secrets handling
This commit is contained in:
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
pwfile
|
||||||
|
pwfile.backup.*
|
||||||
4
decrypt-secrets.sh
Executable file
4
decrypt-secrets.sh
Executable file
@@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
gpg --pinentry-mode=loopback --decrypt --output pwfile secrets.asc
|
||||||
|
|
||||||
4
encrypt-secrets.sh
Executable file
4
encrypt-secrets.sh
Executable file
@@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
gpg --pinentry-mode=loopback --symmetric --cipher-algo AES256 --armor --output secrets.asc pwfile
|
||||||
|
|
||||||
16
secrets.asc
Normal file
16
secrets.asc
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
jA0ECQMI4UREx2FMqFH+0ukBfA+x8Keg6UIXpZcH7Gykbmuv1HjutEHmoC6u6ztY
|
||||||
|
vRzCtBKp0gepiQNoqQFEdPIj27mMpP9RjLD8/X4TlsfFwZhpYGKM/GHuetxtpX+m
|
||||||
|
Mhx/M8po3GKRgjt6W4Yz68C1/CodWjnINPhfBjCTdAh1+AzpwjzBGzByykR11sLy
|
||||||
|
4WnQRsZ+nw2p88970NzFn0N1NF7oV/i70K9cDBt5ecwDg4s/9EpLRrwRnXmeW7iY
|
||||||
|
zwLyUuh+FK3QOWjaoeUHqaC0dMQPtaSUHw1uo1yLsnCDdDnqHS24CIXZJu/5kpVf
|
||||||
|
/aqpCxZ0hvjQUWcyHPykXBq1RVR8CBv6mDd9tHIdXCk/7eVVOC9SxhH7V9MPAbRu
|
||||||
|
KIdsemUHWWC4SqmlbMvizpZnq9lsXVnbGhTiSyPb127MB+tk1GDX/LccqXTduhmp
|
||||||
|
R1V/e/8lTM887GruW7QqOi5yAp1vcgOuZxVBRriBfaLiZ0jJqQv6T11exaRAUgv0
|
||||||
|
g7yKgT9iO31JmhFNP//RnT75eXkMEM+iWdRNyp3FJs0jrr0F9vhSnXCcQ/Z94pYE
|
||||||
|
m2GK8yicf5DEBNrp8b0W1EtG9D5MJpYsWSyrVCwy9e1fRrMRryy45lOmPTdrR4ba
|
||||||
|
0rIK+k+hUsqGJrMHunA7l1Zokx/gXxhOoRrR0jzN6DKvYnT7/2HSvwsw7he/qIDa
|
||||||
|
/xEZwXIgwbMW6jgqRWXvWvd6Xw==
|
||||||
|
=Ohf7
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
14
update-config.sh
Executable file
14
update-config.sh
Executable file
@@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
NAMESPACE=mosquitto
|
||||||
|
|
||||||
|
SECRETS_PLAINTEXT=$(mktemp)
|
||||||
|
gpg --pinentry-mode=loopback --decrypt --output $SECRETS_PLAINTEXT secrets.asc
|
||||||
|
kubectl create configmap mosquitto-broker-config \
|
||||||
|
--from-file=mosquitto.conf=mosquitto.conf \
|
||||||
|
--from-file=pwfile=$SECRETS_PLAINTEXT \
|
||||||
|
--namespace=$NAMESPACE \
|
||||||
|
--dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE
|
||||||
|
|
||||||
Reference in New Issue
Block a user