💚(ci) improve secrets for k8s deployment
Avoid secrets to be visible from running deployments
This commit is contained in:
Jacques ROUSSEL
committed by
aleb_the_flash
aleb_the_flash
parent
cda59fecec
commit
8fbc4e936e
@@ -1,7 +1,8 @@
|
||||
djangoSecretKey: ENC[AES256_GCM,data:dVq/508Au7M/Z0KqVKfaAQ1Qv0NR9EixneJXgcQLYPqr1zALAs8YdTfAHO97ObkYguM=,iv:TDVByohsak3njekbj7gPcYqWzBAxFAEn8Y7EpnyZiRM=,tag:Qfsp/PTbJghPNsJJVf5mnQ==,type:str]
|
||||
djangoSecretKey: ENC[AES256_GCM,data:a2U6gDdfHHCHwHfo6zr4Z3H6CPkFLMwFPHVtaZBaB6aSBtF/bLVXqcnuW1X4E41LUKY=,iv:QIF4j7XRNRCceYro99+KODETLPAcIsz4QRifqPFmqvs=,tag:qZbrTphZSLXs6QhB9pPtnw==,type:str]
|
||||
djangoSuperUserPass: ENC[AES256_GCM,data:T/OHS1w=,iv:wHVoRx6zeEj0G4CL1en82UH99L55fccZ8dovyFabs0w=,tag:xmpXfxdJlFZqTsEKLytnxQ==,type:str]
|
||||
oidc:
|
||||
clientId: ENC[AES256_GCM,data:nTlAk7Vr/FmofOBVAzI9cj7PXFHatGyVsM0ujGP9uxiP9Cdt,iv:bPQ8W2jvZ+k+dDTJngCa1iVkWUj5RJhgx+Hm4uNt7Uo=,tag:PyjfXpXvQFw6886GGzS7qQ==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:hSPwOFDXP+ZPDA+kLYhdYTUhHC19qad6oTEuM4tvwN/+ZEmI8TCMadQoMGUdAHHQGogk3fdnnQyNW7CdLwz0Xw==,iv:z30xOFiObn4vPanJrKjeHtpDzUMI9XnivgokoC5zDL4=,tag:+50pbXgqmMZHCWMnnoi7ZQ==,type:str]
|
||||
clientId: ENC[AES256_GCM,data:we8mFFJU5ykzLCKvFyyKNka1tp2QyA0IdgmQq6sIgfdC7rFf,iv:AQOyxxH5kngAoyJHLG+BKzG0MgiKjveEd8R0/3CDokU=,tag:alAFpbBqVZXtOaQ9u1fugw==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:93dsKs8h+AskewLvLJ8l+z2VYpQPt9GBCrlWAGjzDoGimKzMnj/VaFWxg6khIIfxmsBdrQc93fw3Aw4y9J3dvw==,iv:YwFlgB9DP4NmIGF3lXktyQ+J1kW7H3jB/+Uzn/jcn/o=,tag:1/V5avC3YN2rWH6dSiFfIw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -11,59 +12,59 @@ sops:
|
||||
- recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYy90Z3ZxbjdldnRoaDJ2
|
||||
VHlHeDNQVkY5ejZ0Y0F0NGJ2cE9uNlRkVHdBCkQ4ejdSZmxEWmpodDRvcGFTa2ND
|
||||
VlpXL2lGUVJncHZURSttbEw4cC9WekkKLS0tIHhrWFpCRDJvNkNOYWZzYnVGb2l2
|
||||
M3NoaGpVSlF0N1k2UXNVNFRTWTlNa0EKaGkcGVgeJFTv844UQ6tBY5hT18PoRhh4
|
||||
uIL6bH2Bs6P+wIbmuqwKhba8muS9rWbvFJppD8N/htJT2ZzXgmZAvQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOci9hOVdHT3hPeGM0S2k1
|
||||
YnBscm96RFBWUjNxZ1JYK3JrRGJSQ0NhaUQ0CmNTdG0wRjhRcVB6dGR3Tm1KVWpp
|
||||
OU1iZzVwbS9CTml3YTJLcWc2TGpsek0KLS0tIGR3NC8yditKVzhSdWU1VVUxalF5
|
||||
bG4wMHZzM2RuT3hCU1FDTVVvZnMvZncKN9B/IgFLDCy1FWtiaCT7pDtYO5sExfJ9
|
||||
KygCB0R9UO8eS9LIQbFy2YU5NS5v+pb0TZJdfGYGrNdEE/0C6HU9/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUkhaS0lEbGRrRkxpa2wz
|
||||
VUlRMFFYbVJpa0tJSjBKUGlPVXE4NW5XUmdrCjV0SUVTNUJCTXRnbEpIMm44N05L
|
||||
R1pWTWVZZzZHQ0U2ZGVQdk9kMmpZUncKLS0tIFJhZ2V1aCtYTHJWNFZ3bWpibTBs
|
||||
QWJ0ajN1U3NjVHVjTE9HWnRVOWdyWEUK+Fu4p4oAwAH5nhaWKo6C/MhdAo7IbkAt
|
||||
qarRcXRIRlr29K4IpmbbiIZZA/e1uWxMxD1Bafj4pIFppKTQFeIkSQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNEFva2sxUFY4bWN6U2o1
|
||||
RWxPK0ZDcFR3Q0VyZnEwdE5YNmdTODdZenhvCjFuVGhwK2w4TGZTN2tkZVhCWW5W
|
||||
c2VwS0Y1cGo3V3hCZURXNXhKL0kyd1EKLS0tIEtaTUhsVHQxYnc4VFd1VVZHVkRx
