gitea_admin/deploy-app-kargo-private
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4dd68859d865ccf4c8cff5170d8d0b835e359f0a
deploy-app-kargo-private/kargo/credentials/git-creds-infra.prod.enc.yaml
XoR 4dd68859d8 feat: SOPS + age encrypted secrets structure 
- .sops.yaml with 3 age keys (admin, dev, prod)
- infra/gitea/values/*.enc.yaml — per-env encrypted Helm values
- infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets
- kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops)
- infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops
- All repoURLs point to deploy-app-kargo-private

Structure from deploy-app-kargo (reference), adapted for SOPS workflow
2026-03-11 10:01:26 +03:00

37 lines
2.0 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Secret
metadata:
name: github-creds
namespace: infra
labels:
kargo.akuity.io/cred-type: git
type: Opaque
stringData:
repoURL: https://github.com/Kargones/deploy-app-kargo-private.git
username: Kargones
password: ENC[AES256_GCM,data:2ucqkKTdxBlW2GCRmr4ZqrZZS2KuIcUCkhyF6/dIy0jGiUTM1iQIiQ==,iv:gTnztDCoZX9rfK6cnnoOOs6WD8mmw6tWr2z9JUkj+sA=,tag:I5OgSmjtAbnXxyhCe7y3GA==,type:str]
sops:
age:
- recipient: age1xmnaqlrjzpk5hl7uhel9sehqh7zdz8p59qte2myt97aqd7lyeuxszuess7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RVRoa2ZTT2llSitDYlRn
RU1RRkVNdnFFZWpMU0ZoU2Q0bGRKVFViZEc4CkdaalppTll1Q0c4T29aYks2a3Nq
azBaMWtJL3hyQlFVMFpUTjcrQ3BkU0kKLS0tIC80azJYWnhGZHpwK0lWa1FrS1d4
WlFjQk9WZVdoSnhnT1lROFZzUWMxb00KJ6i6Vap1FCYYUcTiNh5dyHbSeyXthtdf
iQcMjvZlOgKuHVPmaiXv8Mh+AHNl0RgWN2nNEoa1NPhriGU36ZmVWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16p0gwk8vt90vy2gm8jjca8rcyd2drv5526e997ukdelnv5ek8unqm0smuk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMUx5UkNBZHlZdVhlaXV3
OVNXTitPd2lQQXFoanNjb014ODB3ZUVLRHlvCmdBbkpmaXkzSXZxRFdPZEVubVJC
NHpyUDVkVjV5QXRPbnBHNkZhclMzc1UKLS0tIGtWcHZGMEorbFNEeStmSW80WE9N
RjRLYkhHMmd6UTNUSkxCUUFvMzVkdTAKJhUHz7PDrJca3OIdXyzXzD86/7tkCSm4
Q6q6WbscBBMtclrO5EfbHuzUUNuejFRLjeHjvPCBb5z/i6sp6Pxyuw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-11T06:58:02Z"
mac: ENC[AES256_GCM,data:KetBMvqfuE4eSrQoKmFJ0fkHHAvxFjQJvm9b9haSODfXDUxZ7DOYlVAVrZzf7L9VYFj7iP+yQeW2cLuV0JRH9+CL6u2GuvtK5WPC82NhRK/I5dEF+x3VIFjc3amr62FEuOjPeLOiAqluPeJ3BscW/Gj6UXKrLgrPzmZZgzzBHb4=,iv:fNbOFcpkAmom0Tf7xeoDfyklWNxIhHANS3WguPtrDK4=,tag:lsbhvAgSWdp+XKPKpGU56Q==,type:str]
encrypted_regex: ^(password|token|secret|key|privateKey|admin-password|db-password|passwordHash|tokenSigningKey)$
version: 3.12.1
Reference in New Issue View Git Blame Copy Permalink