diff --git a/.holo/branches/helm-chart/_codeforphilly.toml b/.holo/branches/helm-chart/_codeforphilly.toml deleted file mode 100644 index 00dc8b23..00000000 --- a/.holo/branches/helm-chart/_codeforphilly.toml +++ /dev/null @@ -1,4 +0,0 @@ -[holomapping] -root = "helm-chart" -files = "**" -after = "*" diff --git a/docs/development/add-secret.md b/docs/development/add-secret.md new file mode 100644 index 00000000..00a24163 --- /dev/null +++ b/docs/development/add-secret.md @@ -0,0 +1,24 @@ +# Add a secret + +## Prerequisites + +Install the `kubeseal` client command on your local workstation from the latest stable release: + +## Configure public certificate + +Place the public URL for the target cluster's sealed secret's certificate into the `SEALED_SECRETS_CERT` environment variable: + +```bash +export SEALED_SECRETS_CERT=https://sealed-secrets.live.k8s.phl.io/v1/cert.pem +``` + +## Encrypt secrets to cluster repository + +Create a Kubernetes `Secret` manifest containing one or more key+value pair, and then use the `kubeseal` client to encrypt it into a `SealedSecret` manifest. The target namespace must be provided and will become part of the encryption such that the secret can only be loaded into that namespace. Commit the sealed secret to the cluster's repository under the path `code-for-philly/helm-chart/templates/secrets/` where it will become part of the deployed helm chart: + +```bash +kubeseal \ + --namespace code-for-philly \ + -f mysecret.yaml \ + -w ~/Repositories/cfp-live-cluster/code-for-philly/helm-chart/templates/secrets/mysecret.yaml +``` diff --git a/helm-chart/templates/secrets/discourse.yaml b/helm-chart/templates/secrets/discourse.yaml deleted file mode 100644 index e7d7622d..00000000 --- a/helm-chart/templates/secrets/discourse.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: discourse - namespace: '{{ .Release.Namespace }}' -spec: - encryptedData: - DISCOURSE_HOST: AgAu3/OQFf5pQHu0lch6Czlyuh5WQ6AUrlGoYkerNpqgDNcx9iJQpGUOiZndSAJ52f82qgDOQ0lVKgOaAMt3m36Kh1d8Bmo7WBpxBPN8rONuOGDwxWCqQjy/R/eqMdu1B7D9xFC+7/5WSLb/M8jPsH2BWDFMoPc7/6Kws8jcZhnSRc88Q2/hmGOa8iWbgHwPvgGz7g/PA+yZGTLPIoGXJG5qnGYg7Crjesv0MxUHZYQs7BrK3SIb0VVNOYTyWUiVAtuJdq+YhBKZP/Y6xvvPEwjx52YBZFbFPpqQ4SZE7LMv9efT0VKDgqhV8LxtVgqJQLUDZxVyXUEjlPGanREU5o9TsTVh8stf6PysW8K7hkHTA3yCCIlsb5ZNYTRybJMALsiUSY+/DReu7xKK3+UaTGH/qUg0H0inQHJm6kUfiM1mE4J4tXt9LoDT/UoiGrB91u99gCZ0C8QEsLZ5tytale3Zv2GbSfvLKy0rc5mNmmmiBDLOrXTAyddS6uIMYR5/Im9XFNospxT9kSmdDu6xiejHGj40PzSIvjm+GsFQ4LGN6RXF5vJG6L6TEJuYKqqEDs4f/Oaec3sBeC8W8xsS9/2NERKNQlXkDRsM11ibZwojw5acrmmHPWkkFdY3dCIiXUM49YdDe+zMsS+KS1YdYkKPBY/FAMobB6BfEL4JBxcFjWtWeMBMxj7Y7jrzEcHG/50ez4aV/Dd2Mm813wqhJx0tcK4fY7HCaQ== - DISCOURSE_KIDS_SSO_SECRET: