studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

💚(ci) remove secret from repository

Browse Source 
- Remove *.enc.*
- Adapt helmfile
- Adapt CI
This commit is contained in:
Jacques ROUSSEL
2024-06-07 08:56:23 +02:00
committed by rouja
parent b3779b5979
commit 6e7f20eda9
10 changed files with 75 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
.github/workflows/docker-hub.yml vendored
View File

@@ -19,8 +19,19 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: Checkout uses: actions/create-github-app-token@v1
uses: actions/checkout@v4 id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "people,secrets"
-
name: Checkout repository
uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ steps.app-token.outputs.token }}
- -
name: Docker meta name: Docker meta
id: meta id: meta
@@ -31,7 +42,7 @@ jobs:
name: Load sops secrets name: Load sops secrets
uses: rouja/actions-sops@main uses: rouja/actions-sops@main
with: with:
secret-file: .github/workflows/secrets.enc.env secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env
age-key: ${{ secrets.SOPS_PRIVATE }} age-key: ${{ secrets.SOPS_PRIVATE }}
- -
name: Login to DockerHub name: Login to DockerHub
@@ -52,8 +63,19 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: Checkout uses: actions/create-github-app-token@v1
uses: actions/checkout@v4 id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "people,secrets"
-
name: Checkout repository
uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ steps.app-token.outputs.token }}
- -
name: Docker meta name: Docker meta
id: meta id: meta
@@ -89,13 +111,24 @@ jobs:
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
steps: steps:
- -
name: Checkout uses: actions/create-github-app-token@v1
uses: actions/checkout@v4 id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "people,secrets"
-
name: Checkout repository
uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ steps.app-token.outputs.token }}
- -
name: Load sops secrets name: Load sops secrets
uses: rouja/actions-sops@main uses: rouja/actions-sops@main
with: with:
secret-file: .github/workflows/secrets.enc.env secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env
age-key: ${{ secrets.SOPS_PRIVATE }} age-key: ${{ secrets.SOPS_PRIVATE }}
- -
name: Call argocd github webhook name: Call argocd github webhook

22
.github/workflows/people.yml vendored
View File

@@ -312,9 +312,20 @@ jobs:
i18n-crowdin: i18n-crowdin:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository -
uses: actions/checkout@v4 uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "people,secrets"
-
name: Checkout repository
uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ steps.app-token.outputs.token }}
- name: Install gettext (required to make messages) - name: Install gettext (required to make messages)
run: | run: |
sudo apt-get update sudo apt-get update
@@ -332,10 +343,11 @@ jobs:
- name: Generate the translation base file - name: Generate the translation base file
run: ~/.local/bin/django-admin makemessages --keep-pot --all run: ~/.local/bin/django-admin makemessages --keep-pot --all
- name: Load sops secrets -
name: Load sops secrets
uses: rouja/actions-sops@main uses: rouja/actions-sops@main
with: with:
secret-file: .github/workflows/secrets.enc.env secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env
age-key: ${{ secrets.SOPS_PRIVATE }} age-key: ${{ secrets.SOPS_PRIVATE }}
- name: Setup Node.js - name: Setup Node.js

