feat(k8s): add SOPS + AGE data encryption

2026-02-10 13:09:02 +02:00
parent c0cf62cc35
commit 323a9e1fe3
4 changed files with 18 additions and 0 deletions
--- a/kubernetes/flux-system/gotk-sync.yaml
+++ b/kubernetes/flux-system/gotk-sync.yaml
@@ -25,3 +25,7 @@ spec:
  sourceRef:
    kind: GitRepository
    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
--- a/kubernetes/flux-system/sops-age-secret.yaml.example
+++ b/kubernetes/flux-system/sops-age-secret.yaml.example
@@ -0,0 +1,9 @@
+# Manual step: create this secret before Flux can decrypt SOPS files
+# kubectl create secret generic sops-age --namespace=flux-system --from-file=age.agekey=<path-to-age.key>
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sops-age
+  namespace: flux-system
+stringData:
+  age.agekey: AGE-SECRET-KEY-XXXXXXXXXXXXXXXXXXXXX