Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
ec883f6b16 | |||
b5f95d3fc9 | |||
77d5158659 | |||
c418a6ce4b | |||
b6904e4ed2 |
@ -22,7 +22,7 @@ steps:
|
|||||||
build:
|
build:
|
||||||
image: plugins/kaniko
|
image: plugins/kaniko
|
||||||
settings:
|
settings:
|
||||||
repo: quay.io/wollud1969/k8s-admin-helper
|
repo: quay.io/wollud1969/woodpecker-helper
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
tags:
|
tags:
|
||||||
- latest
|
- latest
|
||||||
|
@ -2,13 +2,14 @@ FROM alpine:latest
|
|||||||
|
|
||||||
ARG USER="user"
|
ARG USER="user"
|
||||||
|
|
||||||
RUN apk add --no-cache kubectl gpg gpg-agent bash && \
|
RUN \
|
||||||
|
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
||||||
|
apk add --no-cache kubectl openssl gpg gpg-agent bash trivy@testing curl helm && \
|
||||||
addgroup $USER && \
|
addgroup $USER && \
|
||||||
adduser -G $USER -D $USER
|
adduser -G $USER -D $USER
|
||||||
|
|
||||||
|
COPY decrypt-secrets.sh /usr/local/bin/
|
||||||
|
|
||||||
USER $USER
|
USER $USER
|
||||||
WORKDIR /home/$USER
|
WORKDIR /home/$USER
|
||||||
|
|
||||||
RUN gpg -k
|
|
||||||
|
|
||||||
|
|
||||||
|
21
decrypt-secrets.sh
Executable file
21
decrypt-secrets.sh
Executable file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set the environment variable GPG_PASSPHRASE
|
||||||
|
# Pipe the encrypted data and
|
||||||
|
# - redirect the output into the destination file or
|
||||||
|
# - directly eval the output, in this case make sure ONLY variable definitions are in the file
|
||||||
|
#
|
||||||
|
# The second option would be
|
||||||
|
# eval "`cat secrets.asc | ./decrypt-secrets.sh`"
|
||||||
|
#
|
||||||
|
# To create the encrypted file use
|
||||||
|
# gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
|
||||||
|
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
|
||||||
|
# Make sure to use a good passphrase, make sure to store the passphrase safely.
|
||||||
|
#
|
||||||
|
# Adding the encrypted file secrets.asc to a source code repository is secure.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -
|
Loading…
x
Reference in New Issue
Block a user