From f557db5da645319af94be244b7738e2c56f326a7 Mon Sep 17 00:00:00 2001 From: Daniel Cosme Date: Tue, 21 Apr 2026 09:00:26 -0400 Subject: [PATCH] Change flux secret from PQ to non PQ On version 2.9 of flux (planned for Q2) PQ Keys will be supported --- apps/hydra/secrets/linkding.yaml | 80 ++++++++++++++++---------------- scripts/create_flux_secret.sh | 8 ++-- scripts/encrypt_flux.sh | 8 ++-- 3 files changed, 48 insertions(+), 48 deletions(-) diff --git a/apps/hydra/secrets/linkding.yaml b/apps/hydra/secrets/linkding.yaml index e6c6a6a..f7fb876 100644 --- a/apps/hydra/secrets/linkding.yaml +++ b/apps/hydra/secrets/linkding.yaml @@ -4,51 +4,51 @@ metadata: name: linkding namespace: linkding stringData: - supe_user_name: ENC[AES256_GCM,data:ksT268LhGr4oMajHODGVnEw=,iv:6MNfGQdAJysxySogJIAujqCBzA/UTBqy2tAmAz15FQY=,tag:fXiDattDh0ldXvdlwiGsSg==,type:str] - supe_user_password: ENC[AES256_GCM,data:llPaiDegtQO0DzVyts854jA7a6lp7fkKluDCLN3AxTjca5YX/0jr9v+nbUM=,iv:H/vHd+aFnHXTK3idSBEeRdl/O1QAZH4ddzTfrZgYIgM=,tag:bg6p4xEtwhs7e3tB82x+jQ==,type:str] + supe_user_name: ENC[AES256_GCM,data:n0HH1+Fj9ADDfbmsgewX8ME=,iv:/+wjPULK846z1HUfezEugfsihlWzvBfzqdOQERuI6FU=,tag:EUJFif7K7zY3I2WAF+86Jw==,type:str] + supe_user_password: ENC[AES256_GCM,data:hAegIjdrZtTHQXNYom47EhXW95kJzBc8B+KRMV9VvlbLA2B0JXmOZ8Hok28=,iv:005UBohSEoG6dPe1TDMNtPYWNBfa7L165b17g/t3OV0=,tag:ZKgMC0cJzp4YzwdTgb1JHg==,type:str] sops: age: - recipient: age1pq1sv3sp559cz4uvdynlfp3j9kr4kur56q655385d86aqrqraz8hejmrfqfwf6qrduzua3t7gap67rk0tenyj3nqu33fqana0zeugvr8y2xrgr33th48pja57wzvk9hscyg5jg9rxwk3y7dpkqmtvfkuhg6gz7xepkegu5wuxdegv2gxvk9027skh7wrjpawfdr59d6azmcwpa8ez46zv0ynkfu6xdxceqrwkxphw3wc2m6e22vxzyzzmxkqmj8qa49q5pfyveezf33varg2uvmchujrff5twfrrn4mmhwpry44p2hf5akwvuwvwdqczcd6hlghqm9fh9rlv9v27gz9u07qvvpmwyyt8z643z9zflat6lwjvpl6zmcrw4776hpqkvsyd09gwh530gvtg7qmnfky8ef8xtxpjdqskw95tydqv9n86gunwt8zf3km9g4lpjgynpgxu79nzkds39axygs982q7xeft7u5rw9vyr2hk0y3c589s9r9qtr3usy3uw4sygs56dgllwufnhmqe7zlqvf5wk73z3fl59xrw3pgys50eectrjqvzkukmtrzkjt4mdv6y35s0xefmjvsdlumg85rxyt283g4gf96