encrypted secrets data values with sops/age

2021-12-22 11:08:58 -05:00 · 2021-12-22 11:08:58 -05:00 · 3fe7b00f00
parent c060f97fe8
commit 3fe7b00f00
2 changed files with 34 additions and 16 deletions
--- a/openvpn_secret.enc.yml
+++ b/openvpn_secret.enc.yml
@ -0,0 +1,34 @@
+#############################################
+# - creds for openvpn account
+# - generate value using;
+#     echo -n '<text>' | base64
+#############################################
+apiVersion: v1
+kind: Secret
+metadata:
+    name: openvpn-pass
+data:
+    #ENC[AES256_GCM,data:oTRrmtmswkUe0rfHWLxz5vXnoFm3xvTO2ajlypW0,iv:MXyRkEnSVTW1YD8TBhVU0G/koSURODePfNMRhkP/LTw=,tag:Df3ouY6xPefh+O9rwaprqQ==,type:comment]
+    OPENVPN_USERNAME: ENC[AES256_GCM,data:VOk3YpTL2/wwmeVj,iv:aiVmYITPE8xY0n54mgs9YncYHAj+UtYCE/xe0ls5a0U=,tag:aNljHuvEx20zSjdo7majsw==,type:str]
+    #ENC[AES256_GCM,data:XoYGynqtLM/+gv03o1Q7RommfuvTrZAlJX68,iv:S2mqtKlJ93ikPFRx7EiNH6PuhujR54mWf0N29aaQOrc=,tag:KGqdSQbKapOHRUYc3ndS0A==,type:comment]
+    OPENVPN_PASSWORD: ENC[AES256_GCM,data:N5Pbjp+FsJnRQRJTncPVmQ==,iv:hca1L+2UCm7+53/iLzuH96+qwY/XGo2CBqdei27mtac=,tag:AjaA7XcE2/jh0o6qBMQfIg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1x7aazmg26qf5vm7hnvxjqy77yvv5lc7jez7untjfnwrg8pa6aqysxlaa42
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SnlRTXdtK3FoZEdpSlJL
+            TjBUQVVqSFgrYmFsaUcydDIzNG5QOFFibEZNCmoyQU5OWTlIUmVqOW0rQ0g4Q1dV
+            Q2RnVFBWdkJLOEdtSUg2T2tnU0dBZnMKLS0tIDNVL01ObXZqRm9OcG5BWUs4bDdp
+            OGsvL0ljQzZhWFJGVXEwRTBnaVVrQmMKl6rNRLcngjeAF5O1ktftensc449xagFa
+            4jmeSdQzcDkSE5Cnh36O0FwOD9PXpjdao+QLgnAFxrNLcwpQYROkOw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-12-22T16:08:00Z"
+    mac: ENC[AES256_GCM,data:C25Ey5xi/gBIua7iaKfhFOL76R5tJlH50/L55JW3ioQISmt4wshP5j9lqXRjF18Se0Pc52TYYd5vc7SK1qbQcZ8GeBQeunrNRq6dj+/naxva39Q+/BsQXBX5K3njwy8Mk5GdEyx6IcUotxN0ej1KGO+nUgeMy9S+rVQOwjklDxQ=,iv:p8OcuomjGp63PixRW90bDz/f94A1lCQqWuDjJLWgRBk=,tag:Q93hfrJ0InCp4784foO21A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.1
--- a/openvpn_secret.yml.tmpl
+++ b/openvpn_secret.yml.tmpl
@ -1,16 +0,0 @@
---
-#############################################
-# - creds for openvpn account
-# - generate value using;
-#     echo -n '<text>' | base64
-#############################################
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: openvpn-pass
-  namespace: k8stv
-data:
-  OPENVPN_USERNAME: xxxxxxx
-  OPENVPN_PASSWORD: xxxxxxx
-