gitea_admin/deploy-app-kargo-private
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
deploy-app-kargo-private/README.md
XoR 4dd68859d8 feat: SOPS + age encrypted secrets structure 
- .sops.yaml with 3 age keys (admin, dev, prod)
- infra/gitea/values/*.enc.yaml — per-env encrypted Helm values
- infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets
- kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops)
- infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops
- All repoURLs point to deploy-app-kargo-private

Structure from deploy-app-kargo (reference), adapted for SOPS workflow
2026-03-11 10:01:26 +03:00

824 B
Raw Permalink Blame History

deploy-app-kargo-private

Private ArgoCD ApplicationSet repository with SOPS-encrypted secrets.

Structure

  • infra/ — Infrastructure apps (cert-manager, gitea, kargo, etc.)
  • ci/ — CI apps (gitea-runner, etc.)
  • kargo/ — Kargo pipeline definitions + encrypted credentials
  • .sops.yaml — SOPS encryption rules (3 age keys: admin, dev, prod)

Encryption

Secrets in *.enc.yaml files are encrypted with SOPS + age:

  • *.dev.enc.yaml — decryptable by admin + dev keys
  • *.prod.enc.yaml — decryptable by admin + prod keys
  • *.shared.enc.yaml — decryptable by all three keys

Branches

  • main — source of truth
  • infra/stage/dev — dev cluster (Kargo promotion)
  • infra/stage/test — test stage (Kargo verification)
  • infra/stage/prod — prod cluster (Kargo promotion via PR)
Reference in New Issue View Git Blame Copy Permalink