yn2d6p92ue329xt6x3xxfs2p4xqw33w90qqdt9enjdxcd2tppcr9c8hxf3s2p6m4sdr5rc0r4c384ysm5f4exa63f3vpnzwy6qk2v7ymmfv3yyfwg9fgc28h2yym3xsp8y6a457zer8tk2ndmz4pu3g2wrcggg9zze4xs2vyhsf5umqykzfeptquqp3nqgplejsuemnxpuc7qvuk8t5fdn9c5rgrkuqtmxq4cv4y88lgz4tnmqdda6azsa2krupkgrksqpg0uk6lscezk86cka5hecrg9v7742uarqevlqytxv37jgf2ueyaxcccqzfzvxt3jet6kergarq2mvvdgt8x8m8n5n9qye5e2d2jw2z3n96a8d6sh0gfxzf8mk4gm7d60pa7r7tmk59ggch55s8w5p9lwpunvspdg73theqrsd9cykzkf93f95l9yw5g8ex595cxe6xy9tw67msej2vmntsad0v8tsc642kthwft6v0thelt8vktzc4e3azqjrkzkyhyyn9q2yuetx34yr65u27xvdpdrhl352rluaj2g32yxkum30sj845wx2vwqez4ztveva7g5j884d6l0rylkwz4f8jdexnnmehdxn2t759utazhnsx48984cxmncnd6cr8fpjvv4ugzefs44x0w6kyy7nzml7w2jsdgjs43k5mlent5sqqckmnpvr4y9s828t7d55jcjxfydgj2exqert9r4m7myqwehgdxgzsgmceu7uat4rpjfrag0x0gyewk7xgdyvvqp3cj44v0u24e73q47gqrma0c6n7djsrmyctv9vfr579s594ss5heg87aq08j8u6g5cs3xthtz7ckhkw0pz3h5vv06r9psrp63ggdrdq9jzrtp6vfl34dgw33nt4efyh7rrpl9psfwp6yn8rcv7acew0cecjqr6gd0s2wtt6996aapj82epyzvksenc9ew5j2xn9umh6y7jt0xsq9xz5e6v4r8xjmykapckgmq56awux29xzupu35gr9qv5crfkqzhe53dpczj930hwvrldqaq2z3g7e3tu92jqcl88ka43zxdkvwym4qacjsztl7gtv5v0juy9q0ctfd4l672wu2ps3vtypyzcpm2jyxvy093aqzpsfua2h6rycahupnxj8qstc3r0flhwx7l4vgw6vnzptvs98yp2spnqwr5y27xgu64nzdkj3pk5vdkrwuyyg78wthd3eh9qk7pzn6fl47ccrevundlq4lwlsjr7fm929cvxdp8dmyz8t45mapjvzk37yf2s7mddp0lpxzal739e5py082sq3c5wchkzc84cl4w enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IG1sa2VtNzY4eDI1NTE5IHZIVTI2OVlO - d291TTlYN3JFbm9oY0ViVWNuOWpiNzh6UjVvVnFkQ1RLQmFmdlNJaDRBRGN6MWVL - emllSVExelArWE4zNmtnS0RYQlU1UkZvUXRWVlgrdnhjNHBVV1dNY0lyMm1KRDBY - cHlTVGtZbkJtUlhjQk1LMFh3UGtwRVlsK3dpM0JWOEQvWGlidmcrTUlleEZOTlhJ - dFBYa2pLZVVpdDdjcDlRbjFZc1A4OTRvNHowcGR4NUIxNEVtREMyVEZiWGJXZXNy - eHA0SHptbEFEUHBDcUxGbTZwTUZFMENpOW1HWnl1clYwNjlVRm9pMFM2bytFbEFP - NFZmdTNOaVQxNlZVb1NwY2R6L2JKVVVyS3I3dVdNc3RJYWdJcklCcTFDRWZrWW4x - dHJyczVGcTVKVUV2dHZzWnNObXNSTnBqbE1SdjdMZ1NhVDRmblFkanlZQVhvRjIr - Y0VEZGxsSGVHWFhXUUQwNm5kQ1Buak8vYkYyMC95elB0Vm16M1d6U1V0NzRTOGlw - OTd1MjBIVGo1TkljRUJDbVJDTzJ0dzNBeDBISnBydUQzNlpkdVl2dHJSYW1TanVj - UFlnZis3MWtqNVhiY3FWTkVOc2dydm9BNXQwYXArMzBOcWcyTlZoRDRiR0J4Sk9w - K2FZNklpUHh6RGpVaVIvVGlkeXkxV2tBeEtoN1FRV0Rpc21xS0c3Zy9zdWRvWDVj - SVcwM2x5VnNYRGlFUk1zeGY0NEh4bG1MS2oyNTlIZG5UOE00NVBDWjlZa0pDaW1S - QlBOejQxSW9HMFNid2FRdjdVRmluMWhGQUVoR2RjbUlEbFF5eXhmVFkvaUc0cTA4 - MDNlWFBLOFR3TUdsSGlVSXY3SnhhZk4xbUR5cEVpS0pOeERrRnVPeWZpSy9hNGtB - bUhPTExxdmpKdFdkL3U0c0tCZXZhQzNrUWNlMitQb0N1ZXpZQ011SkNkTzZNUEta - aDU4aFZKdmhHR2xLanBGRWk0M3dycGlrb1NZUUNkU25mTzFCTkdjaUlZb3U2MDdN - NkFoZDVuOHBmWU42WTU1TTBMWktPRTBjajRWcmhMaUhnSWZvcTBiWStpY2RKVGpi - L0NoZmZmOVVkOU53aTYrSGMwV0FKWlJTWkFQSHJCSW1qbi9xM0hLSFhpRWVQK0Rq - bnVIbFY0NVJXK2ZRNWsxVnlSTzBpMmJhNUcwMlUyK0FKZkd2ZGZ0MHZQOWRTeHgv - RnhrdUxhSXhCYmtMcGh2UmdFYXlFSllqZnF3YnZLS3V6WjVDeElYdUpKZTY5bmF5 - K3ZoTVpUUm5TQzhlbllBV0hiTE4zbWpjc2hEMWozNGp3Zi9MOWNPNXd2c0ZOUlVt - T0pYKzRGeGJCb2N5S3kwRUNrdDNxREkrRDRFSWVMV1hYSFo2NzNLK2o2TVlNbGtI - WjBYcFZBdVlEMEtpQW1DQnZBcCtrOGlDRC8yMlZSY2t3eGdxakYzQU96UFlVZkFM - QmFmMzMwNWVkUDdRR0o0RkQzYnNmU2EvZG1iazQwbTArNDRBb3FIcGEwbVhjajZT - eXo2MThqbEFPKzkrUHpSd2hpYUR3NjZzMkE3ZmozdHJycGoxL0FjbmtGQzNOeWFE - UnZHR3F4SkV1V1htclFOZFVjZzh3VUJleWVUbDI3a1dYMld5cUttVTBoR3F1SFUv - ZTN1dmgvVU5YWnFmbnM3djA3a0VEWVdlNWoyaDgwOVlsUXpWVStVUE5PVENDaUpD - SE5wUno2dS8reFJ0ZXdLUTMySU9DV0o5RGNyanBzbFRWTUZPbU4wOVk0MGxHOHRr - ek5sVHZjTXJkWVpoQVFxOXMyMUQ4a01TL0RoeHFYZ3VlQXdxNzZhaWNuTGk3ZmVH - OFVUaXVmNUIvaXN2QUFUVktycGdGMjN0REMvL0h4d0RBMHVhL0lwUEV0Y0Z0Y2dy - VjFkdVFXeTJ5WStzRm5OeFIyM1VsV2RqY0tMSzRuQ3ZTdFltdzFxcWNpeDVmdwpN - aWFSUlYrUGhBZHc3QjRWdWlSY0xENWcrUHVzMlROWEFKQmRMU1dDcXZnCi0tLSBs - SGU1WGU2Z0lXNXZtWUlyeS91TlNiVFJPbmw3YkF1V0xFZERqMWRiYzNvCoM/4Yxa - 2CVMQrIHVcDHgJS5zjtAGU1oJ+V6uagff94KmvhoxutLDZVzMOI4RXJLqX9dhbto - y34d5A/e6B8EskY= + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IG1sa2VtNzY4eDI1NTE5IGlZR0pKVE1y + WlNJL0htdFhrL1VDTnFBVlBqdmcveVl1TmhYSkpiVTE1UG9rclEzSXk5bWlIZDhI + eE4vRzgvS0FNUGl3UkpVeGl4S0ZWVFJCVU9ZRG4zc2FqeVQzT2FJUDliSVoxczhL + UEdyajJUZklpbjBqS0diY1NkbHI3ZHkyNFZwNE9MUU1QRWxxL2ZmSU5WQ3I0TEx0 + WFkyTHdnUTg1aW1FNWZNVmg3NWxNb0V6RnFHUW4reWx2REltQ2h5T3NMOEZiZUp3 + bUtHMXlaeS9ibDN1SytCRG11R0NzVkY0RXUycHloNGo2S1hKMEJiemJTTmhodVJP + TDJ2WTg3eXFIUGM2YXY3elFsQ0tvZVlPOUp3WHBVSlRGWGNQZmNPYkpuOW9SRndT + eEhTbkkrTUpaNllmSWVzamg0T0NsUWx4N2w4eHRHOTdyMEpWV1ZTbHBYazE1OENi + VEczaEMxdjArQSt6NXN5YWcxSmxvdmdGcUZSK0xZTEhYMk1wWThxcFJZdzdWODh2 + cnFOTWNXN1BCNVR5OCtQZjV1WTljSG45WlFvU3pQaGExeWluNEhYOTB2YlAyNlBY + a0ltVlVJUlJIaHhPUXlZQ2t0MUs0Zjlhc04rdWE0Vk5naTB4bmpubktrcFBza0g0 + TFJsWGJvbkRtS2RMR3NGSklLekxhcmx0TE5TMnhoZ2lKY2drVm5tOUVGNXdpV3JB + RjQvWWUvWmtIMW0zTEt2bjVMMmlwS1Z3bmZRenltdVNWdUxnQVhCWUxxOS9rbWZh + Z0wvUnRWQllWSTl1ZlpMU21wNTNxVlZUbTJ5VHd5UUlLeGpyS3FEb1AzUEMzZDhV + ZmVVMG9yTzZmSFNRYWVoWlVsVmMyTzRjRUVlY1VrdCtnU1llREx0cWJkTFVERU96 + RndmcHNnK0tVQkpBeEhHM2g4a3ZtKzlZZlNyTktWc2wvcE84SlFUdHdUYnJCWDds + RktFc3ZjdVZRbjhETVJyVHFYelNaNEE3V1oxZzIxMFd2TDJ3WkkxSlVLT3VKemo1 + ZlgweWFHWXFOSldLS1R6NjN1UTVmZXRYR0hWVlNpdlQ0bUpBNGk0S0pQdTEvZC9k + cmpWcEhVdUYwZG9sTi9wTTcreVJuYTRLT1ozMzJEay9Rc0JDMnBZR3JYSnh2ZTdq + TUVSYWlYNnNWZ0ZycWhSbXB3TnhSeW5iQkxqOWkvcHh0WnZGQjBxVFRaUnhlR1lx + WENiajI2clRZRDAyK3BHWU1rUEFuc3duYXQzbXRtUlBwRkdiT3pWMGxRM3hkVnZT + bGpxTm5qOXhvbGJaQTFtN3VabjZxcXdHQmlmQ3NMUi9Kb1oxK0syNWhFekFCZkFX + K2FoRFpOVDJwZ3BCWEhSUk5TYTNRNDFKQU1vbkFXOGpId0RvOWZxN3BBRTRYdUZJ + RldZWVJrVVZjakxPYytGc2xBbk1IT3pFSHpIQk1MZ2wyMmY3eXdFSXhHSVpBR1BC + L3J2OERJT0wzanhnRUpEY3phdGtIWGZjL0tHQTRBaDNBMjl2YnZHeSt3ZnhtdW1n + LzBYRnZzc0J1SDYxQ1NKU3o1OGVyby9qMk9lRE5mU00vTDhTTjlnS0Z0NTRETG5T + UEFhOG5ZbkpIb1hLMU1ZeVBsRzBuNWFBbnQ3K3lMdWFiUHJpeVdvWHUzclMrZm9v + T290NUVaWHZHRDdwOUx6eTcwTkR1S3VzR1UvMkdpdjhoeGVpUCtDbmhuSGtUWEFu + YWl4bnpVSUxscCtvY3RMbHBCeXdRbng1a01sbWJMOTVOZFlhQ2JOdVJTZThpMXh6 + QTVrQzBoNERzNWd0WkdRT1hpVUF6RWY2L0h1cjluTlpaNkJkNm5tamJzYzAzMmtD + Z2hmWWVNZmhyMXg0WEtjczYrYzZZUHdqdTV1dzZkQlJJeXlKVUp4Q2pUaGw0WEJS + b1BmdndMUHVsZUh4dWk5VCtydzAwUTg3S3FSd0ZBVWJaNXQwRTlKdGJoWW5LUQpR + cjNMaHJSNHc2QkIxT1ZTc2htM0FKMTg1OUQ3QjhqL2JtSXZmOEV1N0VZCi0tLSBp + cFVocXR3REd3R1M1KzB1Q1NqMFU2V2JhZUtvSUVxaFAzaDY3UTlnS0dNCobHAR+n + 6pYnQuPypXykADId4tcheZinyH9Qc+Otgv1dEvK3k8Il4gdBDZaR2puhGr4MCorH + U+BdwLtwXzAM8Mg= -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T23:41:39Z" - mac: ENC[AES256_GCM,data:p0Q4Jgx+qmk3ipmdO49zZJN9Te1lJ8g+WCtRcJmvG1jq0BUxmi4tLt4Ir1u+caK0U1wpLxd0mxkI/b41Wlke5vcd+462nR3GINhGFL0QGWyHv25PmWvWnHIMvxyRA9MmMPmIHQpG/JDUWShriNmKGQwUU2BqW4u53y6M2NguMag=,iv:8BQLnW2ZBzRXawyxcAE4SGpYFx+g+OBt5sxQbsx24AM=,tag:Gj5nIJqCHwfTSU5tvjBGIQ==,type:str] + lastmodified: "2026-04-21T12:58:43Z" + mac: ENC[AES256_GCM,data:ayQ38a5d041zHEZetbTjob8D1RKcqi+726H0KwBh19emHRdw7v3izn7TCrW0xUbuzLK0Fr4OemZUTKnRQhTPP/zi+UnQMk+eWbOlvtr0IXCbYBcrltsoJJxA1cpZq0OlKJ0zqqqRj0wxLKuA1pNlDODNAHug9QEKC1oRMZ74KtE=,iv:Ypg+Hg/Q7CTw1yAAHXOf2gBbLHEiOafel/iHlYC8N8w=,tag:2vg5JZ67Xw3VcsyLBfklSA==,type:str] encrypted_regex: ^(data|stringData)$ version: 3.12.2 diff --git a/scripts/create_flux_secret.sh b/scripts/create_flux_secret.sh index fcd6bb5..c4c6453 100755 --- a/scripts/create_flux_secret.sh +++ b/scripts/create_flux_secret.sh @@ -2,12 +2,12 @@ set -eu -if [ -z "${AGE_KEY}" ]; then +if [ -z "${AGE_KEY_NO_PQ}" ]; then echo "unbound variable" fi -if [ ! -f "${AGE_KEY}" ]; then - echo "Error: ${AGE_KEY} file does not exist" +if [ ! -f "${AGE_KEY_NO_PQ}" ]; then + echo "Error: ${AGE_KEY_NO_PQ} file does not exist" exit 1 fi -cat $AGE_KEY | kubectl --kubeconfig ~/.kube/hydra create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin +cat $AGE_KEY_NO_PQ | kubectl --kubeconfig ~/.kube/hydra create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin diff --git a/scripts/encrypt_flux.sh b/scripts/encrypt_flux.sh index 591c0ba..9532468 100755 --- a/scripts/encrypt_flux.sh +++ b/scripts/encrypt_flux.sh @@ -2,15 +2,15 @@ set -eu -if [ -z "${AGE_KEY}" ]; then +if [ -z "${AGE_KEY_NO_PQ}" ]; then echo "unbound variable" fi -if [ ! -f "${AGE_KEY}" ]; then - echo "Error: ${AGE_KEY} file does not exist" +if [ ! -f "${AGE_KEY_NO_PQ}" ]; then + echo "Error: ${AGE_KEY_NO_PQ} file does not exist" exit 1 fi -PUBLIC_KEY=$(age-keygen -y $AGE_KEY) +PUBLIC_KEY=$(age-keygen -y $AGE_KEY_NO_PQ) SECRETS_ENC_PATH=$HYDRA_SECRETS_PATH mkdir -p $SECRETS_ENC_PATH