oleksandr/homelab
1
0
Fork 0
Code Pull Requests Activity

feat(k8s): add SOPS + AGE data encryption

Browse Source
This commit is contained in:
Oleksandr Berezovskyi
2026-02-10 13:09:02 +02:00
parent c0cf62cc35
commit 323a9e1fe3
4 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -4,3 +4,4 @@
terraform.tfstate terraform.tfstate
terraform.tfstate.backup terraform.tfstate.backup
*.tfvars *.tfvars
sops-age-secret.yaml.example

4
kubernetes/dev/.sops.yaml Normal file
View File

@@ -0,0 +1,4 @@
creation_rules:
- path_regex: .*\.sops\.yaml
encrypted_regex: "^(data|stringData)$"
age: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc

4
kubernetes/flux-system/gotk-sync.yaml
View File

@@ -25,3 +25,7 @@ spec:
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
name: flux-system name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

9
kubernetes/flux-system/sops-age-secret.yaml.example Normal file
View File

@@ -0,0 +1,9 @@
# Manual step: create this secret before Flux can decrypt SOPS files
# kubectl create secret generic sops-age --namespace=flux-system --from-file=age.agekey=<path-to-age.key>
apiVersion: v1
kind: Secret
metadata:
name: sops-age
namespace: flux-system
stringData:
age.agekey: AGE-SECRET-KEY-XXXXXXXXXXXXXXXXXXXXX