daniel/homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement secret management with SOPS

Browse Source
This commit is contained in:
Daniel Cosme
2026-04-20 19:58:02 -04:00
parent 6e1da78e02
commit e3c73ed372
20 changed files with 260 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
scripts/create_flux_secret.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
set -eu
if [ -z "${AGE_KEY}" ]; then
echo "unbound variable"
fi
if [ ! -f "${AGE_KEY}" ]; then
echo "Error: ${AGE_KEY} file does not exist"
exit 1
fi
cat $AGE_KEY | kubectl --kubeconfig ~/.kube/hydra create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin

35
scripts/enc_dec_go.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/sh
set -eu
if [ -z "${AGE_KEY}" ]; then
echo "unbound variable"
fi
if [ ! -f "${AGE_KEY}" ]; then
echo "Error: ${AGE_KEY} file does not exist"
exit 1
fi
mkdir -p $ENC_SECRETS_PATH
if [ "$1" = "enc" ]; then
for FILE in $GO_SECRETS/*; do
FILENAME="${FILE##*/}"
age --encrypt \
--output $ENC_SECRETS_PATH/$FILENAME.age \
--identity $AGE_KEY \
$FILE
done
elif [ "$1" = "dec" ]; then
mkdir -p $GO_SECRETS
for FILE in $ENC_SECRETS_PATH/*; do
FILENAME="${FILE##*/}" # Cut the directories path
FILENAME="${FILENAME%.age}" # Cut the .age
echo $GO_SECRETS/$FILENAME
age --decrypt \
--identity $AGE_KEY \
$FILE > $GO_SECRETS/$FILENAME
done
else
echo "Error: Invalid argument. Use 'enc' or 'dec'." >&2
exit 1
fi

24
scripts/encrypt_flux.sh Executable file
View File

@@ -0,0 +1,24 @@
#!/bin/sh
set -eu
if [ -z "${AGE_KEY}" ]; then
echo "unbound variable"
fi
if [ ! -f "${AGE_KEY}" ]; then
echo "Error: ${AGE_KEY} file does not exist"
exit 1
fi
PUBLIC_KEY=$(age-keygen -y $AGE_KEY)
SECRETS_ENC_PATH=$HYDRA_SECRETS_PATH
mkdir -p $SECRETS_ENC_PATH
for FILE in $SECRETS_FOLDER/*; do
sops --encrypt --in-place $FILE
FILENAME="${FILE##*/}"
DEST=$SECRETS_ENC_PATH/$FILENAME
echo Moving encrypted file to $DEST
mv $FILE $DEST
done

2
scripts/get_kubeconfig.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
set -euo pipefail
set -eu
echo CLUSTER NAME: $CLUSTER_NAME
echo HOST: $CLUSTER_HOST

2
scripts/install_flux.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
set -euo pipefail
set -eu
echo CLUSTER NAME: $CLUSTER_NAME

2
scripts/install_k3s.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
set -euo pipefail
set -eu
echo HOST: $CLUSTER_HOST
echo USER: $LINUX_ADMIN