|
||||
S1A3azhNU1V2VUNCZTlvb2VjYXMyaHMKVQ5zrzKFeaQn3EBAbnjujK0r/nTYPUdN
|
||||
yrl9v/RhOmlDAkRM/2hvWdGIcZOPOEn4qKljJdXVEwaHcnFd6/VeMg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWmFBWWhtRlR4emtWRXhG
|
||||
M2Z2MVZVWFpETU9BTlRZSXljMzNsa3E1dlVnCjdWeXhLYXNPdCs3R2FTK2tiK0VD
|
||||
WGc5cWYyUEtvMmVJbTRPZ25zdDNzd2cKLS0tIFNJWnd5c2tQZkwrdGx6UE1jOHpO
|
||||
L0hlY0NLdS9FVk5FdW1md2lmU0lpQmMKZ4vZhT4Fmii9HHhJ+W9/BUkmzmzXnMHg
|
||||
q8jk+pDfNR9P8Lw+95Q8DjV6uvLpw9XjOkQzm6UCNKk9/M17c4EHeQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYVF4dTBZbWtUQmRIKzZP
|
||||
M0tzbHRHZ2tFTklFYjhmaWhvWG5Ba2NjZVRRCmRTczlYVmdpNTlpU05TbEtWUWxB
|
||||
eXJiUDY0M0FvWW15ZUtsL2JuNm4rNU0KLS0tIE9iYUhsN244aVZXYjZqZFR4akdV
|
||||
NXNOT3VEcWprbHFMVVpjQUVpdWlkeFEKqwpvWdUqRHVo7dQdMofGRJp52Fzan6UX
|
||||
eVGjgedyiwRNn3xtA++ZIs5XGbxtnWSppjRKXDXRdc/ho1EVk5qlNQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbENsZjZsTlp2ZXo5em5O
|
||||
U0ZaZWtkZjFFK0I0L3pFZDM2c3dUS09abDJrClV3ejFjU1NwZzZZaEhqNFUvQVNL
|
||||
K08xMm1pR3dTOHZyY0dYSlo0TG9iRm8KLS0tIGc2ZVBzRzV1WW03VUQ3ZU4wVGZn
|
||||
YnNmL1pyQk4ySVMxbXh5V1pGdDlaTHcK4R15lD5ryKO7CvgpOGmfSu8i7lbkT9EI
|
||||
lWC+AXSfKmhAZzXihrgmANcoIk4zitjHOoJN/PK9DAZSskhBqbm8qA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDektxSGU1a2gvc2I1WHRB
|
||||
ZmdHb1JEcGphWC8zZFJlU0VGb1lNbW13STJzCnlpaXQvRUNBa0lncGRFa1Z5bjRE
|
||||
VHpJeTdGMEc5VGQ4TDVLUVhFNDhPVk0KLS0tIEJSUDkzL3BadGhFM2FPek1QY0pu
|
||||
RkNLYzJZM1NoYjUwTkpOamRpcWsrWW8KHhvlWAx/ONMXW/Vk/dh1qECoW9YEaVd3
|
||||
MZeP7aUgoKj2ZvAnAIDUzdAbc579K54yvSAPjvkbpeeRUDZnf9CZFg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMEJTOG5Jb2pjR3NaQVhV
|
||||
WkQ1VnY2Ny9UcDlpcTZnc3FFQkRCRlJvY0I4CmNEMjE1Rm9KZ3BzaHhMUWpFczlK
|
||||
K1JtNlZMcno4cEROMHpYd0R1MC95QzQKLS0tIHBBdWRGRVFyME1tU1hrUk9Ha2pH
|
||||
eEx6Z2VHSHZOTFZhdWtVVUJWTGpObDgK8MB5SYG4oJswJEqWa274FK6YXlMoFO0k
|
||||
cGibj3uCo4XWaHdV3ik9GrKg68yo3yrgsc7pyB8aSHfgs47teO6Qhg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWnd4SEhubnNzS2FCSTRq
|
||||
Qk9UbENjeWFNSHNna0dudnk2MmFMMDNqZHhFCmxTNktBZm1nTGNaNlpLVWtla2x2
|
||||
MU5FcE1vK0w4dHVVWjY3a0oxWjVQUGcKLS0tIGM0c0FIZ3psRkV0V2VFU1F6Y2VM
|
||||
VW5ta2lpTDBFVTdqQnlhd2Nxbng5OVEK1YuJ7r9brpGq2+tQeruDo4RPCGFoURkh
|
||||
Cm2TTeUhf9YJfEiJeeXMzqVWUxb4OWMQsLeGoRb9FgUCv23noM30PQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXakoxT0JQbEdoMUN3L216
|
||||
MmRFdFRsTDhSd0tKaUpNTTlFMUptMUtOWDI4CmFnb2hTeXIzUEluTllpbStxcVZI
|
||||
RytwdmZqeUhKVUQrK3BhUTRybEo3cDAKLS0tIDJXUWN3S0F6SXB1dU4za1IrZmYz
|
||||
WnJhTHJvZmVuT2NkZDJnMGxBMS83S1EKY6Up5cDbV4vVZLzxm6Z7r+pTRH9Gfoun
|
||||
Li7lS9Vv9WVs7yLFbJ2Iu0qEIkgkJetzMhV/bo305nai3bcZfvm1bw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTjFEcnUyQ1VWaXpqY2F1
|
||||
Q3RQRUZnei9vZWVIb1B3dEtMaDNucWFKZWtJCm1SanNKd3pwd1hyRjJBeG5McnU1
|
||||
QVhCNWRsVm5pNmVWb1l5bkNVWnpuY1kKLS0tIHBuZ1ZHdC8zaGFNQ0NUUjA3eWZk
|
||||
UHdVTWcvbUZDYlNZMzJsNjM4M05ZSVEKok3wFZHGbnRpwCn5S6OZoD/2wVbzhNj7
|
||||