1
.github/workflows/secrets vendored Submodule

Submodule .github/workflows/secrets added at eec9a2bad8

24
.github/workflows/secrets.enc.env vendored
View File

@@ -1,24 +0,0 @@
SOPS_PRIVATE=ENC[AES256_GCM,data:53ysyQ9gq2PnAQKNjOL+e+Bu5SQIuOguz8Bo5CpqbpYsF0AmV1WsOutckdClbu6ApqV3m9/Cj1FJ30+L/+j05pvcpqMeehPQwGQ=,iv:VMuML9IXiEqKY9jp+ny76jnQHmewq2rqdBy1wYpZkSI=,tag:aAZgwiWDg1AG4wk3f2Fq4w==,type:str]
CROWDIN_API_TOKEN=ENC[AES256_GCM,data:bwh38oLDH4BpI2H+7oUjtVizyrYvVJ6Av4ECTnyPPthMz6DCaYQn55RXp8rQDgJj4bPRls+JcRVC94zYIjgpkDsbbcqHr620KQKHQHMgoOQ=,iv:hydpwWtCiOkhBpAYyNwDzSjhjfdUJcKX7YX3/PXteN0=,tag:eQLniL5XxkNs5yThUuQHyw==,type:str]
CROWDIN_BASE_PATH=ENC[AES256_GCM,data:LJZE454A6qg=,iv:yIjGACBJSX3S9g7PAHRFn074xL94fHvMLcTKzFYwkwo=,tag:1Z8+UbeDOvTxR80b95KumQ==,type:str]
CROWDIN_PROJECT_ID=ENC[AES256_GCM,data:THoNz661,iv:Ixd0D9tnpEWd2yqZui1HJQEO/h7YsAC1R9Vjj8OHBjA=,tag:wfDHhzaXLD3NwY5zDj24RA==,type:str]
DOCKER_HUB_PASSWORD=ENC[AES256_GCM,data:jj92OOVMtsagOXQ=,iv:r/u8M70PspZMFCbi8a3FvuCDtWt+9YGArPNHZRpHA+k=,tag:WM3vzVkuQZVdHa3wh4satg==,type:str]
DOCKER_HUB_USER=ENC[AES256_GCM,data:btdtLdLApQ==,iv:y1o2zwyzusBS6JiQSEtZwS2zctISo+UgAFhyZ53vbKQ=,tag:ZLkMJydgjMBmbbKq979z7g==,type:str]
ARGOCD_WEBHOOK_URL=ENC[AES256_GCM,data:0TnoZv7vQI+8MZ/7EITx0Mvez66G6BcCzw+Mic+NH2qh0BdZBH8ynkYBleKw9V6TbucgHasa7duL,iv:GeE5tSpjAndThrXrzz8Dk6ah9Bxv6JQCJmKAfsToDi0=,tag:O2pIhA0ge1xygIv0izSMxg==,type:str]
ARGOCD_WEBHOOK_SECRET=ENC[AES256_GCM,data:SrdWdV24lGztyUnFXeOYGAhqTErRFakIm7hBw8n4NKW6ll6AgeZKY6w7pbvgFknQ+NlRd/EK7bYk7CZtPDGU6zM=,iv:IkWxnTWrvzWwNh4RSt3N7iPHA7K7jkzSHa4CHptxxvU=,tag:XFVYBRsuDF/La1/8ADQ2jw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5KzVTKzFmN0Q3Umk3RGNp\nSmhrUklSZnFaVWZiWXRJR0xTVlRrL3RsMUE0CklmZFVveGRzWVNaRnFGRS9XaHhk\nbnlQYjM3dDJuRlVVZkppTlZ1RjJqS1UKLS0tIHBoamFOeDVVdmhDcFN1a3FidFlO\nN2JKTlpLNXo0SHJudWZpUWJpcE5sOWcKkfq/oWHCyy4jz6NkOUdCCDVtHV+hw7Dz\nqtc52m7dvEk1E6seD/zbes2BMQo5t0FybzikMke9cASe13cdYMGmiA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRS9pcEprcHlJSHJaWWlQ\nZ0ZTbzhoUXYxUXlNdDVyQXdvQUhVcjFya0NvCk1UOFNSUXRsMTl3Zy9ibmhMWnlN\nSUVCVW9NaDAwYk0wdlRvREZDSHI5cU0KLS0tIDhhRnNoS0xoNjE0d3FKaXZhN1V2\nbW