Compare commits
10 Commits
Author | SHA1 | Date | |
---|---|---|---|
ec883f6b16 | |||
b5f95d3fc9 | |||
77d5158659 | |||
c418a6ce4b | |||
b6904e4ed2 | |||
118baa38f8 | |||
cab241a96e | |||
c60fcfd26b | |||
088e773e63 | |||
c4d73c8529 |
@ -22,7 +22,7 @@ steps:
|
|||||||
build:
|
build:
|
||||||
image: plugins/kaniko
|
image: plugins/kaniko
|
||||||
settings:
|
settings:
|
||||||
repo: quay.io/wollud1969/k8s-admin-helper
|
repo: quay.io/wollud1969/woodpecker-helper
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
tags:
|
tags:
|
||||||
- latest
|
- latest
|
||||||
|
13
Dockerfile
13
Dockerfile
@ -1,4 +1,15 @@
|
|||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
|
|
||||||
RUN apk add --no-cache kubectl gpg
|
ARG USER="user"
|
||||||
|
|
||||||
|
RUN \
|
||||||
|
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
||||||
|
apk add --no-cache kubectl openssl gpg gpg-agent bash trivy@testing curl helm && \
|
||||||
|
addgroup $USER && \
|
||||||
|
adduser -G $USER -D $USER
|
||||||
|
|
||||||
|
COPY decrypt-secrets.sh /usr/local/bin/
|
||||||
|
|
||||||
|
USER $USER
|
||||||
|
WORKDIR /home/$USER
|
||||||
|
|
||||||
|
21
decrypt-secrets.sh
Executable file
21
decrypt-secrets.sh
Executable file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set the environment variable GPG_PASSPHRASE
|
||||||
|
# Pipe the encrypted data and
|
||||||
|
# - redirect the output into the destination file or
|
||||||
|
# - directly eval the output, in this case make sure ONLY variable definitions are in the file
|
||||||
|
#
|
||||||
|
# The second option would be
|
||||||
|
# eval "`cat secrets.asc | ./decrypt-secrets.sh`"
|
||||||
|
#
|
||||||
|
# To create the encrypted file use
|
||||||
|
# gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
|
||||||
|
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
|
||||||
|
# Make sure to use a good passphrase, make sure to store the passphrase safely.
|
||||||
|
#
|
||||||
|
# Adding the encrypted file secrets.asc to a source code repository is secure.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -
|
Loading…
x
Reference in New Issue
Block a user