daniel/homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change flux secret from PQ to non PQ

Browse Source 
On version 2.9 of flux (planned for Q2) PQ Keys will be supported
This commit is contained in:
Daniel Cosme
2026-04-21 09:00:26 -04:00
parent e3c73ed372
commit f557db5da6
3 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/create_flux_secret.sh
View File

@@ -2,12 +2,12 @@
set -eu
if [ -z "${AGE_KEY}" ]; then
if [ -z "${AGE_KEY_NO_PQ}" ]; then
echo "unbound variable"
fi
if [ ! -f "${AGE_KEY}" ]; then
echo "Error: ${AGE_KEY} file does not exist"
if [ ! -f "${AGE_KEY_NO_PQ}" ]; then
echo "Error: ${AGE_KEY_NO_PQ} file does not exist"
exit 1
fi
cat $AGE_KEY | kubectl --kubeconfig ~/.kube/hydra create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin
cat $AGE_KEY_NO_PQ | kubectl --kubeconfig ~/.kube/hydra create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin

8
scripts/encrypt_flux.sh
View File

@@ -2,15 +2,15 @@
set -eu
if [ -z "${AGE_KEY}" ]; then
if [ -z "${AGE_KEY_NO_PQ}" ]; then
echo "unbound variable"
fi
if [ ! -f "${AGE_KEY}" ]; then
echo "Error: ${AGE_KEY} file does not exist"
if [ ! -f "${AGE_KEY_NO_PQ}" ]; then
echo "Error: ${AGE_KEY_NO_PQ} file does not exist"
exit 1
fi
PUBLIC_KEY=$(age-keygen -y $AGE_KEY)
PUBLIC_KEY=$(age-keygen -y $AGE_KEY_NO_PQ)
SECRETS_ENC_PATH=$HYDRA_SECRETS_PATH
mkdir -p $SECRETS_ENC_PATH