infrastructure/black-start
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add cnpg backup key to secrets

Browse Source
This commit is contained in:
William Peebles
2026-03-17 12:38:14 -04:00
parent 27bdb3f674
commit ea27ab3067
4 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,2 +1,3 @@
result result
secrets/ /secrets/
test/

18
kubernetes/secrets/cloundativepg/s3-backup-creds.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, ... }:
{
sops.templates."omni-etcd-key.yaml" = {
mode = "0444";
content = ''
apiVersion: v1
kind: Secret
metadata:
name: s3-backup-creds
namespace: cloudnativepg
type: Opaque
spec:
s3AccessKey: fmRuq5b96EKqQOGR1prs
s3SecretKey: ${config.sops.placeholder.cnpg_s3_backup_key}
'';
path = "/var/lib/rancher/k3s/server/manifests/secrets/cnpg-s3-backup-creds.yaml";
};
}

5
kubernetes/secrets/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{
imports = [
./omni/omni-etcd-key.nix
];
}

5
security/sops_nix.yaml
View File

@@ -1,5 +1,6 @@
pw_williamp: ENC[AES256_GCM,data:HuZKDBB+9FHzoMg8KrCIdQ==,iv:DvCAqtsE/JbCGmlW7czAM9X+tB3aQDvOd1OcTWjNrow=,tag:YBsZG+RKlebJlKPToD+cSQ==,type:str] pw_williamp: ENC[AES256_GCM,data:HuZKDBB+9FHzoMg8KrCIdQ==,iv:DvCAqtsE/JbCGmlW7czAM9X+tB3aQDvOd1OcTWjNrow=,tag:YBsZG+RKlebJlKPToD+cSQ==,type:str]
pw_root: ENC[AES256_GCM,data:hbPcqxEFhdH4Y6KOFFCMfujL0B9uHzmNAwNNK4qLEVE=,iv:XrwGEYbc9OWckvoRfrKJmjXjB13BJG6lit5TR+Xarn8=,tag:fWtL0tsXBuCQHGorRlNIfw==,type:str] pw_root: ENC[AES256_GCM,data:hbPcqxEFhdH4Y6KOFFCMfujL0B9uHzmNAwNNK4qLEVE=,iv:XrwGEYbc9OWckvoRfrKJmjXjB13BJG6lit5TR+Xarn8=,tag:fWtL0tsXBuCQHGorRlNIfw==,type:str]
cnpg_s3_backup_key: ENC[AES256_GCM,data:zaMuxcu2XwgkmhkYnYKeZQQwRzSEJGPT2662B7k5JHzCH4e1TEEd+A==,iv:Na2iAuqgx8UNnDvXvP3N+csqVZFTsDwqR6OKeO/b/GY=,tag:jHeFVdRdTwk83XG6T1TwGA==,type:str]
sops: sops:
age: age:
- recipient: age1usxppyy4nfqtlvlvj5fgcwze6yy3yyvuqadrcmwwtt5dtctfkfrqzuk5w3 - recipient: age1usxppyy4nfqtlvlvj5fgcwze6yy3yyvuqadrcmwwtt5dtctfkfrqzuk5w3
@@ -11,7 +12,7 @@ sops:
Q1VUZnpnOUh2SVQ2RC9XOG5qUTVzeWMKd4nZfXETJi1tbRrUDb938mk+OOnIru9t Q1VUZnpnOUh2SVQ2RC9XOG5qUTVzeWMKd4nZfXETJi1tbRrUDb938mk+OOnIru9t
F66KTiCc7akLC165G1ywBMShMPi5K+X9vRzGfmzUmwOHh2f4tZLBHA== F66KTiCc7akLC165G1ywBMShMPi5K+X9vRzGfmzUmwOHh2f4tZLBHA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-23T01:50:31Z" lastmodified: "2026-03-17T16:34:22Z"
mac: ENC[AES256_GCM,data:wSnhBZDBKDEEFcb8YwBjiopnMEuaVYfeH5Oi1mrlq6sSpvrznUu2saI3l+ktNIK94lw8OyJaj7Nh9AuCouAKeJXbzmBlV/6pTr8Ud08K7UXbd0jqGMku2de3OvMIwrEdhe1H/yxVOFVuRNAgOKmkWB/6Hs+gD0v2FG0ymHacN84=,iv:g8GWfogEPPeGf0cO7PdMLsnffb5GQE1VVuO9s4Ls1Ew=,tag:pBlrcIthHJ1hPtvNbt37SQ==,type:str] mac: ENC[AES256_GCM,data:41TNxYgscdIZbbNxczTXzmPotyT4/ZsxspRihNf9NAj2c4PdQXNPeIMzS9meuH9LD4CTo9ws/pP7SBpPKnx4PzqdDekPvhdj9qIKdLjpKkJd+N0WfFXEgGEj7nAyc0lR2z6oSPuMB15xk8hIKT1prL9lDjjYRH3aKlhjaqP53LQ=,iv:RZpDhBWkbLL/pgwIuoPYUZd1Pmu0n7zt165DO7+uMHM=,tag:DQhFTgaFCgCV62QLCjozUg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0