2UkOQk=,tag:9YmUcHqdsMRCl/vzNUILUA==,type:comment] - SIGNUPS_ALLOWED: ENC[AES256_GCM,data:yyzz624=,iv:V4E2bbHA0LnO0gocQnwuOP8QYUBCVpdObxbiI6PA9Bg=,tag:s2Quq64QTPZpUUT6AM/T8A==,type:str] - DISABLE_ADMIN_TOKEN: ENC[AES256_GCM,data:SQLby4U=,iv:15ricUNOUEJ4HCFayYbGwrjR2s2DBI0k+lqHEiO+WIc=,tag:HBuw/MIZJ88MkQuy7SUzSw==,type:str] - ADMIN_TOKEN: ENC[AES256_GCM,data:McoZbrCruksHQ5N0ZNXTT8QQNt7lsjMZMTDdSk2Pw1qWmnlxvZWcHwIAMbpr+1/EHyMSf54Q4bSPRaMLtDNPREVqSEgCnI5pF4tg/BQWbtsJvH5rGqvZkpj09K0/LnvZDrvLZpYU9jBUBkKSWizjpWLfg6Xopg==,iv:smhUVbqnODyws8ndci5p05quJ/X6/mZOTQYld+aibOE=,tag:pn7tNT+3pGPmvvPFD/a1RA==,type:str] - #ENC[AES256_GCM,data:QlmRWc2mcIcGDeJE3dw1txwmiI6cFfD06ALgdDD1qcNG+c/JhgPO2lGQjTXoctNsTuv2pwPgtTFUKrY1cxjt4GtwuQ==,iv:MeYwD/IONmuUhvNIoBWPyuWUhGCBascIITC4nVbpkyY=,tag:DLL5SgPOyrYeHUnqz9SvEw==,type:comment] - ROCKET_ADDRESS: ENC[AES256_GCM,data:47ty+hqPew==,iv:13zgUCu73oNu3Vv2MGPVfT0szJkJ/8jQdU0lwqOnGEE=,tag:cZO7grm7BVm35PVTpR3yzA==,type:str] - ROCKET_PORT: ENC[AES256_GCM,data:ZrfepA==,iv:fMwLrMvwp61ujQsg4owMCKaH8sxJEod85+RJchh6vLc=,tag:DbmR5uueyzGP4UVeEhWFVg==,type:str] - SMTP_HOST: ENC[AES256_GCM,data:/WA3QtxPIXAcuUM8RWt8KQ==,iv:QoVLHvWOdvxBmhOdjTXT1A0V2xNZbbJ1R6Kfslz4y1w=,tag:OuOBgGPGaewIPYsrNCb7ug==,type:str] - SMTP_FROM: ENC[AES256_GCM,data:Ct+kUezANddzECD7lPhtng==,iv:pcI3LMznxOT4FolOR1gQadrVTOXH/i+fwTu/DpEPaHw=,tag:idOabWaEyUzB7WB3ehRZSQ==,type:str] - SMTP_FROM_NAME: ENC[AES256_GCM,data:vpQA8hHh7BxEraQ=,iv:V1RUtgTVaHIQqfhAiUE8ixph40l/jkVtAKj+dSt8eZ8=,tag:6EoV0JKRr5FBhL4Pc31X8w==,type:str] - SMTP_SECURITY: ENC[AES256_GCM,data:5RtBH4NpEYE=,iv:6mO/WttSDs6J6vPUnspRuN6GGe/3/5Rwp+2vmsolxhQ=,tag:hU+AeGYVz/J7LcTQsbqnNA==,type:str] - SMTP_PORT: ENC[AES256_GCM,data:MzW/,iv:w9wxsaNU5YdNkTp/RuzPv2SOiQcq5IWvmA1M2y3ee+U=,tag:0SuQrae4iBJ1tz1/BJjM1A==,type:str] - SMTP_USERNAME: ENC[AES256_GCM,data:V2C1XciI2/GuKLHAYZvP/9UPRJ4g8mc=,iv:HEJl5pyEL+/+mcwmhH9ZMgGg3btRIaaeCzdyxATh1J0=,tag:M0BOwNN1yJCiBQ6Xx9Id1w==,type:str] - SMTP_PASSWORD: ENC[AES256_GCM,data:VwdlFe4ra33idO01qob7vuL+iQ==,iv:QbImO1qiNE3HSmBfomkJjwLOUes+RFtDtxraYD9jstc=,tag:WeHThdjWalxhjnC6A+IoSg==,type:str] - SMTP_TIMEOUT: ENC[AES256_GCM,data:Nio=,iv:wbNYMpuXPm9e5cevvndEQpIs6QkRt3clFCk8m5pZ414=,tag:uzq+3W3pyceEoAWjToNw8g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwd1AyWHA1SEpRbGhmaFY3 - QlJCYzNUVEVaR3BudDNMT3YxZTRjUXdWelZRCmY0UWFpMEhRcFgwSVM1UmlHN1k1 - cEkzaTBvMzR4V0pZQmVQU1RpTG9vUFEKLS0tIDlLcFN1VytENHZ4ako3cXd6M2R3 - UHNDRDBiYUpiR0dHbmdHdmRhcTZPd0UKJgrAhYaH/rcAIhgjVivrcf0HjPtEIS97 - z5HpimsDOZ4gntVEAdRShPtH5PrO7NFiPa3IUdex/ivYTIr4zAQSiw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVN3M5R2JwenRxR2xEWWNJ - WUZiTlRwaWpUaEJ0TndET0lDamJENmE2elFVCnlMWlFSZXBDOGpJSURLYlJqNzJv - RXljK3dSUzdEaDBUSVUyTzFpeHVvL0kKLS0tIFRHT2lJWWZ3d0RyOE1ONFNha3Bm - U3U0YTU2QldWbzByVmY5WlZmRW04WUUK133O8rZOp3NT5feI8HEhYR5MYMRR/Mda - OIEPr8qHL/DKcuVY1RNfMieGZM1Vlk+KzKSVJFq9s5DprDn3gbdE1w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-04T10:40:47Z" - mac: ENC[AES256_GCM,data:eqXcJfZjahySBJczjcQ+XzPuRM63UkA0+g3MEiFrZ03ZXrS78BFakr6lrRHsAalzkRwegtzpaNNiSWy7fekIACDshYNG6p5vHzypig1B2Qx0O9mpxgSsExrwrEH++k7mfubogitdC2hhomYNjQbs2qIqUQp15zweZxIBqpebez0=,iv:LMK6CoWpLKPuqJlyr+w++jKRQ/yulOR/bNADiWg+9Uo=,tag:YSD7XsZgFZ3BwyvBLa53Pw==,type:str] - pgp: [] - unencrypted_regex: ^(apiVersion|metadata|kind|type)$ - version: 3.8.1 diff --git a/vaultwarden/config/vaultwarden.env b/vaultwarden/config/vaultwarden.env new file mode 100644 index 0000000..8bfc008 Binary files /dev/null and b/vaultwarden/config/vaultwarden.env differ diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml index 1af4963..1531fe8 100644 --- a/vaultwarden/kustomization.yaml +++ b/vaultwarden/kustomization.yaml @@ -21,6 +21,7 @@ resources: - "resources/service.yaml" - "resources/http_routes.yaml" - -generators: - - ./secret-generator.yaml \ No newline at end of file +secretGenerator: + - name: vaultwarden-api-config + envs: + - "config/vaultwarden.env" \ No newline at end of file diff --git a/vaultwarden/secret-generator.yaml b/vaultwarden/secret-generator.yaml deleted file mode 100644 index e4d3b27..0000000 --- a/vaultwarden/secret-generator.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: vaultwarden-secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - ./config/api-env.enc.yaml \ No newline at end of file