infrastructure/k8s-cluster
1
0
Fork 2
Code Issues 29 Pull requests 10 Projects Releases Packages Wiki Activity

Use sops to store secrets inside the repo securely #30

New issue
Open
opened 2025-05-29 20:12:22 +00:00 by GhostPLACEHOLDER · 1 comment
GhostPLACEHOLDER commented 2025-05-29 20:12:22 +00:00
Copy link

Flux can handle the decryption. It this ensures the secrets are stored with the configuration and we don't need to backup them separately. Even desaster recovery is much easier.

https://fluxcd.io/flux/guides/mozilla-sops/

Flux can handle the decryption. It this ensures the secrets are stored with the configuration and we don't need to backup them separately. Even desaster recovery is much easier. https://fluxcd.io/flux/guides/mozilla-sops/
GhostPLACEHOLDER commented 2025-05-29 20:12:22 +00:00
Author
Copy link

@earl-warren it seems to be safe to store encrypted secrets in public repo. jenkins infra is doing same, eg:

199109fbd6/hieradata/clients/controller.trusted.ci.jenkins.io.yaml (L37)

@earl-warren it seems to be safe to store encrypted secrets in public repo. jenkins infra is doing same, eg: https://github.com/jenkins-infra/jenkins-infra/blob/199109fbd6dec34c514838d1c49d74a115d4a319/hieradata/clients/controller.trusted.ci.jenkins.io.yaml#L37
👍 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
renovate/helm-3.x
renovate/kube-prometheus-11.x
renovate/ghcr.io-traefik-traefik-3.x
renovate/k3s-1.32.x
renovate/forgejo-next-v7-forgejo-7.x
renovate/forgejo-next-v12-forgejo-12.x
renovate/forgejo-next-v11-forgejo-12.x
renovate/forgejo-next-v10-forgejo-12.x
renovate/forgejo-code-forgejo-12.x
renovate/forgejo-code-invisible-forgejo-12.x
No results found.
Labels
Clear labels   
bug

Something is not working

  
cleanup

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
forgefriends

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  
help wanted

Need some help

  
invalid

Something is wrong

  
label workflow

a workflow is associated with this issue and will trigger when labels are updated

  
need more info

   
question

More information is needed

  
refactor

No functional change, reorganization

  
static-site

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  
sync

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/build.yml

  
wontfix

This won't be fixed

No labels
bug
cleanup
duplicate
enhancement
forgefriends
help wanted
invalid
label workflow
need more info
question
refactor
static-site
sync
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/k8s-cluster#30
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?