From 2f33ba0ae64c39c720ba0b28c842ab93c428fb8a Mon Sep 17 00:00:00 2001 From: stefanprodan Date: Tue, 1 Sep 2020 15:52:21 +0300 Subject: [PATCH] Add secrets decryption section to docs --- .github/workflows/e2e.yaml | 2 +- config/testdata/sops/keys.yaml | 6 ++-- docs/spec/v1alpha1/kustomization.md | 50 +++++++++++++++++++++++++++-- 3 files changed, 51 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index dee6903..b12bd28 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -75,7 +75,7 @@ jobs: run: | kubectl -n kustomize-system apply -k ./config/testdata/sops kubectl -n kustomize-system wait kustomizations/sops --for=condition=ready --timeout=4m - kubectl -n test2 get secrets/test --template={{.data.password}} | base64 -D | grep test + kubectl -n test2 get secrets/test --template={{.data.password}} | base64 -d | grep test - name: Logs run: | kubectl -n kustomize-system logs deploy/source-controller diff --git a/config/testdata/sops/keys.yaml b/config/testdata/sops/keys.yaml index 8c69ff6..0ac9aea 100644 --- a/config/testdata/sops/keys.yaml +++ b/config/testdata/sops/keys.yaml @@ -1,8 +1,6 @@ apiVersion: v1 -data: - sops_functional_tests_key.asc: LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFPWUJGMW9RVjBCQ0FDMWlGZkU3SDN1dTBoYldiUllWTW96NXpaOTFBQ0hFVENPTVZ4TjhHT0c0U1YwbDhhUQp3bUs5UVdrWXhoaTUyTG5pY1ZEM0Q3VXk3NStKM3prdkVEUTE1QzBBWjhVSFhwNEpsU1F1WHBGaHJPaGZZVUYvCjZwci9RZXhUK2hRak9hY3ZZNHFmbmo0eEthL0FHZHY1dlBJeWd0UXVtRTZyM0doRVZBeFExR1N3dENXU1UzWmwKM1VxZjdTOGtEdkpUZW10UjJVa1ZmcFhjTWQ0QW1NS2d0N2ZWaFBPOGVGb3RxVExQdnovaUNsekVSK3E2MWZMQQpkMXJQOVlsbVk0Nk1KcC9QZmZQaWNXZEppS3YyaTZ5bktjSXdrclF5UDZWMlp6WWkvZ0FoTkpzdDNabE1mc2lOCmVrQ3Rjb3c5Qm40NHV4VzNVOFcwMkZOUVNOeW42VjZRUERJWEFCRUJBQUVBQi8wWjhrUVNsa3pFOTdRaFhtMGcKL1BRdWFWQ2RZOVVKZVNNQlhUdkRaaEJoQWNMZjZ5WkxTdHExdXo0c0lpV202K1pjWDhtWFE5YjkwZk1jZW9hSwpzVnhpWVlhRWNDWGd1NXpjdU1UdTh4UldLMzBiemprQVJyRGpFQnlaRk5McnIveXpPM0tLV3ZkVkFUb291NzdOCnhMeGN0NGRmKzQ2dkVNcy9ET3VsRFVreEJPamxrcHJscTh4U0cvNnZ1bzdySktVeWxzUzRzNSt5K0VKQ2ZtMG0KOEM5NElJT3Q0MkFOT2JEVXppVUhDRk5oQ0tTVXM5MnJMN0hYZmNNRzZMMTZVclNwSjN5TE52VEkzNFBnUnlkdgpwcHU2REFGTmVxc0o2b0lOU1dYRXFqZk1ISzdMeTlveUYyYmtCMlZLb2FwQWR6NllHSnlkck9EaEZyVGhjdUprCitwWTlCQURLblh0WXZEUlBvVHNmUllnWmV3dEJ4ZjNjY0dVam9TOVlDQzNzYWxXdVBFV25hbDJ5STBZUndaTkUKaWlyT0ZHS0g2amgvZnh0RlpOUFh1WWI3TUp6RnFWT2NBUno2VVNDdlIxdmEya01aelFFT0t3eE9YcUlZWU1WaApVd3o5KytRdWdxY0JMSHc5WVVGbUgvRHNSYUw0elA0SDhjWDVPMVRBTEZvM2FDL0VIUVFBNVZ6VUR1cGNwUkxQCmdGNmRDZ1QyR3lhamdSb1VGVTdCcnE4MitISkRCRGhITUIrM1ZXSmhzQzlEa1RNaC9SdFBPdUxiNDFLME9aLy8KYWNvWG8wUWpzTHNCeCtoTnFXQzBvb3NxYW9YaVV5aGJtRXVrdmxVUm01dUhUaFg5bjVCWklLaGlDZnQvTllOTwp5YitPQmdZRkhOMTFCTVVWeWhNUjdiZTJtbEo0RU1NRC9qZDlXUUlvSFFRNkJLTU5PbGM2Qkd1NEtzTXYvK2ZGCktWNHhuSktyV2pKeHdyaTBGc09ZTFMycWtnYlNBWGp4THFaV3g0VXlsbUpoMUhTQXlqVGdoWTB6UUVmMm9ES2QKMERLTjhZNDJhYXdoMUFvbElmRGJZT2FtcHc1dEJ6STIvV1lPa3NHUkZDd2pDaWRMM3BOZDAzVzlkQm1OYkJSYwp0VktMRy9rdDRKd0NMMHkwVTFOUFVGTWdSblZ1WTNScGIyNWhiQ0JVWlhOMGN5QkxaWGtnTVNBb2FIUjBjSE02Ckx5OW5hWFJvZFdJdVkyOXRMMjF2ZW1sc2JHRXZjMjl3Y3k4cElEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCsKaVFGT0JCTUJDQUE0RmlFRSs4ZTU0cVQ1S0pyQXdkU0VQUmJPNUtKemdiUUZBbDFvUVYwQ0d3TUZDd2tJQndJRwpGUW9KQ0FzQ0JCWUNBd0VDSGdFQ0Y0QUFDZ2tRUFJiTzVLSnpnYlREY1FmN0JwN2Uyelk5cEJCWFRnREFTUWwzCjFTU0hwOVdrUlVWNWlxUFZDOWlQQ0VMZ2d0ZUJHTXdJcGJEbG9iYzZPOC8wNmZveFdjdFRVYWFjaVBCbzIramUKV0ZUTytETnZCN29YSUFycXI1NjczUUhMaDZqRUFCQmp5dDkxcnZ0YTJ3WUYxWEpCZ3hwdWk5YUxJQ3NDcHRGTgpJUnZIZUtVclhCSTRmRzV6M0NEcy9FT29ZOEsvQUFZSlVGK0VSdG12bWlzaUUvbTIwVXBiWVJta0JKeTI1Yzg5CldjbjEySTFTVUpBM0gzaEd3dlpDWXA4aFkxSFB4eFFVdFUrRFpCSXByeWkweFFxRXhHQWxZcWNrN0cwM0YrQUQKNy9jc2FUMUxFZEN0V1JMTndFOFVrdmZVRjZsaUYwU2d6eEZvMXBwM2dCVTRzd2RzOXlPOXdOZTEySlkvTTVBLwpCSjBEbUFSZGFFRmRBUWdBdHVuOEpoU3BOQUt2T1h3V1gybkZobk1YVEpwNHZpTWhsQVpFZG1NWEVpMjdCMkRNCi9uUnpsZGp4R1pvTlVCU1ZiSk5qMmt4NVpVRGwwbzZlT3BDaHZSYUd1Q09wWXFPdVNRdkQ4Rm5YME5nUVVMd3UKVForTWF3c2Flemt0SkVqRFNCTTFSNnVBU2VKd0RaajRoY1VuUGd5QUlFU2FqUGRvd0VrRWpkWXQyNjFmR09MTApjVm9WZHRxek9NQmtMVmRySy9GRDFrR1I5am5TbEtFWURWOUR2ZUJVQlFHZHFrZ1dYalM1QktjYWUwN3ZpQzZ4Ck1hOUFKUzRwaXp5REFMQjJrMEhRT2VsWk5paE9HWFlVdXZrY3MyRml2bDBUazNPQ2ZIOVhEdkZlaGJZUkhta1IKRG9NdUtVRFN6ZHk2dEZCQWtMMENQbFhBV0k2a1FrbGFCRXAxOVFBUkFRQUJBQWY3Qlg3WUxZaTNZTEduOUJFdgpWdVNGbzdsM2ZMeXpYZnNPT2pWSi8waVEyK0gxMlkzbCtzc2k0ZUNudGI0MElqRE1JSHY1SndqZktOU2ZVd2tuCjVkaU1rM0xHejJkNjRsVEttclU0eU5MYU1oTWJ3bUUwL3U0Sk9Qb1hiSlpXTGQzbHlCZVRwVGlZM1I5cGdHOFYKSUdmQSt4TkRFalVkYzVqSFUrZWR0R2szN1g2bDZ1TDNPQU5TL015VFJkVk5yMjhHdi91cFhtSnMvTmJ2VG9zdAoxaHNVODlnYURqa2ZzV2hkaGl1Q0hSOWJxb3lvdC9WZ3ZwdDFOeHpmVjRTUUdWRmVwaDh5Q0d2U1JCUzh6WHVaCkZ0bXpBQ3MwajJhT01TdWNBR29nRW9EMTU4T3BYU05mZG1aMW5Dc3dsbzF5cVA2K2lyOG1yMkRUUmdNdHhQUWEKTjQ5YjRRUUF4VlR3Ulo2K3FpU0N6L0dKUHE3cUFTR0c0UklyODdnUHp4YUhtem5RaEtJeDZMRU1qWC8rTlU2Ywo5NEE4YVpZL29ON2YzcnI4YXBJQStjQUhiQXdGR3BiYzdrZTFDZ3kvbS9lSlpOVXhXUFQvWUJqWjRWKzQxVWF0CnZpR3JibVM5QjRRdWxPcEYyTmc2TGNPYzRkZ2d4VFBBVy9DWWQ1VDJGSW1yMXFZampXa0VBTzFMc3MwMExZNW8KNUk0UXFnTTBPZWVCRU9POExpU0RtaktnT3Z0c21KNitkQTR4M3JZZ0k4c21GTXN2dHlyY2I3NWs2RWRaYXpnTgpZU0k0c1UzV2NlV2JydGRWcjFnbFAzOENCTXVwbkZ2ZzhLd2JqU0ZWOHZOcVZCSENYU2hVeG5IbWxPVytVVnF5CkN4akpmMFJUT2hMRVk1RElSd1FCMEg4UDMwZFlPZmF0QkFEYUdJYnMvNisxUnVsS3BId1cvYzMrWE9sYVRaclQKVWhOanVjY2o3WTlJc3BZRCs2Y3JOa1F2QXJpNjBBb0RmSWlPNWFUazhyU1lwR3dCMXZFbW5VVm1OUHZSRjk1OApHVjNweUNPdi9wa21ucFMrNHcrYWtpSnNTSFgzanFxcDVmYi94ZDZ1a1VYOTVWZ1N5bXVKK3lhNDlHOEIwamo2CmJ3N0I0UzJNMzkrWGRrZzJpUUUyQkJnQkNBQWdGaUVFKzhlNTRxVDVLSnJBd2RTRVBSYk81S0p6Z2JRRkFsMW8KUVYwQ0d3d0FDZ2tRUFJiTzVLSnpnYlM3endnQW5kYmY1MzJPWG85SHdQSCt5UVFtelFDTERGTDZQNFY3TGNGcgpyeWRZSXRURWh4cUkzdGJiOTZNS1hSQXQrRzVNdzZKalJrV2h3emJVM2pFN0Q3WEJNSHc3R3JpVFRVOVFsdE5ICmc3VlVwU1NhaVRmVmNTTkVyenNhcWJqYkE3ak1zN1ZXek9xNExabzZFZnk4VURLZzVxY3FMRmFUUXJ6UVpZTkgKTmZNK2tMQWlVUFU4bTd2d216Nm9KV3NqSGtRS1VoS2hIcHRscHdNd2RIa29hY3FETzB4Mkg2SDkxbC9QbkRtNApaRzZGeWJKdGNqcjk4aStwNTIvWE9vODFuTGdYN3RjRlMzbnJOOUhOZGdLZzFaVzN5cnpnOE5PYUZDVkE4cUxECmdMay8vTTNxRGl4T3hpdXJFQ2tGck12dC9iRHhFR3BONUdWeTU1ME1teVVaUXJrdXFnPT0KPVZqR0wKLS0tLS1FTkQgUEdQIFBSSVZBVEUgS0VZIEJMT0NLLS0tLS0KLS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFIWUJGMW9RWWdCQkFEUHVWUDZKZGsvSi9UYk5hOWRYaXJwL3p6d0sxOFpxTnVkTnFRR04zSCsyYVNneFh3TAp3bFJmenk3ckIzQ1U2RXdqems5RVZZZVl6dFRJa0dITDBKWjFDQ1RpQkpBcmxITzBiSFFRN0NQZUtQa2hJaGtqCmVBOHl1OWRjVTc3b1lDMnhid2dmNDNLWXpmTUtTR0V5Ymcrc0JPK2JIK1k2cGFKSzU0VjJjdVMzR3dBUkFRQUIKQUFQK0pqZjVCWHRWUDFPQXI1eHZDWVM3N0pXemhwVFVTSXBTN2RnUjBicjkxR0FDOURtaG15QkVHZVNxd3o5NQpMVXlZUmJZOXkxclpPZnBFR0NySWM1R0xQT1F5dE85WE1JemFTM2RwemZHaGxhL3NwYUtONHZKRHZJT2wrcnVUCmJJbkRkQ1JTbXFYQ2ZtMjQ3OE9oT3F1YzBIMGE0NmVTbW9hWWVLZEUzRThRWmlFQ0FOeFVML2RGazVqOE55UG8KWmN3WHc5TXYwQThVcnluUmNxaHQzU2N0aTlrN2Ric0h5bGNPYk0zMDVMRmRjb05uU2ZOQUlKaHhmamJpWHlHVwp2d1QyL3FNQ0FQRmF0cTNndlZqeTZ3S0t5bGlvaTVjVndiTHY5TCtPYVJYZFIvRHkyYmgvdDN1am5zbGlWNCtSCmY3azNySE9RZWFNTFRueWZjejhBZW5MNUlPZThSU2tDQU5GcEJneXp4Q2NWNDhNbStGV0R4anJTSjQvbXNSbk4KZ3hxQVBScmRwbTdlMXVlYnRCa1BoNGNoNG9DVzUvbExzUk4yM0xVVklYWUpSd3lGZlJqZWhDaW8wclJUVTA5UQpVeUJHZFc1amRHbHZibUZzSUZSbGMzUnpJRXRsZVNBeUlDaG9kSFJ3Y3pvdkwyZHBkR2gxWWk1amIyMHZiVzk2CmFXeHNZUzl6YjNCekx5a2dQSE5sWTI5d2MwQnRiM3BwYkd4aExtTnZiVDZJemdRVEFRZ0FPQlloQk5jaWtFTTQKUzh4Z01teHZ1ZGh5RFpWOFBUQjBCUUpkYUVHSUFoc0RCUXNKQ0FjQ0JoVUtDUWdMQWdRV0FnTUJBaDRCQWhlQQpBQW9KRU5oeURaVjhQVEIwUjJjRC8yWXdhSjQzaUd1ZWFBekJ5Rm5sK21VRUJRSjRIaEg0cDdCSWR4NkI5QWpFCjN5TGU4STRkcXFZWHh5WnphSjlkK0tpcXhKQlQwbDFHWHQzSDVNMzJ5REpacXpYQjlQVFdQM3l4OCtRMUN1Q3MKN0VML2JoSkQxL3NMZHVtVmM3N2JtUXRjSTlOU2lZeVB6Ti8yWnF0VjVSVTE0TG9oMjRWRkVqdUhHdk8wakkzKwpuUUhZQkYxb1FZZ0JCQUNoWGkwMGZtcEVzMEppcTB6T3lZbTlpNzQ5Vm9Pc05SZW9CLzVpeDFRQ2ltd1ZaS2UxCkQzN0lQNVFxeXN4eStMSVFjNGxKK1E4Zm9OT3gxQWV2NStURHl2K2lVODJEOXhyOXVQTExiQTgyazNBWjA0T3IKQmpyWi9ZdDFOWmh1YUh6Y2laQ1BwbXF6RjlrcVZxQVpjK3ZNaUtaTDFXWmpTN08xRndhaWRZMXZYd0FSQVFBQgpBQVArTDB3VVFlT2ZzRDArZ3Y4a2h5UEpUSlpPRDFweFE2TllLTGNYRjhyRzArdlFuRUNoYTA5OFlLTktBWFRwCmtmVlU4Nzk1aVFZSUtjUVE2SGwyTzFmajFBeEpFL2laWXJxZm03VVp6M2JRN1JPU3NBRVBaNUdET2pLZmJ3c3oKRTZiV1ZIK1BoUzFhemx2dFRzOUplelV0SzBXbDlzKzgxRk9yWnRuVVVza21XdEVDQU1OTnM5dWpVdDZHSHYvSgpOWFZhU21rMXo4UVhpdFBIYkFKTERNajR4VkR5c0pXWlY5NWVwbEMrUlVTaUx6NUhlUDJBUWdoMUQ5UnYyYkE1CmM3T2NKM2tDQU5PRWtBMGhWcFhDSTBGS3JzaWhPZjBOVU9hQXRTNkNRTkZsYUlrckx3c3NKUVk4cEdZYlJmUmEKM2tyTkpQeU9sWG1lelYyL0NzWDNFcUE5S1hYZW41Y0IvaVNtTUpPNFduZEdKVGU3WXpVRW5uWS9QMlRLZzFmTgpzNnY1TGYzOWo1TGw4VjVyVkRUN0FwQXcwSUtTOGZ6cGJkSFAwSGNpenV0bEY2bDQ0WWFBWE1HZmhvaTJCQmdCCkNBQWdGaUVFMXlLUVF6aEx6R0F5YkcrNTJISU5sWHc5TUhRRkFsMW9RWWdDR3d3QUNna1EySElObFh3OU1IVEQKSHdRQXYrdWk3MThBVDJodzJwSzlKYU51VHhqbGxySCtLUE1scm92MFA4b1hIUENvaEM1Y3hNNXNKNnRDUTBxSApYeWVXb0RFOFYzMWJ0cUZWQVF5cnIwd3kwZ250bDFML3RybndNSG9QOGEveGEwUkhOazVDN2htY3VoVEhiUWV5CkpOYmlSSlpwQ0laMU95ckYxNytxNnU5WUJQandxcDhLckovMHJ5eTJreWI3WlJNPQo9K3RKNgotLS0tLUVORCBