wip: new(config): integrate pigeon. #1483
Conversation
| orgs: | ||
| falcosecurity: | ||
| actions: | ||
| secrets: |
There was a problem hiding this comment.
These are the org-wide secrets being used at the moment.
| - DOCKERHUB_SECRET | ||
| - DOCKERHUB_USER | ||
| repos: | ||
| libs: |
There was a problem hiding this comment.
These are the repo-specific secrets being used atm.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
FedeDP
force-pushed
the
new/integrate_pigeon
branch
from
11a30d3
to
4fe6e86
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: FedeDP The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: FedeDP The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| - GPG_KEY | ||
| libs: | ||
| actions: | ||
| secrets: |
There was a problem hiding this comment.
All of these secrets are NOT present in our 1-password store. We should:
- move FEDEDP_GIST_SECRET to
POIANA_GIST_SECRET - add all of them
|
FYI @maxgio92 |
| run_if_changed: '^config/secrets.yaml$' | ||
| spec: | ||
| containers: | ||
| - image: ghcr.io/falcosecurity/pigeon:v0.3.0 |
There was a problem hiding this comment.
We also need 3 env variables to be defined to connect to our 1password store: https://github.com/falcosecurity/pigeon/blob/main/pkg/pigeon/secrets_onepassword.go#L35
// - `OP_CONNECT_TOKEN`: the API token to be used to authenticate the client
// to your 1Password Connect instance.
// - `OP_CONNECT_HOST`: the hostname of your 1Password Connect instance.
// - `OP_VAULT`: a vault UUID from which retrieving the secrets.
We still need:
/hold