feat: SOPS + age encrypted secrets structure

- .sops.yaml with 3 age keys (admin, dev, prod) - infra/gitea/values/*.enc.yaml — per-env encrypted Helm values - infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets - kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops) - infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops - All repoURLs point to deploy-app-kargo-private Structure from deploy-app-kargo (reference), adapted for SOPS workflow
2026-03-11 10:01:26 +03:00
parent 720748be50
commit 4dd68859d8
60 changed files with 1444 additions and 1 deletions
--- a/infra/cert-manager/config.yaml
+++ b/infra/cert-manager/config.yaml
@@ -0,0 +1,13 @@
+{
+  "name": "cert-manager",
+  "namespace": "cert-manager",
+  "step": "1",
+  "source": {
+    "repoURL": "https://charts.jetstack.io",
+    "chart": "cert-manager",
+    "targetRevision": v1.19.4
+  },
+  "helm": {
+    "values": "crds:\n  enabled: true\n"
+  }
+}