X4JL6jWJZ3T8RfdNlIG2mfVmOGkT7Qf9q/VJbYC3B/pK5ocWUdcjBQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-05T09:42:43Z"
|
||||
mac: ENC[AES256_GCM,data:RHUdOrgnbTCzrcyoWKfz7qC3i81ZUIyxBzBl3xQH/kCXsVbIPhtRUvFLwgd9uhNNiiBjPfx68GwiXatSko8vPf0rj2FVaC+w6yf9RTItxWqGETS18Waf5etsFCMhJ4LYce79DJ8KFtqjB64VYF3BVgX9Cif7wy1jGklbN7cGgjg=,iv:sllxfa74NAQTGHuBufOS6jH7VSOu5JsvwzNfBK5QRKw=,tag:WN6vWKtiPkZdbaJ04Q/VRA==,type:str]
|
||||
lastmodified: "2024-04-23T08:10:43Z"
|
||||
mac: ENC[AES256_GCM,data:+6ssKDBr9XwJnQto+x+8Ntq72/b+FLCI8TcMmG+Pbn2sw3ifDMa7CvdQCHeeihLjvXqLnIFvI+eVW4rclUShrx7VG3rdx8c5JDtuuNryf/5r8MZP3YqPcKKGCXEkntw/DW1BazKEqz4waIdOxv+zesvs82n4rMU0N5L7335IisI=,iv:jr6kEuRasIgMuH6t2OfPp2VsHmCJiygRpfURrP951O8=,tag:C/i6cFQcbQr0H0rZaSSr+w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
||||
@@ -11,9 +11,15 @@ backend:
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: http://desk-staging.beta.numerique.gouv.fr,https://desk-staging.beta.numerique.gouv.fr
|
||||
DJANGO_CONFIGURATION: Production
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
|
||||
DJANGO_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SECRET_KEY
|
||||
DJANGO_SETTINGS_MODULE: people.settings
|
||||
DJANGO_SUPERUSER_PASSWORD: admin
|
||||
DJANGO_SUPERUSER_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_PASSWORD
|
||||
DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"
|
||||
DJANGO_EMAIL_PORT: 465
|
||||
DJANGO_EMAIL_USE_SSL: True
|
||||
@@ -22,8 +28,14 @@ backend:
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
|
||||
OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
|
||||
OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
|
||||
OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
|
||||
OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
|
||||
OIDC_RP_CLIENT_ID:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_ID
|
||||
OIDC_RP_CLIENT_SECRET:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_SECRET
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid email"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-staging.beta.numerique.gouv.fr
|
||||
|
||||
10
src/helm/extra/templates/secrets.yaml
Normal file
10
src/helm/extra/templates/secrets.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: backend
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
stringData:
|
||||
DJANGO_SUPERUSER_PASSWORD: {{ .Values.djangoSuperUserPass }}
|
||||
DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
|
||||
OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
|
||||
OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
|
||||
@@ -31,6 +31,8 @@ releases:
|
||||
installed: {{ ne .Environment.Name "dev" | toYaml }}
|
||||
namespace: {{ .Namespace }}
|
||||
chart: ./extra
|
||||
secrets:
|
||||
- env.d/{{ .Environment.Name }}/secrets.enc.yaml
|
||||
|
||||
- name: desk
|
||||
version: {{ .Values.version }}
|
||||
|
||||
Reference in New Issue
Block a user