From d6b093aaf41de50c370e0a112ae277dfdc9ac334 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 27 Apr 2024 12:02:21 +0200 Subject: [PATCH] chore(vaultwarden): switch to git-age --- vaultwarden/.gitattributes | 1 + vaultwarden/config/api-env.enc.yaml | 55 ---------------------------- vaultwarden/config/vaultwarden.env | Bin 0 -> 1068 bytes vaultwarden/kustomization.yaml | 7 ++-- vaultwarden/secret-generator.yaml | 10 ----- 5 files changed, 5 insertions(+), 68 deletions(-) create mode 100644 vaultwarden/.gitattributes delete mode 100644 vaultwarden/config/api-env.enc.yaml create mode 100644 vaultwarden/config/vaultwarden.env delete mode 100644 vaultwarden/secret-generator.yaml diff --git a/vaultwarden/.gitattributes b/vaultwarden/.gitattributes new file mode 100644 index 0000000..b00dc4d --- /dev/null +++ b/vaultwarden/.gitattributes @@ -0,0 +1 @@ +*.env filter=age diff=age merge=age -text diff --git a/vaultwarden/config/api-env.enc.yaml b/vaultwarden/config/api-env.enc.yaml deleted file mode 100644 index 31ae526..0000000 --- a/vaultwarden/config/api-env.enc.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: vaultwarden-api-config -type: Opaque -stringData: - DOMAIN: ENC[AES256_GCM,data:FNfA7lakNlpg1URgLofv+k4TItLu,iv:8Ulj/WqUGLrCGE6m553NPtgdFsfaGE37Pla06ziPwns=,tag:6YThAqZ0xb9dvmHmrLKHqg==,type:str] - #ENC[AES256_GCM,data:JOoWSgo0vKQy7Wod6Z+3OrCLfnxtAvJzwrtwZz7rNOqtFopfd2vGvMqDjpz5n4+sinZpoxVq8e4kJz5jgMXSxkrj5FuHWNv4nY1v/eM=,iv:VKp+jCV/CcS+lcRXTGGlhwVgSXiH5316RANZSHbrtJo=,tag:KTJ2CF7j+SVkSVDrg3orKg==,type:comment] - PUSH_ENABLED: ENC[AES256_GCM,data:U6uztw==,iv:BZF8Helqt6jkeoxqNn72DG6BTGDZoN+0yeouHBAOy5k=,tag:V+hWdhf7+0tSu3p3Bk19gg==,type:str] - PUSH_INSTALLATION_ID: ENC[AES256_GCM,data:5EqZWWv6q7Kzeqmm1ujEkOAVEfybl2FkHJ1uyBTIJ/3ONi0s,iv:benEN9qkAhob2Nx58fralAXPt0ZOb7Iir/w44NWDC7E=,tag:CQrihd0cO0fvAZV3yBuBxQ==,type:str] - PUSH_INSTALLATION_KEY: ENC[AES256_GCM,data:8vsxMGX9lenepxu/DgnXJGbEXPQ=,iv:btBOZ9fyKkmEoiD9lFQO6kWgftGvjIqTaVaKC0XeRvU=,tag:wnO37fjx6HHP6S0mtEKDeQ==,type:str] - #ENC[AES256_GCM,data:9AIq3r4rJttpyUlriHXOKEuML2uiE+SwgWsfPnV7DYbiP/l2,iv:ailvo4Lj8MpH6mlNsTdLI3iKqUpiZyBE1YyLO2UkOQk=,tag:9YmUcHqdsMRCl/vzNUILUA==,type:comment] - SIGNUPS_ALLOWED: ENC[AES256_GCM,data:yyzz624=,iv:V4E2bbHA0LnO0gocQnwuOP8QYUBCVpdObxbiI6PA9Bg=,tag:s2Quq64QTPZpUUT6AM/T8A==,type:str] - DISABLE_ADMIN_TOKEN: ENC[AES256_GCM,data:SQLby4U=,iv:15ricUNOUEJ4HCFayYbGwrjR2s2DBI0k+lqHEiO+WIc=,tag:HBuw/MIZJ88MkQuy7SUzSw==,type:str] - ADMIN_TOKEN: ENC[AES256_GCM,data:McoZbrCruksHQ5N0ZNXTT8QQNt7lsjMZMTDdSk2Pw1qWmnlxvZWcHwIAMbpr+1/EHyMSf54Q4bSPRaMLtDNPREVqSEgCnI5pF4tg/BQWbtsJvH5rGqvZkpj09K0/LnvZDrvLZpYU9jBUBkKSWizjpWLfg6Xopg==,iv:smhUVbqnODyws8ndci5p05quJ/X6/mZOTQYld+aibOE=,tag:pn7tNT+3pGPmvvPFD/a1RA==,type:str] - #ENC[AES256_GCM,data:QlmRWc2mcIcGDeJE3dw1txwmiI6cFfD06ALgdDD1qcNG+c/JhgPO2lGQjTXoctNsTuv2pwPgtTFUKrY1cxjt4GtwuQ==,iv:MeYwD/IONmuUhvNIoBWPyuWUhGCBascIITC4nVbpkyY=,tag:DLL5SgPOyrYeHUnqz9SvEw==,type:comment] - ROCKET_ADDRESS: ENC[AES256_GCM,data:47ty+hqPew==,iv:13zgUCu73oNu3Vv2MGPVfT0szJkJ/8jQdU0lwqOnGEE=,tag:cZO7grm7BVm35PVTpR3yzA==,type:str] - ROCKET_PORT: ENC[AES256_GCM,data:ZrfepA==,iv:fMwLrMvwp61ujQsg4owMCKaH8sxJEod85+RJchh6vLc=,tag:DbmR5uueyzGP4UVeEhWFVg==,type:str] - SMTP_HOST: ENC[AES256_GCM,data:/WA3QtxPIXAcuUM8RWt8KQ==,iv:QoVLHvWOdvxBmhOdjTXT1A0V2xNZbbJ1R6Kfslz4y1w=,tag:OuOBgGPGaewIPYsrNCb7ug==,type:str] - SMTP_FROM: ENC[AES256_GCM,data:Ct+kUezANddzECD7lPhtng==,iv:pcI3LMznxOT4FolOR1gQadrVTOXH/i+fwTu/DpEPaHw=,tag:idOabWaEyUzB7WB3ehRZSQ==,type:str] - SMTP_FROM_NAME: ENC[AES256_GCM,data:vpQA8hHh7BxEraQ=,iv:V1RUtgTVaHIQqfhAiUE8ixph40l/jkVtAKj+dSt8eZ8=,tag:6EoV0JKRr5FBhL4Pc31X8w==,type:str] - SMTP_SECURITY: ENC[AES256_GCM,data:5RtBH4NpEYE=,iv:6mO/WttSDs6J6vPUnspRuN6GGe/3/5Rwp+2vmsolxhQ=,tag:hU+AeGYVz/J7LcTQsbqnNA==,type:str] - SMTP_PORT: ENC[AES256_GCM,data:MzW/,iv:w9wxsaNU5YdNkTp/RuzPv2SOiQcq5IWvmA1M2y3ee+U=,tag:0SuQrae4iBJ1tz1/BJjM1A==,type:str] - SMTP_USERNAME: ENC[AES256_GCM,data:V2C1XciI2/GuKLHAYZvP/9UPRJ4g8mc=,iv:HEJl5pyEL+/+mcwmhH9ZMgGg3btRIaaeCzdyxATh1J0=,tag:M0BOwNN1yJCiBQ6Xx9Id1w==,type:str] - SMTP_PASSWORD: ENC[AES256_GCM,data:VwdlFe4ra33idO01qob7vuL+iQ==,iv:QbImO1qiNE3HSmBfomkJjwLOUes+RFtDtxraYD9jstc=,tag:WeHThdjWalxhjnC6A+IoSg==,type:str] - SMTP_TIMEOUT: ENC[AES256_GCM,data:Nio=,iv:wbNYMpuXPm9e5cevvndEQpIs6QkRt3clFCk8m5pZ414=,tag:uzq+3W3pyceEoAWjToNw8g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwd1AyWHA1SEpRbGhmaFY3 - QlJCYzNUVEVaR3BudDNMT3YxZTRjUXdWelZRCmY0UWFpMEhRcFgwSVM1UmlHN1k1 - cEkzaTBvMzR4V0pZQmVQU1RpTG9vUFEKLS0tIDlLcFN1VytENHZ4ako3cXd6M2R3 - UHNDRDBiYUpiR0dHbmdHdmRhcTZPd0UKJgrAhYaH/rcAIhgjVivrcf0HjPtEIS97 - z5HpimsDOZ4gntVEAdRShPtH5PrO7NFiPa3IUdex/ivYTIr4zAQSiw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVN3M5R2JwenRxR2xEWWNJ - WUZiTlRwaWpUaEJ0TndET0lDamJENmE2elFVCnlMWlFSZXBDOGpJSURLYlJqNzJv - RXljK3dSUzdEaDBUSVUyTzFpeHVvL0kKLS0tIFRHT2lJWWZ3d0RyOE1ONFNha3Bm - U3U0YTU2QldWbzByVmY5WlZmRW04WUUK133O8rZOp3NT5feI8HEhYR5MYMRR/Mda - OIEPr8qHL/DKcuVY1RNfMieGZM1Vlk+KzKSVJFq9s5DprDn3gbdE1w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-04T10:40:47Z" - mac: ENC[AES256_GCM,data:eqXcJfZjahySBJczjcQ+XzPuRM63UkA0+g3MEiFrZ03ZXrS78BFakr6lrRHsAalzkRwegtzpaNNiSWy7fekIACDshYNG6p5vHzypig1B2Qx0O9mpxgSsExrwrEH++k7mfubogitdC2hhomYNjQbs2qIqUQp15zweZxIBqpebez0=,iv:LMK6CoWpLKPuqJlyr+w++jKRQ/yulOR/bNADiWg+9Uo=,tag:YSD7XsZgFZ3BwyvBLa53Pw==,type:str] - pgp: [] - unencrypted_regex: ^(apiVersion|metadata|kind|type)$ - version: 3.8.1 diff --git a/vaultwarden/config/vaultwarden.env b/vaultwarden/config/vaultwarden.env new file mode 100644 index 0000000000000000000000000000000000000000..8bfc008cef900a7a121073c704d076a7760e5460 GIT binary patch literal 1068 zcmV+{1k?LrXJsvAZewzJaCB*JZZ2I7UKYaaDLl za#2uWHDq#2R#;?cNk}+SXj)cKQdLoB3U+WdMrUkvW=v2wQ)ovcu8n0 zV{=boHd8b)buTbhdO|Q+3N0-yAZ9~SZ)Gx2Pcdw3NNG!9R!}QeF+^);VoYy$ZEjO| zPdQRrPc~OGPH*}=u+rdgEb@|x zOqeHGkNs+apbuh-LN>kP;i*{O8gbHCS`4zWjAjO^%~!ogQDTXEv@= z*Z;yX%F9jjtVDlZm)@6e+qt50NJV z2U{@y8?*~lCXsgSUvhO~=Df-e%ZI%ro4E_0Yk|9>=SRLoFFfzu(?9C}@2-k%t2kdk z$e*d}+Bs<}BmZ<;_e-Rmzca9@2@Tk!^qz2XpBO9(oG_};3Qkz{K)dmrk zS>^|I12$#lbcAq8cE-B&b}-xqG^_41a4U^^6y4!t7=rf`J*$rRBVAF0-|maq^ti8$ z%4~~7ao^w3pMDgG>#CDU?Su(cncqm(eDlxFgm9kZG2IlH5JwHAV7%~Mp)UO+_>dot z3MCKkhRRlga!Gp&e5^~R|8Y`%TaE}LJZs$ZmE-6!%c;#qcLLX)2ZnoBFIj4kN6#4v z+;3|N-67uGFDB0v#Tx`G4Ni={&Ko z;3w%~!i{4l`(WK9wj^h^i>( zT&Xd$?L)og8?7IOS7aa7{GtW|GGJC+b)n0Frv&Ip2&^TRjjIi!is=Ujs=$5SUOt)x znB{M-um2=0A-Nv>CI2^bX_!y5Vll^MU&om#50za~);O$mD2=A?4UUFSZ2?QTqBh?w mG>&KJG#bXmxp6>ZZwkN?Qf^3olcN((CvZ^>P^_4dsRzY$VCVM$ literal 0 HcmV?d00001 diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml index 1af4963..1531fe8 100644 --- a/vaultwarden/kustomization.yaml +++ b/vaultwarden/kustomization.yaml @@ -21,6 +21,7 @@ resources: - "resources/service.yaml" - "resources/http_routes.yaml" - -generators: - - ./secret-generator.yaml \ No newline at end of file +secretGenerator: + - name: vaultwarden-api-config + envs: + - "config/vaultwarden.env" \ No newline at end of file diff --git a/vaultwarden/secret-generator.yaml b/vaultwarden/secret-generator.yaml deleted file mode 100644 index e4d3b27..0000000 --- a/vaultwarden/secret-generator.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: vaultwarden-secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - ./config/api-env.enc.yaml \ No newline at end of file