studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(devtools): migrate Gitea to OpenBao DB static role; sync admin creds via VSO

Browse Source 
- gitea-db-credentials is now a VaultDynamicSecret reading from
  database/static-creds/gitea (OpenBao static role, 24h password rotation).
  Replaces the previous KV-based Secret that used a hardcoded localdev password.
- gitea-admin-credentials and gitea-s3-credentials remain VaultStaticSecrets
  synced from secret/gitea and secret/seaweedfs respectively.
- gitea-values.yaml adds gitea.admin.existingSecret so the chart reads the
  admin username/password from the VSO-managed Secret instead of values.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-02 18:33:16 +00:00
parent c7b812dde8
commit 8cb705fecc
3 changed files with 88 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
base/devtools/gitea-values.yaml
View File

@@ -13,6 +13,11 @@ valkey:
enabled: false
gitea:
admin:
username: gitea_admin
existingSecret: gitea-admin-credentials
email: gitea@local.domain
config:
server:
DOMAIN: src.DOMAIN_SUFFIX