AgAdz6bKJkMLiz2e3uUbQX8hAbY0b1smQFei4mBccadM5rp/L1peF/nNxLNoOBt37duHkeFRa8K6VlhT7vvE6w+uShSQXrN9QckGYAHeqckP5OnaXgIpQkViUuDNV3ozBO3/mDpXI2nfRo3KexvrhBIj36//FUA9mQD4ETSWU5euSPFRfWuf8MxeNvpABAUoakDC2zM5VJmIeS4c4sqPnNEPmn4GnFtn6aJI6J/Qr3aDqOHZ3nz/3ZeoagBZGP29fd3FY/ktz8jyNJwq8RZcE6sU0buoy0MVi/sspTiD9n0G75WHillVjC9bNrR4QR1UgxcoATkbzfKSkCjmlYv7CcIXJk+q3AAiJCMVlZLEqHkQOrA6hADbD3C4EsRLIoYjwv9tqtDHvd/bsEO1ASF7xFkio54egP5fDto9t2xwYJ94pLavhY9t1YwJSSXjJl+xmM/KegWjqX4/WpquYXDBXNbIlXumLdA0LnDM/20dTUcyxrf/RI6odSmxWDNbRDDBl9ac+Aw8dOQXNuA1JAqa7WU90PeEIAopb7HPDcXS6hBMw607OwIMO3ZQVRCtIATvI3oBfTO+Y4fb+Irk5itLNNZ3UR94nap++8HCUwkVNra9VsML2qvEia6Wgaaw6llpB/Erj5LtBIYX6v4i2YYw2wAT0F1WXFZAWsw00/uGKAIE8gJxVo54NOIc6+/B+5NXtSqUXlNgsHqNUEsZeA8MpjwsUE7EX+U6O96UEY8cjtqimw== - DISCOURSE_SSO_SECRET: AgDCvsrfQLCtAjqVgfEa4l61OvPlID1jsKbSzZn0nnHvWeeu5LfDRLXfDMi/mn+Tl2f6BUjhONJO0eXJFXRdgY8NV/qHRoaEj1Vt+n0wsBONUsJwSStOaZ8qo6VDrxzUv5JaNq98OhinrdZLkYh6lueH/Qyp4G4eGT+yo1EWIogXoxurE9jA2zvMWIOg6qgynHiBu/eJVxDHdJIkX30oSMukdBEz0wSIgC2rp2W4nUiZG0xVzOdFxoGsTWIu4zY7OekdO6NB12l0DoPl85Bxc3sfOljYCUxsldTEM8bgffX6jbxbWR8FHuX0r3wOIJDDlXxga7jkzN3e6a9FX/r2Mm6vGHuw0Qx0g/viy1a//nCKaCst2iZSwtvZpMsswq1xropFy69p7FNIXEzBFWKk3UpE8IgoYrxvIclObzeqYAktsfAooHHhX+bHUabKnB2o4LD9lB+oEkPCXLHNMSA4o5D2lvJh9roinhJdZlvExrGCQOFonGDMM4G1m8se1D6slFfKJdrYRtIzwx6JA3ES+mCOeh90P12d38WNQ4xfpYzvszOV11oyzG7mTpEgElWZpKvIeL7ZJbWCHF7eBkWQ/z5lwpEeHsICIdXvBBBk7pADao38/ONuwPCNweG0STie9hx8p0ed9cwn80c3EHp19wpcCNR777kEzmTMkpfV8dngYh68dN7pypsU1YQVSbrwjucjo4Am/ym+riAcx9mIPkpMReySwIl7kEUhSevEz9UMwg== - DISCOURSE_STEERING_SSO_SECRET: AgBsNOIw1mS64vM2l0HkLEBeDUQ9/cwj5Oh/abVCqEbC7dMUQgsYOX7BtODJiEennwfb0rdLBPLfwoFbWvZaRVi2qCe45+MT/P9fk0Z+CzeYeSoueSFJiMB40OfNuBYduQh+41E8W3+rhsqQEYtZV7cINUmRqT6SObYcWywAAaEyTCWF5pFuiuXCOlPSTfLchqd7wiQTjFjs4vKosu4nho0XUVSNP/mq3IBT9UKQHpSEMlR02Twe+IwrN/TA4y4uHc1ClOtN9db/d4KXYZK4fThgymHwJ4uw8N6KjooS4l/dmWsplvsn53l+BMeDIHrXH9e53IM9Sk9JFf76oRSOQTri3Cqd4f2Ow02hWYwoz2x35Sox4DQa/O8OlVPplFJTPllvdTr9WM1c7MehP+j20ibnCzIWnP8ru3LACxWZFWXdZhi+zjK5k0FPA+qnoxDbgtiNekOpJArHBryZdpkqzxTLOemJSoxClo4UXRBu/SVEM0/5Dfuj+YpJ+GKHguab1XHuN/pqQtmQAU7uR5x2ZcQb6v6k5KndTgkivfaBJvckHhrdsMquenNUle2LhThZyQlRuCMhLYSQ1cDJiNOsZ+NYWlJw28E/U/7u0heNLZt4sfpU1YVqD94skWDhWCHU+tXew9o1TBopKS7fusmsW7GHPXULsnAp2gK/cl55ecUNMFqkfIIZQV56gKC/o/3pOHySx0PgTgfnMbxaHZwp4E5opXyYQ5tTQ0YtAINJrAwoGA== - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: discourse - diff --git a/helm-chart/templates/secrets/github.yaml b/helm-chart/templates/secrets/github.yaml deleted file mode 100644 index 1dea9756..00000000 --- a/helm-chart/templates/secrets/github.