From d419aa74d07d163393d0f7fa3ff2107895177cdf Mon Sep 17 00:00:00 2001
From: Radar231 <radar231@gmail.com>
Date: Wed, 22 Dec 2021 11:22:42 -0500
Subject: [PATCH] encrypted secrets data values with sops/age

---
 .gitignore               |  2 +-
 pihole-1_secret.enc.yml  | 33 +++++++++++++++++++++++++++++++++
 pihole-1_secret.yml.tmpl | 16 ----------------
 3 files changed, 34 insertions(+), 17 deletions(-)
 create mode 100644 pihole-1_secret.enc.yml
 delete mode 100644 pihole-1_secret.yml.tmpl

diff --git a/.gitignore b/.gitignore
index a908240..12cdc62 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-*_secret.yml
+pihole-1_secret.yml
diff --git a/pihole-1_secret.enc.yml b/pihole-1_secret.enc.yml
new file mode 100644
index 0000000..07c574c
--- /dev/null
+++ b/pihole-1_secret.enc.yml
@@ -0,0 +1,33 @@
+#############################################
+# - creds for pihole-1
+# - generate value using;
+#      echo -n '<text>' | base64
+#############################################
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pihole-1-pass
+data:
+    #ENC[AES256_GCM,data:HL+ReCmmfvan+8r50F/aJZuvmG6WEXXM+N2ZDA==,iv:xNfilMa/Eh36yRN1J0HsWn1W36xDLSBHBhfA1UHgOdk=,tag:lVNW4+Va2AbnV+o234Tw0w==,type:comment]
+    WEBPASSWORD: ENC[AES256_GCM,data:LEQI5ewukzRqTNIu8fQG6A==,iv:ahRZx5jsw2/lFgCpcUvDSqSamY7DXeDv3anPqLSH758=,tag:L50FPC8fhNa1KUKX8P243w==,type:str]
+# EOF
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1x7aazmg26qf5vm7hnvxjqy77yvv5lc7jez7untjfnwrg8pa6aqysxlaa42
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeVlCb1lGREoxNGtoRjR1
+            dk1qSEE3SFdET2J4U0JkVWFiVkdnVXFuOVU4CjJGamoyc2JCeTRsYnVOUXJwZEI1
+            WHMrS2lQYjhGajlxam9JR3lNMmZzV28KLS0tIHpUY0JURHRWVloxdEthSm8zb0Fz
+            QVA2NEhrSmY0Z3pFVmxTZEswcjAxbXMK0j5GivNodEcrOeLtJAH/ggvYMYx6JuCD
+            3wIhlNC2PUlIBwwZwHr46kIx/hyC12IUrBYnqHiRtc3fsRD0p3QfRg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-12-22T16:20:13Z"
+    mac: ENC[AES256_GCM,data:++awtPJZDDDzVHSQzWCyBQAO+kjxa662QwAtHa2U1qGgHyWnZMnlVioX7Ob5DEtvOuaAPkYRhH9u7MuXyJm8jFTK9qJTzyarVIYIh0ez/1B5jQ+Zr4H/+DtuVGV59FV3XVerLgmuFw0Z0F05vWJdNWJ7yCMhEdCuOK3l4Cb4n0M=,iv:FNOSE6EoW7mf6zH6oabDUZ/Wl2qe3cCXhTvDianHv1M=,tag:/jYgkkiGjXU5rCTWzUF3Eg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.1
diff --git a/pihole-1_secret.yml.tmpl b/pihole-1_secret.yml.tmpl
deleted file mode 100644
index 8648314..0000000
--- a/pihole-1_secret.yml.tmpl
+++ /dev/null
@@ -1,16 +0,0 @@
----
-#############################################
-# - creds for pihole-1
-# - generate value using;
-#      echo -n '<text>' | base64
-#############################################
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: pihole-1-pass
-data:
-  # plaintext pw = "xxxxxxx"
-  WEBPASSWORD: xxxxxxx
-
-# EOF