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQotLS0tLUJFR0lOIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0KCm1RRU5CRjFvUVYwQkNBQzFpRmZFN0gzdXUwaGJXYlJZVk1vejV6WjkxQUNIRVRDT01WeE44R09HNFNWMGw4YVEKd21LOVFXa1l4aGk1MkxuaWNWRDNEN1V5NzUrSjN6a3ZFRFExNUMwQVo4VUhYcDRKbFNRdVhwRmhyT2hmWVVGLwo2cHIvUWV4VCtoUWpPYWN2WTRxZm5qNHhLYS9BR2R2NXZQSXlndFF1bUU2cjNHaEVWQXhRMUdTd3RDV1NVM1psCjNVcWY3UzhrRHZKVGVtdFIyVWtWZnBYY01kNEFtTUtndDdmVmhQTzhlRm90cVRMUHZ6L2lDbHpFUitxNjFmTEEKZDFyUDlZbG1ZNDZNSnAvUGZmUGljV2RKaUt2Mmk2eW5LY0l3a3JReVA2VjJaellpL2dBaE5Kc3QzWmxNZnNpTgpla0N0Y293OUJuNDR1eFczVThXMDJGTlFTTnluNlY2UVBESVhBQkVCQUFHMFUxTlBVRk1nUm5WdVkzUnBiMjVoCmJDQlVaWE4wY3lCTFpYa2dNU0FvYUhSMGNITTZMeTluYVhSb2RXSXVZMjl0TDIxdmVtbHNiR0V2YzI5d2N5OHAKSUR4elpXTnZjSE5BYlc5NmFXeHNZUzVqYjIwK2lRRk9CQk1CQ0FBNEZpRUUrOGU1NHFUNUtKckF3ZFNFUFJiTwo1S0p6Z2JRRkFsMW9RVjBDR3dNRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUVBSYk81S0p6CmdiVERjUWY3QnA3ZTJ6WTlwQkJYVGdEQVNRbDMxU1NIcDlXa1JVVjVpcVBWQzlpUENFTGdndGVCR013SXBiRGwKb2JjNk84LzA2Zm94V2N0VFVhYWNpUEJvMitqZVdGVE8rRE52QjdvWElBcnFyNTY3M1FITGg2akVBQkJqeXQ5MQpydnRhMndZRjFYSkJneHB1aTlhTElDc0NwdEZOSVJ2SGVLVXJYQkk0Zkc1ejNDRHMvRU9vWThLL0FBWUpVRitFClJ0bXZtaXNpRS9tMjBVcGJZUm1rQkp5MjVjODlXY24xMkkxU1VKQTNIM2hHd3ZaQ1lwOGhZMUhQeHhRVXRVK0QKWkJJcHJ5aTB4UXFFeEdBbFlxY2s3RzAzRitBRDcvY3NhVDFMRWRDdFdSTE53RThVa3ZmVUY2bGlGMFNnenhGbwoxcHAzZ0JVNHN3ZHM5eU85d05lMTJKWS9NNUEvQkxrQkRRUmRhRUZkQVFnQXR1bjhKaFNwTkFLdk9Yd1dYMm5GCmhuTVhUSnA0dmlNaGxBWkVkbU1YRWkyN0IyRE0vblJ6bGRqeEdab05VQlNWYkpOajJreDVaVURsMG82ZU9wQ2gKdlJhR3VDT3BZcU91U1F2RDhGblgwTmdRVUx3dVRaK01hd3NhZXprdEpFakRTQk0xUjZ1QVNlSndEWmo0aGNVbgpQZ3lBSUVTYWpQZG93RWtFamRZdDI2MWZHT0xMY1ZvVmR0cXpPTUJrTFZkcksvRkQxa0dSOWpuU2xLRVlEVjlECnZlQlVCUUdkcWtnV1hqUzVCS2NhZTA3dmlDNnhNYTlBSlM0cGl6eURBTEIyazBIUU9lbFpOaWhPR1hZVXV2a2MKczJGaXZsMFRrM09DZkg5WER2RmVoYllSSG1rUkRvTXVLVURTemR5NnRGQkFrTDBDUGxYQVdJNmtRa2xhQkVwMQo5UUFSQVFBQmlRRTJCQmdCQ0FBZ0ZpRUUrOGU1NHFUNUtKckF3ZFNFUFJiTzVLSnpnYlFGQWwxb1FWMENHd3dBCkNna1FQUmJPNUtKemdiUzd6d2dBbmRiZjUzMk9YbzlId1BIK3lRUW16UUNMREZMNlA0VjdMY0ZycnlkWUl0VEUKaHhxSTN0YmI5Nk1LWFJBdCtHNU13NkpqUmtXaHd6YlUzakU3RDdYQk1IdzdHcmlUVFU5UWx0TkhnN1ZVcFNTYQppVGZWY1NORXJ6c2FxYmpiQTdqTXM3Vld6T3E0TFpvNkVmeThVREtnNXFjcUxGYVRRcnpRWllOSE5mTStrTEFpClVQVThtN3Z3bXo2b0pXc2pIa1FLVWhLaEhwdGxwd013ZEhrb2FjcURPMHgySDZIOTFsL1BuRG00Wkc2RnliSnQKY2pyOThpK3A1Mi9YT284MW5MZ1g3dGNGUzNuck45SE5kZ0tnMVpXM3lyemc4Tk9hRkNWQThxTERnTGsvL00zcQpEaXhPeGl1ckVDa0ZyTXZ0L2JEeEVHcE41R1Z5NTUwTW15VVpRcmt1cWc9PQo9WnMycwotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi0tLS0tQkVHSU4gUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQoKbUkwRVhXaEJpQUVFQU0rNVUvb2wyVDhuOU5zMXIxMWVLdW4vUFBBclh4bW8yNTAycEFZM2NmN1pwS0RGZkF2QwpWRi9QTHVzSGNKVG9UQ1BPVDBSVmg1ak8xTWlRWWN2UWxuVUlKT0lFa0N1VWM3UnNkQkRzSTk0bytTRWlHU040CkR6SzcxMXhUdnVoZ0xiRnZDQi9qY3BqTjh3cElZVEp1RDZ3RTc1c2Y1anFsb2tybmhYWnk1TGNiQUJFQkFBRzAKVTFOUFVGTWdSblZ1WTNScGIyNWhiQ0JVWlhOMGN5QkxaWGtnTWlBb2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dApMMjF2ZW1sc2JHRXZjMjl3Y3k4cElEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCtpTTRFRXdFSUFEZ1dJUVRYCklwQkRPRXZNWURKc2I3blljZzJWZkQwd2RBVUNYV2hCaUFJYkF3VUxDUWdIQWdZVkNna0lDd0lFRmdJREFRSWUKQVFJWGdBQUtDUkRZY2cyVmZEMHdkRWRuQS85bU1HaWVONGhybm1nTXdjaFo1ZnBsQkFVQ2VCNFIrS2V3U0hjZQpnZlFJeE44aTN2Q09IYXFtRjhjbWMyaWZYZmlvcXNTUVU5SmRSbDdkeCtUTjlzZ3lXYXMxd2ZUMDFqOThzZlBrCk5RcmdyT3hDLzI0U1E5ZjdDM2JwbFhPKzI1a0xYQ1BUVW9tTWo4emY5bWFyVmVVVk5lQzZJZHVGUlJJN2h4cnoKdEl5Ti9yaU5CRjFvUVlnQkJBQ2hYaTAwZm1wRXMwSmlxMHpPeVltOWk3NDlWb09zTlJlb0IvNWl4MVFDaW13VgpaS2UxRDM3SVA1UXF5c3h5K0xJUWM0bEorUThmb05PeDFBZXY1K1REeXYraVU4MkQ5eHI5dVBMTGJBODJrM0FaCjA0T3JCanJaL1l0MU5aaHVhSHpjaVpDUHBtcXpGOWtxVnFBWmMrdk1pS1pMMVdaalM3TzFGd2FpZFkxdlh3QVIKQVFBQmlMWUVHQUVJQUNBV0lRVFhJcEJET0V2TVlESnNiN25ZY2cyVmZEMHdkQVVDWFdoQmlBSWJEQUFLQ1JEWQpjZzJWZkQwd2RNTWZCQUMvNjZMdlh3QlBhSERha3IwbG8yNVBHT1dXc2Y0bzh5V3VpL1EveWhjYzhLaUVMbHpFCnptd25xMEpEU29kZko1YWdNVHhYZlZ1Mm9WVUJES3V2VERMU0NlMlhVdisydWZBd2VnL3hyL0ZyUkVjMlRrTHUKR1p5NkZNZHRCN0lrMXVKRWxta0loblU3S3NYWHY2cnE3MWdFK1BDcW53cXNuL1N2TExhVEp2dGxFdz09Cj1QYWZWCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0KLS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUVOQkYxb1FhWUJDQURzQ3cyMjNXRGoySVNua1pRSjA3TlM3RVIvZnQyVHo2RlB6c01xejVKbUdsd1FhbnRICk16anFOR0U1ZHUxVEJLK3lDSXV6bitQL2lva21PZEZqa0gyME9ISENFbWdCUVBRMld4cFI0QmMvakR2c3dvTDIKMmFta25JWVN0ZitTZ0N3dE5QVDUxUlM3LzVick41cFZuNEdqRFlnK0lSTGszM2J4ejFrTjM5MzNvbGtNRkhKRgpocnIxcmNFMXV4dDNqMkNFUHpmS0FVeXZpS1hrU2w0MUlBb3BFMmU2OXpzVmcwWWFlbnNUbkUvaFk0NXIxcTBXCkFCWG9KTGc0SDZVdEhaV1dHZzd2bXRRWUNwaWlVSWFXWjNZQjQ0OVVyNGp4WGVJWlBVcWhsaXFPb1VrOGE3RW4KMVpDMWhHTHcwamFFTmVhSHl3VkdpOVpxQUJtT1ZZbXZJdEkzQUJFQkFBRzBVMU5QVUZNZ1JuVnVZM1JwYjI1aApiQ0JVWlhOMGN5QkxaWGtnTXlBb2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyMXZlbWxzYkdFdmMyOXdjeThwCklEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCtpUUZPQkJNQkNBQTRGaUVFdGhHaStmRWREL2dsYUlCUkdmbTEKMnVxUi80WUZBbDFvUWFZQ0d3TUZDd2tJQndJR0ZRb0pDQXNDQkJZQ0F3RUNIZ0VDRjRBQUNna1FHZm0xMnVxUgovNFljM1FnQTJXY01sQ0NVQjR1eXl2S3ExYThaVEJsaTBZekl4VCtLc2xMK1BiT3hmaG94Z2x4UFJDbEIwL2w2CnN0RzNSRDBVWEtxOWNUZTlmNW5JOTZYSlJxVXplUGZLdGl4U2llaXJOVFpzd2lISVlpZllmZzQ2MGdYWUFJc1YKZGV6dFJHeEVhTVVWcTZ2YWprQTY5eUdiaTJuRXhhUXJQUUFnY09veUVjR2hzUVZpNU0zcmJJR0lKdEsvSzc3NwpsQXZXc2tNV2pFTC9WSVEzcUhKYXBCd2h0eUs4cEtpUTFVMnNzdlhTUDE1Um91VVUvOFBkRDZkODJkTGxMZkJtCmVpeVFDZUpZUXlSL2dlSkF2aHlCTytKeStTUzJSTkNFNkZHaXJBQ3pSaDNTU0xwS0F2aWVvTUhxWXphdjhrTWgKelNNYTUyMzBTS3BhcnRic2dGdTd0Mzl6c2MzdDZMa0JEUVJkYUVHbUFRZ0E2MGtKZ2hUdXh2WmFOalhDWkJuagowK3orTlNuZmhkUGFHZ2RVU3RYRENienNPMmwvNmt2bFdNd3dTM1Z1RHdHangxdkxXdDlLV3htTDg1K3FMRTJICkZ1UnBINHNKRmErMEhyYVk5U1AxVXhnTzV5ZG9tbVJLZExEdzVpUUlhSkFDTVNzTUFISE9RQ0o5VnVORTFndDgKZ09iNUo5MDJnUmFoZ0lLcEdycm10STZ4M1ptdTFyeUtyQkg5TG42MGtZdnJVMTRBTlBZdEl2T3dxQ054ZVU0Qwo5cTFxNC9iNzNSWGcyR3JpOGFsR2IySE1JYWVLNnU3aTVNbEVPcWtRb2YyRmttR2czbkV3LzZDdmNuZjRqZXNKCmliS2E2OXZDNm4zOVpKMGVSaG1ocjN0dzNNUDc2TGFheWhxcThUK0Zmb2c2OEEzT2UraTYrZjdQeUxlMG9hSEEKdVFBUkFRQUJpUUUyQkJnQkNBQWdGaUVFdGhHaStmRWREL2dsYUlCUkdmbTEydXFSLzRZRkFsMW9RYVlDR3d3QQpDZ2tRR2ZtMTJ1cVIvNGI1bHdnQW1WQ2EwWFllY282RWMrSXowQ0xCdk5YREZIL0tzUC95cFdLNWR1elpSS2ViCkQzMGNEd1FIVUZXSDVXaXZHWjVuSitSczl6a0Q3YTA3b21NVFJtQ3NyakQ0STN4REdNVFUyM2wrZ0JTQzUrOVIKQjZiT2k4MW5nSDNPTGFTYmVoMnQyMVBERWY1N005NFdGTmx3MkxWZ012WjZTNHJzN0k0RlpnbTc1aDRFR0d1WQpJdDFsOFNxTldjS0RtOUt6L3FHMGxxZVNHR0ZuUXFtU0JGSDBWYjBodXMvWEVyVTJyM2ZRcjFsRGowVktwT0lPCkowWXM5cm1JNnlFUFRpK0doRnIxYkhLd1pNaW56NWxjSG5PbDh4eWU0OHRzck90SE1HTjE3L0I2aFVVR3pkK1cKVHBock9mbmZUTzFZQ2tnMW5FQjVFMlJhai9LVitvaHFQdmpFK0toRTdRPT0KPWdxaEUKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQo= kind: Secret metadata: - creationTimestamp: null name: sops-pgp - namespace: gitops-system +data: + sops_functional_tests_key.asc: LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFPWUJGMW9RVjBCQ0FDMWlGZkU3SDN1dTBoYldiUllWTW96NXpaOTFBQ0hFVENPTVZ4TjhHT0c0U1YwbDhhUQp3bUs5UVdrWXhoaTUyTG5pY1ZEM0Q3VXk3NStKM3prdkVEUTE1QzBBWjhVSFhwNEpsU1F1WHBGaHJPaGZZVUYvCjZwci9RZXhUK2hRak9hY3ZZNHFmbmo0eEthL0FHZHY1dlBJeWd0UXVtRTZyM0doRVZBeFExR1N3dENXU1UzWmwKM1VxZjdTOGtEdkpUZW10UjJVa1ZmcFhjTWQ0QW1NS2d0N2ZWaFBPOGVGb3RxVExQdnovaUNsekVSK3E2MWZMQQpkMXJQOVlsbVk0Nk1KcC9QZmZQaWNXZEppS3YyaTZ5bktjSXdrclF5UDZWMlp6WWkvZ0FoTkpzdDNabE1mc2lOCmVrQ3Rjb3c5Qm40NHV4VzNVOFcwMkZOUVNOeW42VjZRUERJWEFCRUJBQUVBQi8wWjhrUVNsa3pFOTdRaFhtMGcKL1BRdWFWQ2RZOVVKZVNNQlhUdkRaaEJoQWNMZjZ5WkxTdHExdXo0c0lpV202K1pjWDhtWFE5YjkwZk1jZW9hSwpzVnhpWVlhRWNDWGd1NXpjdU1UdTh4UldLMzBiemprQVJyRGpFQnlaRk5McnIveXpPM0tLV3ZkVkFUb291NzdOCnhMeGN0NGRmKzQ2dkVNcy9ET3VsRFVreEJPamxrcHJscTh4U0cvNnZ1bzdySktVeWxzUzRzNSt5K0VKQ2ZtMG0KOEM5NElJT3Q0MkFOT2JEVXppVUhDRk5oQ0tTVXM5MnJMN0hYZmNNRzZMMTZVclNwSjN5TE52VEkzNFBnUnlkdgpwcHU2REFGTmVxc0o2b0lOU1dYRXFqZk1ISzdMeTlveUYyYmtCMlZLb2FwQWR6NllHSnlkck9EaEZyVGhjdUprCitwWTlCQURLblh0WXZEUlBvVHNmUllnWmV3dEJ4ZjNjY0dVam9TOVlDQzNzYWxXdVBFV25hbDJ5STBZUndaTkUKaWlyT0ZHS0g2amgvZnh0RlpOUFh1WWI3TUp6RnFWT2NBUno2VVNDdlIxdmEya01aelFFT0t3eE9YcUlZWU1WaApVd3o5KytRdWdxY0JMSHc5WVVGbUgvRHNSYUw0elA0SDhjWDVPMVRBTEZvM2FDL0VIUVFBNVZ6VUR1cGNwUkxQCmdGNmRDZ1QyR3lhamdSb1VGVTdCcnE4MitISkRCRGhITUIrM1ZXSmhzQzlEa1RNaC9SdFBPdUxiNDFLME9aLy8KYWNvWG8wUWpzTHNCeCtoTnFXQzBvb3NxYW9YaVV5aGJtRXVrdmxVUm01dUhUaFg5bjVCWklLaGlDZnQvTllOTwp5YitPQmdZRkhOMTFCTVVWeWhNUjdiZTJtbEo0RU1NRC9qZDlXUUlvSFFRNkJLTU5PbGM2Qkd1NEtzTXYvK2ZGCktWNHhuSktyV2pKeHdyaTBGc09ZTFMycWtnYlNBWGp4THFaV3g0VXlsbUpoMUhTQXlqVGdoWTB6UUVmMm9ES2QKMERLTjhZNDJhYXdoMUFvbElmRGJZT2FtcHc1dEJ6STIvV1lPa3NHUkZDd2pDaWRMM3BOZDAzVzlkQm1OYkJSYwp0VktMRy9rdDRKd0NMMHkwVTFOUFVGTWdSblZ1WTNScGIyNWhiQ0JVWlhOMGN5QkxaWGtnTVNBb2FIUjBjSE02Ckx5OW5hWFJvZFdJdVkyOXRMMjF2ZW1sc2JHRXZjMjl3Y3k4cElEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCsKaVFGT0JCTUJDQUE0RmlFRSs4ZTU0cVQ1S0pyQXdkU0VQUmJPNUtKemdiUUZBbDFvUVYwQ0d3TUZDd2tJQndJRwpGUW9KQ0FzQ0JCWUNBd0VDSGdFQ0Y0QUFDZ2tRUFJiTzVLSnpnYlREY1FmN0JwN2Uyelk5cEJCWFRnREFTUWwzCjFTU0hwOVdrUlVWNWlxUFZDOWlQQ0VMZ2d0ZUJHTXdJcGJEbG9iYzZPOC8wNmZveFdjdFRVYWFjaVBCbzIramUKV0ZUTytETnZCN29YSUFycXI1NjczUUhMaDZqRUFCQmp5dDkxcnZ0YTJ3WUYxWEpCZ3hwdWk5YUxJQ3NDcHRGTgpJUnZIZUtVclhCSTRmRzV6M0NEcy9FT29ZOEsvQUFZSlVGK0VSdG12bWlzaUUvbTIwVXBiWVJta0JKeTI1Yzg5CldjbjEySTFTVUpBM0gzaEd3dlpDWXA4aFkxSFB4eFFVdFUrRFpCSXByeWkweFFxRXhHQWxZcWNrN0cwM0YrQUQKNy9jc2FUMUxFZEN0V1JMTndFOFVrdmZVRjZsaUYwU2d6eEZvMXBwM2dCVTRzd2RzOXlPOXdOZTEySlkvTTVBLwpCSjBEbUFSZGFFRmRBUWdBdHVuOEpoU3BOQUt2T1h3V1gybkZobk1YVEpwNHZpTWhsQVpFZG1NWEVpMjdCMkRNCi9uUnpsZGp4R1pvTlVCU1ZiSk5qMmt4NVpVRGwwbzZlT3BDaHZSYUd1Q09wWXFPdVNRdkQ4Rm5YME5nUVVMd3UKVForTWF3c2Flemt0SkVqRFNCTTFSNnVBU2VKd0RaajRoY1VuUGd5QUlFU2FqUGRvd0VrRWpkWXQyNjFmR09MTApjVm9WZHRxek9NQmtMVmRySy9GRDFrR1I5am5TbEtFWURWOUR2ZUJVQlFHZHFrZ1dYalM1QktjYWUwN3ZpQzZ4Ck1hOUFKUzRwaXp5REFMQjJrMEhRT2VsWk5paE9HWFlVdXZrY3MyRml2bDBUazNPQ2ZIOVhEdkZlaGJZUkhta1IKRG9NdUtVRFN6ZHk2dEZCQWtMMENQbFhBV0k2a1FrbGFCRXAxOVFBUkFRQUJBQWY3Qlg3WUxZaTNZTEduOUJFdgpWdVNGbzdsM2ZMeXpYZnNPT2pWSi8waVEyK0gxMlkzbCtzc2k0ZUNudGI0MElqRE1JSHY1SndqZktOU2ZVd2tuCjVkaU1rM0xHejJkNjRsVEttclU0eU5MYU1oTWJ3bUUwL3U0Sk9Qb1hiSlpXTGQzbHlCZVRwVGlZM1I5cGdHOFYKSUdmQSt4TkRFalVkYzVqSFUrZWR0R2szN1g2bDZ1TDNPQU5TL015VFJkVk5yMjhHdi91cFhtSnMvTmJ2VG9zdAoxaHNVODlnYURqa2ZzV2hkaGl1Q0hSOWJxb3lvdC9WZ3ZwdDFOeHpmVjRTUUdWRmVwaDh5Q0d2U1JCUzh6WHVaCkZ0bXpBQ3MwajJhT01TdWNBR29nRW9EMTU4T3BYU05mZG1aMW5Dc3dsbzF5cVA2K2lyOG1yMkRUUmdNdHhQUWEKTjQ5YjRRUUF4VlR3Ulo2K3FpU0N6L0dKUHE3cUFTR0c0UklyODdnUHp4YUhtem5RaEtJeDZMRU1qWC8rTlU2Ywo5NEE4YVpZL29ON2YzcnI4YXBJQStjQUhiQXdGR3BiYzdrZTFDZ3kvbS9lSlpOVXhXUFQvWUJqWjRWKzQxVWF0CnZpR3JibVM5QjRRdWxPcEYyTmc2TGNPYzRkZ2d4VFBBVy9DWWQ1VDJGSW1yMXFZampXa0VBTzFMc3MwMExZNW8KNUk0UXFnTTBPZWVCRU9POExpU0RtaktnT3Z0c21KNitkQTR4M3JZZ0k4c21GTXN2dHlyY2I3NWs2RWRaYXpnTgpZU0k0c1UzV2NlV2JydGRWcjFnbFAzOENCTXVwbkZ2ZzhLd2JqU0ZWOHZOcVZCSENYU2hVeG5IbWxPVytVVnF5CkN4akpmMFJUT2hMRVk1RElSd1FCMEg4UDMwZFlPZmF0QkFEYUdJYnMvNisxUnVsS3BId1cvYzMrWE9sYVRaclQKVWhOanVjY2o3WTlJc3BZRCs2Y3JOa1F2QXJpNjBBb0RmSWlPNWFUazhyU1lwR3dCMXZFbW5VVm1OUHZSRjk1OApHVjNweUNPdi9wa21ucFMrNHcrYWtpSnNTSFgzanFxcDVmYi94ZDZ1a1VYOTVWZ1N5bXVKK3lhNDlHOEIwamo2CmJ3N0I0UzJNMzkrWGRrZzJpUUUyQkJnQkNBQWdGaUVFKzhlNTRxVDVLSnJBd2RTRVBSYk81S0p6Z2JRRkFsMW8KUVYwQ0d3d0FDZ2tRUFJiTzVLSnpnYlM3endnQW5kYmY1MzJPWG85SHdQSCt5UVFtelFDTERGTDZQNFY3TGNGcgpyeWRZSXRURWh4cUkzdGJiOTZNS1hSQXQrRzVNdzZKalJrV2h3emJVM2pFN0Q3WEJNSHc3R3JpVFRVOVFsdE5ICmc3VlVwU1NhaVRmVmNTTkVyenNhcWJqYkE3ak1zN1ZXek9xNExabzZFZnk4VURLZzVxY3FMRmFUUXJ6UVpZTkgKTmZNK2tMQWlVUFU4bTd2d216Nm9KV3NqSGtRS1VoS2hIcHRscHdNd2RIa29hY3FETzB4Mkg2SDkxbC9QbkRtNApaRzZGeWJKdGNqcjk4aStwNTIvWE9vODFuTGdYN3RjRlMzbnJOOUhOZGdLZzFaVzN5cnpnOE5PYUZDVkE4cUxECmdMay8vTTNxRGl4T3hpdXJFQ2tGck12dC9iRHhFR3BONUdWeTU1ME1teVVaUXJrdXFnPT0KPVZqR0wKLS0tLS1FTkQgUEdQIFBSSVZBVEUgS0VZIEJMT0NLLS0tLS0KLS