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: github - namespace: '{{ .Release.Namespace }}' -spec: - encryptedData: - GITHUB_ACCESS_TOKEN: AgCZY0L5WRLpOqz/3XIVM62UH8Ld6dxBPUiDjUBMFEEUkxiWFJsdJSObxV9HKJkhVbROe6frJNvHue6HEeaa2tpFW9ReO3sOGr5pAUDqdaQAVDvHVZDTCyPMEpcfra2zaFfd7m8ipanhlzIKOok9lF5bRy7e1Tb4RueIMlZC/d0kk+12UWM8yzYgE1SQQ4Ye4IsCFrM7vPCJFQseTXnVnsIU+Z7NkoDDvqJvoY85WrSQSIMA0Ezq87F/XQYHTCHglNpB/7dGKHq2LltwBP9Kslr4rf2MjoR/N3XB/seZKNWDkEFjsbI7SaeN5gHrlUUcgywp+Npk05wM0yDfgE9IqZuDdNByU3guv6Y5WrUuSFYinvvrqmAdVJTLcfS20+dn0WF1wuN0v5VJKgmZmstAqL05KV2yBRNyXpObyMNUgNI6jJPrGWaEVmAZBUKpJMnBI/WskgaZFv7q0FHpmGPsavjsPcEXryyxeJlCliz1qMDCTC/0Nf89WuPisjEyHN9wwqNZN9CHMOd96QdqEOkjDGmHa8xwzXnc7HMk1FnfJ9ThJA0Mx1IxNHiSIbM1GGwube8H9reZLelFRz/fY9QDaHghP+Atd68QsC3sYsylGSrHexIcfVkLJ//ZDca/0Ul/zK2bTb7KE2MHmpkXg0PvsWhUKY/I6usr8WaBXjMgd2ZVQQ3FewrGdM4R4nwevnEXZosaHTuBVTFHI6ey/5vpeJSAFs28ujm3wxccKGi4M2BUVXpK6xwu8eDs - GITHUB_CLIENT_ID: AgCyCwwItAsq+3A7THztEInzQbnWlrHJS54+inEsrxV8CsUH8euaGfu1kDwHNRteyledVXvS1XP2uCsTBUfgRN5/z/Iyc38BXDWzSs11TqRasjGiNEqxVtUcLkouJYJ7cb+j8PGgGjmzn7s1ltRVQdH2DQ5S5raR7nhA0eYKuNbons8wZqE7qW4LAgN/lROHJ8feOj1N7kJB1nfgz+uKhiUXqp+X/r2mivysq8x2gRUxE0Ol0qcOkmawRny9rz8yPnmHSleiOYtrA1dhm6aj/H+yCUdgWEq/33xDgGX2/oGTSfeDMRjT1UgZ9jzqda7Gvr22leHjKTnD+Ak2y1qoVEJzB7ml+a6wpccXsMNIosibhiI8n5Xvio88tmSgP8HDYDN6wOfx+kktlTrJAI11DAxhxAo9JIT4f97ruBqkbpB0RANv5yCEK/HX0O7+r6wUcLpbUwenQdnVd8SBqixOLYiE0UeUiKVHFROC76VqplvmpJrm57xzxqFBo8GTbltiPoll+1fQI4b/os7kn5DIu5NqxPQeKmNt7Yn4BsOq3IWlsDQpGuSd/hSFk3naDgO0aCoysWzDKadCNu6of+QwenEos8L2lI+Kmn2j++um7JE8i0msn6qIAlgQEWDnNc9uAyXm+hCRQPxN2+Z7Rzkme6hJynHXuDSQre+d3LdIbOHCZswcC2i13Yunt03vtwPkcDwv57ov1PwdNlQzJ3rNQ1URjuIULw== - GITHUB_CLIENT_SECRET: AgC1NvjEMYEeeFe3bHGvZ7QyLRCgfYOiq4at9Z0VKU+Nrkee9v0XPbjOoMasIGc1iytNmvQiOHF6VRNNJzog2O9j6EJsdbUzSDwtWXGh1nOWolXw2VbaRl1jAN36TuGRiNte4q0ZHOAgFVTcTsOSc2Lnh0Gr16cR7vv0jUwdMTh/Teq4Wr8veJY90QIUK79lUygXvIOSbRmGbGZNfL9AvajGSnxuuTLeiNpbG3yUVzfAA6yrKNsW//TJIbIfWqW9OJ+IDZ5wIrKnw/mW08DCwFDYNHspTBBfNXDsB6z+kn7RyY+DbbU5c5Nr0+8VdJOY1DoQn+SiJmu1ALENvkSD0OzHmh6r7sewyOhQVoycrQUiLpZmYQpikuU2G3MkeDw259oMiJQA0sOnAasfjLJygl3kyyveLxYmhp+mJCW90e8rD6efoB8nlAXnSNLfzFWnIaqXCtTFJpBp8+ediBtHFRFFRWi+X99d2tWDStpjRI65QDEvFk0PwkrtlHQrnk4BskRknbq8BEtHnUa7vcF7PnA7pcw06tUIHdL3zxzm8VcThzLGY2J6afRzIMzdQh5jq6WIyfrq030c4CA5L/WK8kE7YbIhF6+mqg94leFtUH4NwlrGzC06ITsjz1A5hH2cfNOzGticVOSc/nptj4oQMSrlErnwIP8CzE9ANRb3c7DfuTyqVPnGysFZm9XRrvWMjIhMlCbTYUDkGBONu6j35RAz+rxv6bZIUOE4t34HfOgHm8z3AXg9Vvtj - GITHUB_WEBOOK_SECRET: AgDFM92963o8Jba1Q3Y0OSO9Li0K5f4pr7fv/WTSb9KqA8ZvQb/1mngsPuf9YiGj2yyBApGRBNQ+EcI2apJQMUEZGkkwRSy6btq6MXLRdUXTe2urQ4e9+AZaBOtPLAEbpe4ewvEeBlH2FqEcENvm6ZApMmoN2O8F2n19bqc5m3bQNB96xiORIKx7fiEPd6azrKl5996wVNXCDxEzXDANOMJNvH0RJFyeoszkqZIZ7hOZSyDxknn6xwMMebfGUwuXiVKN2KqXDKh+mdi19/l+m/T8sbcxbgzTzcpjg//VZWOPCsw6E5132NFswEHjCJmyiye4ijoIJeqfzSKUnEUkogSezh/jmSoq/bHio2uitYf/e5p3isJ8NzTqZC7D91RIEcRzP7AbYuxR1NMH8KGQf8AbeuXL7b5GxLu/A5UdPXnSoZ8UzyVNpGrHX+UEjBdVHNjcWKfgP8TxLqqqh/BLDZ+UizEk7EyK3WqZd0Q0FVDztJu9n6tc+r5nTUzcKZGxFU5xjgTATLlmK7mHYwGAgyfIb/iHRju5UX28a2tc829CNWvOHLRx7Rz42JVWzj0Hr2hhex/4zqiI7k97nzz1wFLvPaNZY33T3dfqXTSAH9Gu2w0K8CFRSy7V3ZIYmitqbramR3whe8Aa8osaDHjX508JaUkPNfRt5Pc6uCU+CzWv9z5rRIh+RFVa4x8l+xdoEHhCHd4M7jfXBWSPBFO61/cmDiJ5HuiHlAyXO3GlXzd9jg== - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: github - diff --git a/helm-chart/templates/secrets/mailchimp.yaml b/helm-chart/templates/secrets/mailchimp.yaml deleted file mode 100644 index 4e75da80..00000000 --- a/helm-chart/templates/secrets/mailchimp.