5KOHFGcGpiOUxYWUVxZWFCejJ1SW8KNY6H8A3DNhJ2tqy13md0icS6fzHmd8cH\nah6FyrgxXa6zJbmC/bKRVPiAU7D2xAgkyqS4nzvXjeAaEMef+a97GQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTVNHS3ZpTS9HVEV6Z3F0\ncWRxd1lsME1oUllDQjNoczN1TWhBY09DZkFvCm9tNzVOQ3Nxc3lCRk9WYXp1VmJB\nZWt4SlFlNTQxdWJGVTVEYTNablVNMFUKLS0tIEM3clpvUmVYRUJzbis1ZHpHcDAv\nY3d0VUFyUFFQc1lYbnVkRklKVGQ5MUEKy6lJML7AgC7BLYTEVJz9bnNIEXxjKNps\nV2IQWMorUsAC9fg0tPNDbAUDfgP4jkPxNEMa10vGcjwRKcKUazXj+A==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOVdXOFZiQTlNZ1IwYU9u\nSzkyNk93RkIvLzJ5NjZHcmlDS1B5TUhraVJBClpXdGtqK2pxWnh1YXNDQ1Ftb2lz\nWmd3QmxpLytMMjhLR1U5Y3kwZ3krN0kKLS0tIFl4SVFjb1JPcGZ4SjNINkhqS1Uy\nTFI0dThVdFJpc0lydjR1STVRRXB2TUkKj/0oPq3pUXLY2LUNjUsrNekNorB83ejs\nBCIpaZzx2FRNHiwiOq+3m7FcX7VZoj47kqmiNbs6uyrXtv0gNGbzVA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_3__map_recipient=age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMEdlbi81UXVCZ1o2RjJu\nbUNkdXIxcTJoU004MUxtZWE5dWtHUm01ZmpVCm9RRzNkVWhsakFRTGRBbEdMQzhw\ncU54ekphSENPNlFsOXp1blQ3SmlaelkKLS0tIE9pTW5uQ2JrbUFQcGMwL1lqL000\nekdNa2pQWHA1cXBaTGxZT1htNjhzcmcKGD1xp6Wc2CYzmkI2blmX4xt8It5HPX/w\nj5oynxnDwwPkknRdZ1bDlre5fXTzKGd917RcU2WUs9q9cbZHTmTQQQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_4__map_recipient=age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa
sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVEVMcU9nYUhPMTU4d2Jj\nclR1bUR0QlZEdFcraDZ6ODhwcTJsZ1BCNUR3Ci9MamhHYXN2dU9nRjNkbnUzQ1U3\nMjRjVG5kU3JFSmJmQ29UV20wSmVHbk0KLS0tIGp0aVBlNzI1V3lGYy9ONzhlVUR0\neTlPN2drTTAwOFlCUjA2U0FCY1lFVHMKzolngi5XjFQKUnwLpdpqmBDPuY0Bsurk\nyvKE/Lou9Pcm7OhZePTwoVIcBtS313vzh8xmnVeuJPpIzLjkfvJwRg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_5__map_recipient=age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
sops_lastmodified=2024-04-03T15:36:15Z
sops_mac=ENC[AES256_GCM,data:1v44C4K4YjV1m7tZKRgj8SiDamdD+L4p3TVwwOl6+05KCOh2uH2ohH+5MH7MTFL489oqaadpjBQfELSJ8h/4fN5MT6+Trbtk5QFLv4moLZx1tSCE1Tuam2cicFem2mlOrxb0pK/tU1qzCLvZke3yvFmiJEa+92u7y96hXM4VR6Y=,iv:23T3Tl5DvRH8zvef7ftbr5GWk+YFfLCzZ/eEzqjMKXY=,tag:TIch+2911w5qleXo55zM0w==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

