From 23f180aa65f8a6d4f4009a7b9f6364a5fd430ac7 Mon Sep 17 00:00:00 2001 From: ytshih Date: Wed, 30 Jul 2025 14:47:12 +0800 Subject: [PATCH] Feat(algo-dcbot): add sops secret --- algo-dcbot/.sops.yaml | 4 ++++ algo-dcbot/kustomization.yaml | 1 + algo-dcbot/secret.yaml | 36 +++++++++++++++++++++++++++++++ flux-applications/algo-dcbot.yaml | 4 ++++ 4 files changed, 45 insertions(+) create mode 100644 algo-dcbot/.sops.yaml create mode 100644 algo-dcbot/secret.yaml diff --git a/algo-dcbot/.sops.yaml b/algo-dcbot/.sops.yaml new file mode 100644 index 0000000..2fc872c --- /dev/null +++ b/algo-dcbot/.sops.yaml @@ -0,0 +1,4 @@ +creation_rules: + - path_regex: '.*.yaml' + encrypted_regex: '^(data|stringData)$' + pgp: A638A6B54530D54E868F9D3238736C662F799E0D diff --git a/algo-dcbot/kustomization.yaml b/algo-dcbot/kustomization.yaml index ddadf29..6fb3208 100644 --- a/algo-dcbot/kustomization.yaml +++ b/algo-dcbot/kustomization.yaml @@ -9,3 +9,4 @@ generatorOptions: resources: - ns.algo-dcbot.yaml - deploy.algo-dcbot.yaml + - secret.yaml diff --git a/algo-dcbot/secret.yaml b/algo-dcbot/secret.yaml new file mode 100644 index 0000000..c251364 --- /dev/null +++ b/algo-dcbot/secret.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: algo-dcbot-secret +data: + ADMIN_ID: ENC[AES256_GCM,data:JYWh1iWOg2qLbJoj+MuC98xLb0OfgJLZ,iv:3vvWngwzdCWHqmbCUB4yvomP70sEFrLUMM2/lCC9T1U=,tag:CT9rFkSt3GO8ZUKrs4SHag==,type:str] + DC_CLIENTID: ENC[AES256_GCM,data:f9BNGFHyrVL9Fxh1lwIcKJmALJyGPQ6KOM7WPw==,iv:2vLYQR/8r6seJjyImjUxGKZU/efbXpf0r0ZSWiMMUZU=,tag:iwB7acB09dzLcycgvwtR8A==,type:str] + DC_TOKEN: ENC[AES256_GCM,data:qB5qwhDPdvCP6u2SgAVycJB7fZxDFZgMJr2JoQkmv5n5mJqdLx6TAyBXWNfG2wpZKmEQImoWpn63IJEirM6E3oxdhTF9r+6zV2SSh2mgRqIS4XCXJylrvLGBEbDOMCu+,iv:jFGHqHWycxlvkGUly3yaKf0Fzl9iuyyJ7aydpgg6Q30=,tag:vOxaOgGdBUADb1N3B0X4pg==,type:str] + DEFAULT_ROLE: ENC[AES256_GCM,data:+Y7QdfCZjQtvmXY+FwfLrhrhLusyTGvObX73yg==,iv:W3iBxb9Y2zEmQw9rzOJc5uOu5+2Pk1gOAu06AiZwqgo=,tag:KzQW52f5lh6oPFpgqtuikw==,type:str] +sops: + lastmodified: "2025-07-30T06:45:15Z" + mac: ENC[AES256_GCM,data:Un2buJX6Bh7d5yYPFBn4aAevoT9xe8S7NmDmJaQFJxU6q8Ix/dwfUfbMJoez2gtvVCL3zr46gI5FnTeJ3yGvxX1YQVV2SAf7B9YyxVK6Jm+ak2ePmpCIMfaqmaAgfZxMoHM+7R55TkqMsgYqqTgJUIUqzHNYGiu5jzNdlfwiezs=,iv:wQb+ojh26B1aIxDYWF474NZj0cHfVr+W0z0V4PthhCo=,tag:+b37wdpqyOeIOuB1pAfofA==,type:str] + pgp: + - created_at: "2025-07-30T06:45:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA+nT7MSlwYOAARAAnA9Q5cHL9G2rtccUDc30pZN6gObjTOrMt/gSolUQzxx+ + H6DdqqJgkwHMdrQvzgvVHI+OurV01EC/8MSzf9lECm0BG0MNIprfSaz2dcvAHU16 + 71O4Zq1zOeq0GfE8RGqQHrO+WEXRZ40YHvNzD0WcmN/R2xQSLWXljDwPKj7fMYSC + RdrlrnvXCtnLmsUeKWHfWuNZbjXE91mwKwM+vOlvif+TDHSqpfqqqoU4BeTzyWN7 + biv6lUqPmJbIhnfm/f+5eoSo+cJhUO+5GTPhzY40SF9JpuY6c6wqezehZhkFI36I + cNziaaQbXixMRHfORvOd8y+cPsKUbrNcTnycnuuq26BS9pyHBPxOjOIal1yWyABf + S5arprTXMtMDfoha76Ea5bZH6KmIQCosL+czAYUwS5upa6GnbKwGZM2R2ljqGgeh + 2o9mdlAVQLeVLNgjRG27A2GWpqxJ9DEpXi7Tfq/qPR1ZMQOWfu6HngeOJYIUz71f + XlA7d4P8HoTMFe0cMSljW2ei5rKbKu9GMSvcUWpJ0q3LEEWwBBM8p6YR2vxqnm8m + w5qklJmB3HaAxqSo/Oc5bmSuVGmvCOKkax2RAr4tKE2ErxXL5dbCGSKVc4k+2gCf + QFOoiHjOpLzP0nrPqB+YMO/8ZCrMcvPIOqFU3mZUP5YskeEL5tVwl5kEkXbbPD3S + XgFYD5lV/OEf2OrhaiBC3wbkSETXnkEmchivx6PIg7seJuuXSZBUFvFc6LychIKL + XzNygFE5umPAW5PryPxdzvSQ1CBHJg4oNezXs9PRCeRljpDr549JAM0SHCywmvk= + =ur3+ + -----END PGP MESSAGE----- + fp: A638A6B54530D54E868F9D3238736C662F799E0D + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/flux-applications/algo-dcbot.yaml b/flux-applications/algo-dcbot.yaml index 98cf3f5..6343784 100644 --- a/flux-applications/algo-dcbot.yaml +++ b/flux-applications/algo-dcbot.yaml @@ -12,3 +12,7 @@ spec: sourceRef: kind: GitRepository name: applications + decryption: + provider: sops + secretRef: + name: sops-gpg