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: mailchimp - namespace: '{{ .Release.Namespace }}' -spec: - encryptedData: - MAILCHIMP_API_KEY: AgBBIV1lj6JxIddizc8+cQoeDKaeIarxwmr+/xrlOJ0waon+lsvzfEbpPox40Na4F8S5Uu4958+MoEINCB07JLtVs16UckMoaLT7puCBcnpMimaw4gsoY9/4OnCnPhmmW19jpMuo6Yg1g916JMrGOVBuywjxFgHYPwRl3d0JdLv7CSLBv+4CEWBBu36DDCsh2gH6QN7AZzrCMWxa6JmK81WaCXwZApdb+cjOw7JOacwzdghj1Ygp/u8TppfCga3ZkexDEaPOoQKJs++KDlSjwbN53kHr2PVdyjsLJT3yKrsx6MJyxBYxCDoewGfqBtpiDqxXberHmGHv7VBxWvVWl0nxT4xqyu9x5+1gawPS7dFB87X44GW1+mx2qzq+3BA7lAz6myUzv75tnEpiDE5YQp+L2h2e18rlV/H9BywpfuxKbsD3vIYiFpgDNJHrmxzPty8KobNDsy1l1ypEjmihnK8dkxPLg55mLETvb929udJtUGNBM5vHdl7fjlUZ3Kg465+q14tB6VESnO2VYdRY2yje91tutSjxfrBworl08ouezHLbGg6MMkQcph41tEeY4QrMdrr4Ep1Y7b9OZnvm03CB5yDIyLbbaiBWreWsHIaJoTY3puQqs5DzXyBb2PQbJxIXadsox+byewalwR81fZxE7ydc/s5sFIMZmfjy5AhbWeCdTZvlPd32VdAulAl3/HdyCMHm2ecmTTEIwnhVpOI7TjSiU/MyodZJJj2G32lDFlCvUy4= - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: mailchimp - diff --git a/helm-chart/templates/secrets/recaptcha.yaml b/helm-chart/templates/secrets/recaptcha.yaml deleted file mode 100644 index 4013c3ae..00000000 --- a/helm-chart/templates/secrets/recaptcha.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: recaptcha - namespace: '{{ .Release.Namespace }}' -spec: - encryptedData: - RECAPTCHA_SECRET_KEY: AgCq8wdJ/59wPBOAvbqwMKfbOkuCmsvINgUITqFUMPsum3xE2vROu3GK17mBOQpjY4OTwEtlBkYh+hMW9iyZJJrqL6GxWsg++/PeA9no/eZ1XGvk4dVLVES5awWCyRD4iM+XJlYWn7EofAxXXPxz53In50UlwvRQ5pYsKHfP14PvAErSytNO/HOBvjdHfdJ73yKzti8gDkiAhhKV0BSykWypZR2Ggn/D8PZqPt2EB0IDvzoD87Ly+kjSW0CeneDtatjfHFpBpSV4XhldnKTNZTgdBISAq/YGcEB/rzGjshqZJr5BmK7Eoa5WC/bw/QgGy36Pjy/sGCCdrPoOPn1gu7ba33YX/ZGv3/AoZoWbIREj36FnKsbIx0qkjz5vWeslfrRaleBPsthNrPQw7xFShKluIE6W31xE43L7S0zM+FMS4/3Hw8lniKAen73Ea6pXNl2irJ8FH6KQzBCc4md5Tvj/ktqDEhPAzO9jH9MFdmLlGbMrGZ8Se61MaZqZYFiXQ9dFUSkFyr+8fWeHAduHxK39DRNE0VVmwTObMuoNvPo5SmzTwqk2UyUkczqwuaGZhhzPbbPG3SRsA0eKvkiEq7UfJY0iAUFS68MkqvPqC4gg474hP0sNTFhaDpK3WkHxkttqMPRnbBMx83yGo8+6IG+qgqDn7zMjr08jiJBCTHleG75NBIuC0rlBvikFknaPKsjakNbQAQfbwD/hSLOfskPv4Gxt3WtlWCra2UYiJFDNAZ3Vab8z3lIM - RECAPTCHA_SITE_KEY: AgBh3/WE7n6OGEJ41Otb+bXHVa/aq1IQL+EUugdyYO/LdmpTTqaNnAFTh8ThC4VeDoVY9d5bm3Etjgy6KnD5fcdebQfmP9u4YXA8SwM92nAFnhvtIMkyaxEoIseIcmU2fnhYm2tKiHlUn9s4B/JCbKvJvoMTViM36vYg37/lcqQy35AdqBWaou7CjHvXo0ztWptg2hL9wy7Upn9IU13nqCgzh0rSkaZBFFAtUaY35qewKeOq6RoT9/ZHLd9mi7bPvo7auQN6MpFxZgzTSUJXj+S9+3V3BuhVofd2Qx7CYZfI+YVq1QdcGVBB2L5ObVyajhG2YnWP1cYdbe9EhB8IfrWPNTxU4Ekik154gPgn7B17bKl5JrXG/NC/hOvPHIjj9mXgFve9mBqLZO+16+pk7G8YlMSEjY1Lhc9dEA7XeHWX+IT55OnmvesPsIlhcFHTMfU6A5ox3mz9n6tX1TIMtR4ZhLtvk+VwMaIfHEhdnR2gDLdxMhBQRO9VhecKJWmWQ1Q2NTva4Z7NU+1f48k8GmpCnH5GrChKnrvpwvwPfkxJ7tSxT1X2aodMiAFPExkEjrFQc68cynNLOolB22o34jFuIjPEc/fCKvShVdS1tOSS8irXHTZwg3vG54QzXoGVd9whZB5i6awcr6JDh/2wcVWwYKLyi+XuG1MGGK+mcM3Via6zJcQ9JA8JvQo8KFmPsqqKxukAH3yi/LrznKDcrgSEUfQr6Tb4xaxnUEChsFTYtbS66WLK7G42 - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: recaptcha - diff --git a/helm-chart/templates/secrets/saml2.yaml b/helm-chart/templates/secrets/saml2.yaml deleted file mode 100644 index d9dfd8a0..00000000 --- a/helm-chart/templates/secrets/saml2.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: saml2 - namespace: '{{ .Release.Namespace }}' -spec: - encryptedData: - SAML2_CERTIFICATE: AgAqXCr8bqfzU54f2d27JP3Gw7EavAhXj86Xz6rONUGByP0DBLcV56tVDE/nfhLc8yR5gs5Cxxf2MikbR8osD2wlcznDFt7vXv5eURvDkP0KeArxeLufyHVElgwbC+i48Tgys2mzsCTgW8aPQxEEFS7zehGBKOLE44Uhv6ETHvlDfRsEuD25geEKmAv3KA+hdnoUfu0MjEFZ+eQ4bmPA6SGehhhnBXG7JFZOXwmytd6QexKGlWxLnT2kdei9Q3r5jzbru4ZevGZoMa1W+NssLJR1hDaN4We4o7+z+tMPuLxwyrLJ3SWZkoacPV3VK+qPxQCjahA9X5OmtE+ogQLtNhZos+M2S0zflEpgkyl19Ov9OWmwUhnrl4HeormZv3nhnn89i5EUyenshsKXqp/WXyPi3f6z63wf4uiave3WSP6EBROmNiVn04j1866Bue44PEZIfXs2SSd4yCTHCLog171jHmxkw5l6WvgxeBIW4eb5KiooxEG6ytOjuLC+xahaIzGZ5MHK5j5q0jvkudMxqVyjnvCNR4fIQkThbNH5lbIWFDvg/ALz+oS64+fXwfOB75V4mffdxT9Ip1bhqLHGpAMoGlcCQVSa1v35wJILAgF7iOpSuPH+iNG4TMndfFAEORKM+Elt+NUGjKuzalYN2Yo9emuL+uYTp6neO5dx9bBVKObZmTSY30QYo2TqWB0a7spl2F6ADQENPdTZVuogJT5RoL/zsCthH+5eC8b3m3VdgN9vh8DN5yPYKxPLA1GTLTiv902G8/x04UVVAGqvxMv628WEswyWN270XbIbXYXoqg+ikZLaHX+kW8S6yaDHrdsLkzkCw9C3KfQgw5Idw/t+0gLiQCuetQPNe3SYiZ55Bqft5yRxpRXP99Hp+uckZW1OhbmQ3QxMpJO/4FooFxjZn+VgSqk8W/vFKnIzaC5KFZq/VO8Hwo2+y1653+7QwhU5u0GaKkHwR2vZNN5AsozXEPKej7UiQ8bIUvPmYIwfL3f25O1RG52PqkMNpVqccuHCN9/j8sPNIIfDxKZYPcbFfuHbpPmSO2grySJM0KniKiJD8qJWc52YTGsgmZqFud7r7o5afqqOCp1e9rWb2GVfOn91hVJtlrJ1JSvaE8EKydezxl8zwLFnYMfxub3PPjjkT3qOlcpE2+oT4AMgVXIteRh//kuCr7JfhIkZ3hLkTPf0WyrhpGTnNcmRZZaAV7LAIVWwziyIVCoduLhExInIRouyClc/53LRIGhIdlcHRZ8CV6YE2e3RV2+pxYDKm3Vu76Set2SuUqdqGIOXqlyQDbnIfuxyP2Vf2fOwXEyYZ+lY2Lu593rR/8UJIBmvdeM6HBMK8IwFvHiZ1r9i+KO4kCsrrNa8TeFcxb6nIEqiK0neRhTjTdS8muWuUvDQi95gFk2ufkmMExV09YHqZD0Kcq4jJl4WvUqZfpag5cavWrYnbXm7plMzpNZ7fc+rvKX4FBpOFNEJDEOxYMDWkPb7xkZOdD3zIr0lnj38irPzGvzslW7Sy0yLGCUEoOZd/BR0/tb/x1Ogkubv8jIQerMSYR3DLmRueQfRo2YT9T1/rIyQIuyTv1UMTgR9drWmzlEuJYP7tPlVLoNXtywO4UzWEGS+jvBYMn0UpshhkgYva89JhWxfQi302eSB/3QpYhtPTwUf2o0RNmQ4muRh9MG0kjfprga3/KeaOOf9KR+xspykQrgq1mKis1pj6+UWVcPskuLLcAPEBN/d9sXCs1MFPy66UlEOGWft6tU5PlCpPx0nP+eEn7l7rVY8YlSEh0LGf1dfH+Xje9sMG7tczH1wTtEPUNZEuoavDZnebd4wXGWgfpspGzcvqxwtC09uKZdh4HUZHiw7XIQNUhM45z75Za2ykyIpiMBctGfrJeKRaFzsUatYQKwAM/0hTmmJ2ZsXqEFifX0rvVSxmiwHoSknKs32t/7jYHq1IaWY0EANhhE1Z/ysQXClgXkQnv2a0UftM/mt+qWzzRbkZXJRBYa1c1Snq/T7AE8XUaS4sOHGzpLVZ8fnAf7Jxa/rBKOk7AKsJ+1PtHawkg0iQj+pSx2Q9lCmRW7w6242uNkAvd6ig51FsXEO8WvBN3c67f4vbaRFGxNGf3wT3XZ7mOkz0hutfwYtYDyoAg4y2dByrhcaoR3iPTwbPNs8i2X1fV81p/Iw/G5QWcUIKFmbGpA+na9QHXoNFX3chJXtFFszHn2O+f5D1hc/l5W/ZW5bSD1iNC1Q9ffSbUTJw6yBR7IlrGhMxRdXJhZ9zg/0h8NIQxtcaUyO/9TDOR2AQ5/OHSr82rWz8mCsh2ITT6wh9FkWegSfb/DGm46VW9wd5Aw6MjywTSgeTPq6P7AxVDUrL7H1Qsp4HZHXapkkxbzMbQFS0mVLE9D0GhBi2/AeAoVk1wc4UBKvIZAYmAYg+bA/Kt3y5gb7qB7rohT0mSx/HH/aUBCH+Od3Szd3AIAeqI0Ngc1O2+bILOTLcsxs/x4vPXoQUb6B+sB0qg== - SAML2_PRIVATE_KEY: AgBH0eH5mrC4hqvqIJTOR12PaaRPhVDxUIObgG46qxAveq1c1hwi5lPEUsPKq/pN0qXH5eBco1D3rb2G4xdIP1IyqOM15oGmnSUqOWR9IAQ7ao0OmWyxBOW1GWoF2+qe7sPULnQ/nLTUXf8gohBc6jp0kpuvMxa+9apPkPn1mvYpR0ikFXqlMWIIgsvYmG0ddLNK6hbD0cl/zOqHKwXBR391Fn+ctNQUOqTv7b1dn03tEqodsQ9j2qRn28wuCTZkznI6YHrZPmFEE/bxt4O5e8iOeVFd18TCQeqdJmX993VptFT7CZga1Uv4531L4MM3pUUqyDRi03GQwFIYlLGE4BmjZ25n/mS23rV1dP2wnC1jGz18WiRadXiOGZe0OdkcwaELdJHs/hi/bMUFtyv2OAr9Jl/KtW3qlf70e5IMZcjfW+ih5QPAouedGO4Y7qnyA27azYfUlBb/5bOJ0OIHRIVJoK5uMH/wlPFDVjTaNTW6A+bU++KgvrL9xFwodGZbnmFrE6APMBtBdkjr+g5TTkOjH6GUhj3rNt7LGde7MSTSxJr63vzVbd7jU0/o04xrxc4GLQcB0NF3Xz2vTnTKAZMJ+I+fyZmVTVRg89rih4ObDq3yXYoTnAQVEptGJl1EkQInl7M9QsqETRD/8oBLkitCG4TmEgmZd84s5H7oKhQXJAGXoGN2ubNWey0Y/IKX01wdwpWistq2gNeweSfywVdgvyrSDH235EW5JEL1GtIDg2IabV99F0/wo0MylMsgCW2mtB2MIL9wGNF2iNIW7ncAzUrbcpDkUE4LSHXco17yCJSYWBRoOJHQzMIye6+2cxzdY2eqyTPXoY0vsOP/27y49SRbhMp9cY8GcxgFKe6J8VWgvqnIFl9L7zkaMtAW6CLcGn/QBA76B/Xeprsik1fbKiJCKkcaL1fWJcNwszZGYQXk4lYs1vNJRMEnyql/9vQTR+6IwfCtFC6v0Y/7spleCUJgH03JlUqJJq9I30ZtPyCStbcNt6l2NEBzzwovGRasABdr+tA4dK3C55pR59Pes6LH0XrYbOb41T4ggjRrDB3/R8SXfYl7aqRAiuDd8jc3/FXouGS4snMRORQUSyIueHLqi4ZLw7ytGUFeetqHSY27fazCHNa+aOEYaDx7MXXS17EAVcUXvIIowzPLBMaLkHoeo0DefZQY8i5cbE0tyKUsanUYCyYwO57IXDHd1EJfnSnaCetW0YACLgKC7yLTqiIIqujxfHFGnNdQGr3pMgmH1ONnijSkwwCmDJq2wzO+l0mHMweThN7JSZNVECoV9p+iAsWCa8DXd8d0UDCdd3hxQo5tB5HSO8U/j6YPNQlxZwkwxnEBAD5/t8fmujVoC8PgRDHGqXnQzeRgafI0spMMN1JX2kvZePUPi7aA5/TJFPZ5IadVD61MyPWa42kpYnMSzRUDxAGGKvMFiw3ajzYLLsrFUP/lqmwSlXpzRrzJ9rQdQx7dqItr/C4vTncIttrOV3uS494PF++BIQZwlA6XrsfHXM9m6qD6sU/WEJ2ZDHKFhi02/ekWle1jpeTgjBsYQRItkCTSBNC2+EVnJCSXjWmtJpb+H96CFl6+I+1Y90Ad+rE2czb0b4W1mQ7YoN9q1Dn7rTDAEkxKXFeByB+9NV1/xYGP0iakFa0tMxV+ZUbtlnFESoIonEaUo5PWlnOQ/vPcnzov9yDvfas+R/aCY6Jwhlox8FJ0jajdoQODsJTh1fPoymsDfJ6LwY3vxsJxh0HTX02aRhMAa9W/3Oh9phBpZblKrgAPiNTobjvOVtXgjx2Z0+Xle86q9znMU5nwFOU3HLRShJ6f0UHYeYGDksMcsRZqfYaxNPBd6Sz3nxeJ3+3k5QyT/dck6WoAf56wYFcuL84DgCZw2gGwYI0lWPtNaug9B47Twdv0bs6DtvSjkHEGmA7x6fQncbuWNJWvdstM3I5o94s4JSzuWH/yDr1qYvj7lhg87DW6T7deA22qfkEGZ10LI6DZU/YAmQpn4mRh4esgAx2Dh0FCxfakxYjnTZClGy8s+sbuJVuEqXkgEEO4oEiGYEIz3tk1eTSVd8HJ0QG9RPNp2unPgOuGAVgQq/6nsY4cRL15eomA5J2s2zTMxbAx9n9QIcStV5rNmQXwQT536n2qACavehfIDbpgqglI3rha5xBzkqJRbF73n3W09Ee1n/po8zeSGtNNN2zp+i40PLcDwB3hlZi4Uca9/2G8IXkYaQuslbKuUHYdKorVLSqvP4am/2wEdZkPSAGCKWS40WD1UMXshW4fVlV6IE+yooeepxYtqRsdvlnszm8tv1S1kytvtZf3s8bzMM/fcRRThTCoilHM1qM4JqDwAzPOamDEHFWKhQ3GQsZynCWfU9ud04r9ifuQ8X3Gw+dfXWE6SUWoqQ+XPuIrEgA3Gi2SI5JJTn4yJRfNun7RzJf0bNdVEGqSnzk+Pus1qevBAstVe3GueWavTIBQFm2oy5GBZYX95miU0Uj7Iycah01TuSccN4Tut/lAVR/ERmt/g7+m9ZDJPUnO+Azu3umuP/O4dVAZzMj9J2XGSsuN+fx+s2b1WY7YlaP+QZo3D3zsNNOPXr2JyO0Cljb0p8BZgMS9HzI3FjwY7fKDN+yEl4zCzEzWSz0trEgIkBof4dGN0aevXSP8oSmYtILx85kgWE/AWOoP6e1h94ogy5XuorAH5IcMqnBQSfZMOL6Br43jlO9t6/0wb/a2LkpmHMF4xtukK9zYSUo/8S7FzrZU7XwxVJaJeYEdNnVUmChYWfL4uyDDQL7mIcEWzYQDwIFrXw/3bBOxNIUgj5eHclTmlPJ3V5XtSxbO56HLkZDMxth28+bhq+8Dj+6a/7AQWBtyl5ePn7Ztn+zOFm9C/fcsW1yB+wxl7yD/0d3fW1OkG3/uLIYwTujC636sHCrOuGssa6eoUHU= - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: saml2 - diff --git a/helm-chart/templates/secrets/slack.yaml b/helm-chart/templates/secrets/slack.yaml deleted file mode 100644 index 9110048b..00000000 --- a/helm-chart/templates/secrets/slack.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: slack - namespace: '{{ .Release.Namespace }}' -spec: - encryptedData: - SLACK_ACCESS_TOKEN: AgAW4UujinBhftQD0y8JtFFq2GxWQVCsAQyDtVJficqXFgApuo7xmJ45yoxWOCSMAcYNAtlj29chSy5n0hys2wlNebQUyExFzQjDc/ZA2x9OYkSRMp92mkaolihat+hK23vaUPm6Dr764y9noh1fefGh+rYahRt8YtD+/8i/WIo+05YB05HWQGbYq/yLHmqfqM8m+qNYU0XMs8ChvShM9cfFNKDZIV7oYAayXmYV7PN817+0CDf4xQ67iOIw77lw7QeAGH4v1gkNAqhbCaXbtCzVNMDFi2hWYCnDBWdMfRgTuDuD9WqcJ1YHG0Y3XZpz6qJ2bNgVJkNpWEotEMty4kVVWdkwvOIFLR98eciAZySlInliqzv4+D52mqyrxHP6Rwp5ainsMFlhA0GLen1RhhGNqSynNGufJxBZVQvsgsHjx+IF8r5TwDzl1uVfCr2WinApQQOXTStDsw0put+vMtpKSJwlFKpOj58GvAeQ9sMmTWhIOPrRCfRDXlcgufu+KoFo87hF2XUp09xUbwEyNMQUUZzTIbwVbr099mJyqGACXo9aRJ4zahxmZ0Cz9Y6nxz4cZK9VrAZrsMojtt++X0C6sV4ITKiSk7OAaLVWGPt2CiiB6Ru9c1gLobF9fSlUXvmWXImslxmU9TgJm07hjTcFxs36KpteTdcXl5BZuJNyWf1JhqblDtaP4QVLJJKjtEF2NUOD0FCXlo2DArpNrM4TLP9UUduW4Jy+xaN0+eNnycGyksLWRVBGptD69bim4Kn+i1hPVGWIySansJvsV8WtzQ/4AlKHQ3A= - SLACK_CLIENT_ID: AgC3QbAEAewKy1ZbfriIINJZnAKa8X0cM6v6yu/ZMDuezozwNi2vDMA/tNj7s0pOr1PeqrhVk/kOLTyIc3z6BjcI9mMIJedmx3picIZZRI2BonARuJAjg4R8L4+9iVm3N9qO6yDr3AyIfVZNPhGT7tlcge6cX/EpT/ixz9bjr4FSWpIXUaLC6GPFUpGy1KOlTx/wYVXo+JgNL/G7ZkMaGlf2FhR9RMtd3sChtTE8E3WcopPqbw8R57AKXvwFBmZqiGtMvjWakjrOi1SmRmFxF1p9pXJH7vH8GYmJJrAIc9lZpP0L0MCAYLAZl/v+yaR06U1UYdcSVrDsoRXCSnen05C5OJTo0CR7zBbw7LQaY3sI5tbynE59ql9yfsyVaqwhqBohdEPsdit/fjlDtmg2YG39xskvMBUmg1JEa/jVMiU5EBKpSMX7z7B+Mkb80rH1ZeqECkDzZXCVgNoBZXECupIfW2yOeUZ9XPVjkqxTxVlI/bXHE2JfAEmbXb56wxWyXnpvQgacBxxgtENSoBRjLUUwL3ByB0o/JWKAfQ+xIGQoCedqlqYhVsaB+9wwlFCHJSNTHwojLVUVZafaj78cyaFzNTIR2YppkrDUYSmaTdG6t8Hpd9qU8mkvxtn0U4NGRILezl8KBeQjWj+8Ob+218R8brox6hRXPZeGwYwXqsw/vivdufY3Uom5ZgDmEBdldTLmQAUBXFsG9lwBqMBtkp2yIUjegORXJw== - SLACK_CLIENT_SECRET: AgC+x3zeqX0VqnRlt7lB7HalB1L7Ied36MZeTTUC4WbrWdvj6AnnKlvTmc6NHgCG+NFyIQHiFuTHvo6Gn+DNZhCX0eYf5oYQ/tvuwmip9arK1xbFkiRGx4yxj/aXTlb7I4sdc6xTw9uLSWotHwkL77L6UYeb+2zFx0nlmPDDL87UrdX3kDjbYL4voongXF/Od2fqOQvB4rabM/nQcOYTsHxxoJGkz1KjKdgaQQXJp3TB74lqwYep9OUNccz3bo9/SD0BQV3xLEFPmNvQBzLA2qStidnI50gfXsH4P3uMuxUAomADQ+o2plolkg+xsx18LEO3JIPdjWclJP+BEuFeZhKnteqbO35dzVRXVIQi943dZt6Jr0Wt3DBDioLJOXMRSVPT6dyHtwQ92TVHNBO8Ej7a0UPrZYZaCl6s2z1WYf+hXqaNtJHhWzjTlZeqe1rYoRpA5RuT/F+O/IQ1EfZA9luGRFkTj5Q4ekdJZZ0Fq1f6HPkA4HZ1o72jm+c0/ndx3W5Od7cKGl/7NjG06Zzpm/3IJnTtYFuQfjB/kah8olsNhJCcJ0NaCLnj/8LityGiS9sUWfsJXFdaqv3IemnVmV7dyqU3GHTSrAc+QI6LBe3oARWVTX5Ae8H8VmV54x64mG0fBrcOYaeBH109gnm7hFdtB2YPlczfo00wQwdvQ1ZgfLWV9FNR5rYCrP2CfQUcTKpsIMaVSmfU26lH6yZktIl2/8jTRmgxhDnvLmhuQWad8A== - SLACK_TEAM_HOST: AgA6uWdc54BC5o9Nta9FdrsN8Mq1iP8uOtToZQ3Kcon0RaPKiK54aJvPxGGoXr3m9lDHrwPudI1GhgA/9tThUUn9cyBzMkwc/QKVHyI00EPeh3JvAnqbcQZYMmlv5YGRZ3w0MaMA+sCw47tsLr2Z5NMwY8X8qq/Kxk7nYreIdSMsEh8su7eZbN6HkfmM5b/TpvC5HF0js7W6BilKY+pnTNzdxFcotTw/4VPloBqYmGcMejFyacQM8e2TmLBiczFocQT9lcivzHXStBheJmrUOnVBpY/NQP3eDJzqEvsxZ3+8gL1Y5EXtj3M3BawHNBrvfm+Jzh3+gOwVDbeHc1aH2HKeQ0hKBcMNUiFfGo9b1naRzt3KSF3mOdHMWzd+520G5SEds7WZogeLWv1PapLyN4/P1Kr3o3hDiZ8dbicKHsXlqv/1YHr41SF3VjVsswQFX9AIvfGYUDLnU6ffoeUd3j63T2q5Zu1cD2cyI1IURBWl/AQ4aoM5El83M1IQgJ1s/SSd9PP9naZR/9UesrdEs7stvx23QkGGOINgwgDf+ydvjA4G3UDC1i7EjglmefjKbB+ELVM65kyEw0ld3AoNzFc1Q4kPRfCtQENryW0A1EMwyqVe8NUYCJsKHW/B+saVYOHVvnNZSllDteAW003VzjqOhE4dtu9dEu7jfXp61Ja74QArp4jkM1RMAUnLVsMcUQlOleUq0OhGXG46A6uHXItDbQ//lltLfw== - SLACK_VERIFICATION_TOKEN: AgAXntzAJ1lOUaS0A4IOGOOc8vDJtlBPlnrtCwN1/as3XtzJoFdDf2RgWg6m+22T2HPtuzOrZTy7mzyhPpGk543GDMk3EPuIWT5f7Nbhc0/uaYtiYQlDkAtkT0ZNoaeau9VpXU4ohioDRZop9Q4MjfwFLsaFPfTA6C4SreE9Lcdg98g1gS5HeRdycsdqqbJI0LO+ZRUr3cW+sJpY65umkc9SR0thYrzvbM9M1fSON3cA4WX7WpClPxf1lfAuduoJHrM7G+TVT2jcbEZJ+qKcRBSEMaW1K3Orwvlgo7KXdQSVD6q1o2dC4HGRRmQN9KVpZ4YYBYrhviV++cOTR3Swj8ozDi+aX9oWNpMq+YfejpkCYsZtE/uDeUbnWIkqsyO89F9Y2bklw2bVGkzwlggAO2rBXy3OI5/dO+8Q5PrgpqLAfaAvToMiXI4HovHGhzwGI6Exse7Zc6ops/POPzKNwW+jZjpRpER9gGe3aQ5F1tg2CDgZGYn8BDZOFnLdtrGJwdtqjJpprAVoLo7SlFBRh4dtcvPXSE1fsrCILSvrIR8jR+y8SnSg0k8yUR6G+jdXoZ7XvMlixz1/8Gpor0plNC4hf7liuQ3gXc8zCZ+tA8/4RCZKykdnakmzmxmBXtsT0yr/hmsPkm9l2pGZWOisCIFW766xshcaaXH7AHhLUNOweHmGldYrJRyixD4x7b0KwffUir9ui4WkF43AVv9pXQ6g98kUz78Y6/M= - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: slack - diff --git a/script/seal-secrets b/script/seal-secrets deleted file mode 100755 index 3380e1bf..00000000 --- a/script/seal-secrets +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# script/seal-secrets: Seal secrets from given directory - -set -e -cd "$(dirname "$0")/.." - - -# validate input -SECRETS_DIR="${1?'Usage: script/seal-secrets '}" - -if [ ! -d "${SECRETS_DIR}" ]; then - echo "Directory not found: ${SECRETS_DIR}" 1>&2 - exit 1 -fi - -if [ -z "${SEALED_SECRETS_CERT}" ]; then - echo "SEALED_SECRETS_CERT must be set and exported" 1>&2 - exit 1 -fi - - -# seal all secrets in to helm chart -for input_file in "${SECRETS_DIR}/"*.yaml; do - output_file="$(basename "${input_file}")" - echo "Sealing: ${input_file}" - kubeseal \ - --scope cluster-wide \ - -f "${input_file}" \ - -w "helm-chart/templates/secrets/${output_file}" -done