-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm secrets with age #301
Conversation
first commit with changes on the @michaelsauter is this first commit ok? I did this way since we only want the binaries at the end... |
Yep, that looks about right. Keep in mind that this commit should also update https://github.com/opendevstack/ods-pipeline/blob/master/docs/design/software-design-specification.adoc. That document tracks what gets installed and in which version. |
32625bf
to
f2c6e6e
Compare
@michaelsauter from what I have understood, until now we had kinda not mandatory having the |
@gerardcl See https://github.com/opendevstack/ods-pipeline/blob/master/test/tasks/ods-deploy-helm_test.go#L62. That sets up the private key. I think you need to exchange that for |
@michaelsauter I thought about that but was not sure, so in this case I understand instead of importing via executing |
13ecc2f
to
4d895db
Compare
@renedupont I updated user docs from your update (added multiple recipients note) and updated related part on admin installation too 👍 |
matching a fingerprint listed in `.sops.yaml`. | ||
identified by the `age-key-secret` parameter exists, and contains an age secret key | ||
which public key was used as one of the recipients to encrypt. The age-key file location | ||
is known via `SOPS_AGE_KEY_FILE` environment variable (e.g.: `SOPS_AGE_KEY_FILE=/sops/age/keys.txt`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that is under construction still, that comment there explains the current approach just for the task in here:
- name: SOPS_AGE_KEY_FILE |
anyhow, I am not sure if that will be the final approach yet
@michaelsauter ready for review 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me. Note that I did not actually try it out though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! This looks really good. Thanks!
I had a few nitpicks (sorry!), and wanted to ask if you could also update docs/design/software-design-specification.adoc
? It would be good to record the updated versions and add a new software item for age
.
b9b4db4
to
b8972f0
Compare
…nd add sops and age tools
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👌
Fixes #293
Tasks:
docs/design
directory or not applicabledocs
directory or not applicablemake test
) or not applicable