joe/gitops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Effectively look to change and change back

Browse Source
This commit is contained in:
Joe Monk
2024-09-13 20:42:35 +01:00
parent 5d347be59e
commit be195bab3c
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/kairos/apps/fluxrepo.yaml
View File

@@ -14,4 +14,4 @@ spec:
decryption: decryption:
provider: sops provider: sops
secretRef: secretRef:
name: sops-age name: sops-age2

8
readme.md
View File

@@ -32,18 +32,18 @@ Drop the user and cluster into your config and create a context to have that use
I use sops with age to encrypt keys etc in git. I use sops with age to encrypt keys etc in git.
Before pushing encrypted keys up, we'll need to re-encrypt them with a new key. Before pushing encrypted keys up, we'll need to re-encrypt them with a new key.
From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o keys.txt`. From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o age.agekey`.
Add that new public key to the `.sops.yaml`, and push the secret key to the cluster with: Add that new public key to the `.sops.yaml`, and push the secret key to the cluster with:
```sh ```sh
cat keys.txt | cat age.agekey |
kubectl create secret generic sops-age \ kubectl create secret generic sops-age \
--namespace=apps \ --namespace=apps \
--from-file=keys.txt=/dev/stdin --from-file=age.agekey=/dev/stdin
``` ```
Update the encryption with `sops updatekeys`, then delete keys.txt. Update the encryption with `sops updatekeys`, then delete age.agekey.
### Using sops ### Using sops