8
.gitmodules vendored Normal file
View File

@@ -0,0 +1,8 @@
[submodule ".github/workflows/secrets"]
path = .github/workflows/secrets
url = https://github.com/numerique-gouv/secrets.git
branch = main
[submodule "src/helm/secrets"]
path = src/helm/secrets
url = https://github.com/numerique-gouv/secrets.git
branch = main

15
.sops.yaml
View File

@@ -1,15 +0,0 @@
creation_rules:
# Here we have
# - Jacques key-id: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
# - github-repo key-id: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
# - Anthony Le-Courric key-id: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
# - Antoine Lebaud key-id: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
# - Marie Pupo Jeammet key-id: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa
# - argocd key-id: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
- age:
age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x,
age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7,
age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg,
age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3,
age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa,
age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw

4
scripts/update-git-submodule.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
git submodule update --init --recursive
git submodule foreach 'git fetch origin; git checkout $(git rev-parse --abbrev-ref HEAD); git reset --hard origin/$(git rev-parse --abbrev-ref HEAD); git submodule update --recursive; git clean -dfx'

70
src/helm/env.d/staging/secrets.enc.yaml
View File

@@ -1,70 +0,0 @@
djangoSecretKey: ENC[AES256_GCM,data:a2U6gDdfHHCHwHfo6zr4Z3H6CPkFLMwFPHVtaZBaB6aSBtF/bLVXqcnuW1X4E41LUKY=,iv:QIF4j7XRNRCceYro99+KODETLPAcIsz4QRifqPFmqvs=,tag:qZbrTphZSLXs6QhB9pPtnw==,type:str]
djangoSuperUserPass: ENC[AES256_GCM,data:T/OHS1w=,iv:wHVoRx6zeEj0G4CL1en82UH99L55fccZ8dovyFabs0w=,tag:xmpXfxdJlFZqTsEKLytnxQ==,type:str]
oidc:
clientId: ENC[AES256_GCM,data:we8mFFJU5ykzLCKvFyyKNka1tp2QyA0IdgmQq6sIgfdC7rFf,iv:AQOyxxH5kngAoyJHLG+BKzG0MgiKjveEd8R0/3CDokU=,tag:alAFpbBqVZXtOaQ9u1fugw==,type:str]
clientSecret: ENC[AES256_GCM,data:93dsKs8h+AskewLvLJ8l+z2VYpQPt9GBCrlWAGjzDoGimKzMnj/VaFWxg6khIIfxmsBdrQc93fw3Aw4y9J3dvw==,iv:YwFlgB9DP4NmIGF3lXktyQ+J1kW7H3jB/+Uzn/jcn/o=,tag:1/V5avC3YN2rWH6dSiFfIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOci9hOVdHT3hPeGM0S2k1
YnBscm96RFBWUjNxZ1JYK3JrRGJSQ0NhaUQ0CmNTdG0wRjhRcVB6dGR3Tm1KVWpp
OU1iZzVwbS9CTml3YTJLcWc2TGpsek0KLS0tIGR3NC8yditKVzhSdWU1VVUxalF5
bG4wMHZzM2RuT3hCU1FDTVVvZnMvZncKN9B/IgFLDCy1FWtiaCT7pDtYO5sExfJ9
KygCB0R9UO8eS9LIQbFy2YU5NS5v+pb0TZJdfGYGrNdEE/0C6HU9/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNEFva2sxUFY4bWN6U2o1
RWxPK0ZDcFR3Q0VyZnEwdE5YNmdTODdZenhvCjFuVGhwK2w4TGZTN2tkZVhCWW5W
c2VwS0Y1cGo3V3hCZURXNXhKL0kyd1EKLS0tIEtaTUhsVHQxYnc4VFd1VVZHVkRx
S1A3azhNU1V2VUNCZTlvb2VjYXMyaHMKVQ5zrzKFeaQn3EBAbnjujK0r/nTYPUdN
