secrets handling

2026-01-29 11:22:56 +01:00
parent 7cfa06330e
commit 41e50add87
5 changed files with 40 additions and 0 deletions
--- a/update-config.sh
+++ b/update-config.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -ex
+
+NAMESPACE=mosquitto
+
+SECRETS_PLAINTEXT=$(mktemp)
+gpg --pinentry-mode=loopback --decrypt --output $SECRETS_PLAINTEXT secrets.asc
+kubectl create configmap mosquitto-broker-config \
+  --from-file=mosquitto.conf=mosquitto.conf \
+  --from-file=pwfile=$SECRETS_PLAINTEXT \
+  --namespace=$NAMESPACE \
+  --dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE
+