yrl9v/RhOmlDAkRM/2hvWdGIcZOPOEn4qKljJdXVEwaHcnFd6/VeMg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYVF4dTBZbWtUQmRIKzZP
M0tzbHRHZ2tFTklFYjhmaWhvWG5Ba2NjZVRRCmRTczlYVmdpNTlpU05TbEtWUWxB
eXJiUDY0M0FvWW15ZUtsL2JuNm4rNU0KLS0tIE9iYUhsN244aVZXYjZqZFR4akdV
NXNOT3VEcWprbHFMVVpjQUVpdWlkeFEKqwpvWdUqRHVo7dQdMofGRJp52Fzan6UX
eVGjgedyiwRNn3xtA++ZIs5XGbxtnWSppjRKXDXRdc/ho1EVk5qlNQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDektxSGU1a2gvc2I1WHRB
ZmdHb1JEcGphWC8zZFJlU0VGb1lNbW13STJzCnlpaXQvRUNBa0lncGRFa1Z5bjRE
VHpJeTdGMEc5VGQ4TDVLUVhFNDhPVk0KLS0tIEJSUDkzL3BadGhFM2FPek1QY0pu
RkNLYzJZM1NoYjUwTkpOamRpcWsrWW8KHhvlWAx/ONMXW/Vk/dh1qECoW9YEaVd3
MZeP7aUgoKj2ZvAnAIDUzdAbc579K54yvSAPjvkbpeeRUDZnf9CZFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWnd4SEhubnNzS2FCSTRq
Qk9UbENjeWFNSHNna0dudnk2MmFMMDNqZHhFCmxTNktBZm1nTGNaNlpLVWtla2x2
MU5FcE1vK0w4dHVVWjY3a0oxWjVQUGcKLS0tIGM0c0FIZ3psRkV0V2VFU1F6Y2VM
VW5ta2lpTDBFVTdqQnlhd2Nxbng5OVEK1YuJ7r9brpGq2+tQeruDo4RPCGFoURkh
Cm2TTeUhf9YJfEiJeeXMzqVWUxb4OWMQsLeGoRb9FgUCv23noM30PQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTjFEcnUyQ1VWaXpqY2F1
Q3RQRUZnei9vZWVIb1B3dEtMaDNucWFKZWtJCm1SanNKd3pwd1hyRjJBeG5McnU1
QVhCNWRsVm5pNmVWb1l5bkNVWnpuY1kKLS0tIHBuZ1ZHdC8zaGFNQ0NUUjA3eWZk
UHdVTWcvbUZDYlNZMzJsNjM4M05ZSVEKok3wFZHGbnRpwCn5S6OZoD/2wVbzhNj7
X4JL6jWJZ3T8RfdNlIG2mfVmOGkT7Qf9q/VJbYC3B/pK5ocWUdcjBQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-23T08:10:43Z"
mac: ENC[AES256_GCM,data:+6ssKDBr9XwJnQto+x+8Ntq72/b+FLCI8TcMmG+Pbn2sw3ifDMa7CvdQCHeeihLjvXqLnIFvI+eVW4rclUShrx7VG3rdx8c5JDtuuNryf/5r8MZP3YqPcKKGCXEkntw/DW1BazKEqz4waIdOxv+zesvs82n4rMU0N5L7335IisI=,iv:jr6kEuRasIgMuH6t2OfPp2VsHmCJiygRpfURrP951O8=,tag:C/i6cFQcbQr0H0rZaSSr+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

6
src/helm/helmfile.yaml
View File

@@ -33,7 +33,7 @@ releases:
namespace: {{ .Namespace }} namespace: {{ .Namespace }}
chart: ./extra chart: ./extra
secrets: secrets:
- env.d/{{ .Environment.Name }}/secrets.enc.yaml - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/people/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml
- name: desk - name: desk
version: {{ .Values.version }} version: {{ .Values.version }}
@@ -42,7 +42,7 @@ releases:
values: values:
- env.d/{{ .Environment.Name }}/values.desk.yaml.gotmpl - env.d/{{ .Environment.Name }}/values.desk.yaml.gotmpl
secrets: secrets:
- env.d/{{ .Environment.Name }}/secrets.enc.yaml - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/people/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml
environments: environments:
dev: dev:
@@ -54,5 +54,5 @@ environments:
values: values:
- version: 0.0.1 - version: 0.0.1
secrets: secrets:
- env.d/{{ .Environment.Name }}/secrets.enc.yaml - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/people/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml

1
src/helm/secrets Submodule

Submodule src/helm/secrets added at eec9a2bad8