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFIWUJGMW9RWWdCQkFEUHVWUDZKZGsvSi9UYk5hOWRYaXJwL3p6d0sxOFpxTnVkTnFRR04zSCsyYVNneFh3TAp3bFJmenk3ckIzQ1U2RXdqems5RVZZZVl6dFRJa0dITDBKWjFDQ1RpQkpBcmxITzBiSFFRN0NQZUtQa2hJaGtqCmVBOHl1OWRjVTc3b1lDMnhid2dmNDNLWXpmTUtTR0V5Ymcrc0JPK2JIK1k2cGFKSzU0VjJjdVMzR3dBUkFRQUIKQUFQK0pqZjVCWHRWUDFPQXI1eHZDWVM3N0pXemhwVFVTSXBTN2RnUjBicjkxR0FDOURtaG15QkVHZVNxd3o5NQpMVXlZUmJZOXkxclpPZnBFR0NySWM1R0xQT1F5dE85WE1JemFTM2RwemZHaGxhL3NwYUtONHZKRHZJT2wrcnVUCmJJbkRkQ1JTbXFYQ2ZtMjQ3OE9oT3F1YzBIMGE0NmVTbW9hWWVLZEUzRThRWmlFQ0FOeFVML2RGazVqOE55UG8KWmN3WHc5TXYwQThVcnluUmNxaHQzU2N0aTlrN2Ric0h5bGNPYk0zMDVMRmRjb05uU2ZOQUlKaHhmamJpWHlHVwp2d1QyL3FNQ0FQRmF0cTNndlZqeTZ3S0t5bGlvaTVjVndiTHY5TCtPYVJYZFIvRHkyYmgvdDN1am5zbGlWNCtSCmY3azNySE9RZWFNTFRueWZjejhBZW5MNUlPZThSU2tDQU5GcEJneXp4Q2NWNDhNbStGV0R4anJTSjQvbXNSbk4KZ3hxQVBScmRwbTdlMXVlYnRCa1BoNGNoNG9DVzUvbExzUk4yM0xVVklYWUpSd3lGZlJqZWhDaW8wclJUVTA5UQpVeUJHZFc1amRHbHZibUZzSUZSbGMzUnpJRXRsZVNBeUlDaG9kSFJ3Y3pvdkwyZHBkR2gxWWk1amIyMHZiVzk2CmFXeHNZUzl6YjNCekx5a2dQSE5sWTI5d2MwQnRiM3BwYkd4aExtTnZiVDZJemdRVEFRZ0FPQlloQk5jaWtFTTQKUzh4Z01teHZ1ZGh5RFpWOFBUQjBCUUpkYUVHSUFoc0RCUXNKQ0FjQ0JoVUtDUWdMQWdRV0FnTUJBaDRCQWhlQQpBQW9KRU5oeURaVjhQVEIwUjJjRC8yWXdhSjQzaUd1ZWFBekJ5Rm5sK21VRUJRSjRIaEg0cDdCSWR4NkI5QWpFCjN5TGU4STRkcXFZWHh5WnphSjlkK0tpcXhKQlQwbDFHWHQzSDVNMzJ5REpacXpYQjlQVFdQM3l4OCtRMUN1Q3MKN0VML2JoSkQxL3NMZHVtVmM3N2JtUXRjSTlOU2lZeVB6Ti8yWnF0VjVSVTE0TG9oMjRWRkVqdUhHdk8wakkzKwpuUUhZQkYxb1FZZ0JCQUNoWGkwMGZtcEVzMEppcTB6T3lZbTlpNzQ5Vm9Pc05SZW9CLzVpeDFRQ2ltd1ZaS2UxCkQzN0lQNVFxeXN4eStMSVFjNGxKK1E4Zm9OT3gxQWV2NStURHl2K2lVODJEOXhyOXVQTExiQTgyazNBWjA0T3IKQmpyWi9ZdDFOWmh1YUh6Y2laQ1BwbXF6RjlrcVZxQVpjK3ZNaUtaTDFXWmpTN08xRndhaWRZMXZYd0FSQVFBQgpBQVArTDB3VVFlT2ZzRDArZ3Y4a2h5UEpUSlpPRDFweFE2TllLTGNYRjhyRzArdlFuRUNoYTA5OFlLTktBWFRwCmtmVlU4Nzk1aVFZSUtjUVE2SGwyTzFmajFBeEpFL2laWXJxZm03VVp6M2JRN1JPU3NBRVBaNUdET2pLZmJ3c3oKRTZiV1ZIK1BoUzFhemx2dFRzOUplelV0SzBXbDlzKzgxRk9yWnRuVVVza21XdEVDQU1OTnM5dWpVdDZHSHYvSgpOWFZhU21rMXo4UVhpdFBIYkFKTERNajR4VkR5c0pXWlY5NWVwbEMrUlVTaUx6NUhlUDJBUWdoMUQ5UnYyYkE1CmM3T2NKM2tDQU5PRWtBMGhWcFhDSTBGS3JzaWhPZjBOVU9hQXRTNkNRTkZsYUlrckx3c3NKUVk4cEdZYlJmUmEKM2tyTkpQeU9sWG1lelYyL0NzWDNFcUE5S1hYZW41Y0IvaVNtTUpPNFduZEdKVGU3WXpVRW5uWS9QMlRLZzFmTgpzNnY1TGYzOWo1TGw4VjVyVkRUN0FwQXcwSUtTOGZ6cGJkSFAwSGNpenV0bEY2bDQ0WWFBWE1HZmhvaTJCQmdCCkNBQWdGaUVFMXlLUVF6aEx6R0F5YkcrNTJISU5sWHc5TUhRRkFsMW9RWWdDR3d3QUNna1EySElObFh3OU1IVEQKSHdRQXYrdWk3MThBVDJodzJwSzlKYU51VHhqbGxySCtLUE1scm92MFA4b1hIUENvaEM1Y3hNNXNKNnRDUTBxSApYeWVXb0RFOFYzMWJ0cUZWQVF5cnIwd3kwZ250bDFML3RybndNSG9QOGEveGEwUkhOazVDN2htY3VoVEhiUWV5CkpOYmlSSlpwQ0laMU95ckYxNytxNnU5WUJQandxcDhLckovMHJ5eTJreWI3WlJNPQo9K3RKNgotLS0tLUVORCBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQotLS0tLUJFR0lOIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0KCm1RRU5CRjFvUVYwQkNBQzFpRmZFN0gzdXUwaGJXYlJZVk1vejV6WjkxQUNIRVRDT01WeE44R09HNFNWMGw4YVEKd21LOVFXa1l4aGk1MkxuaWNWRDNEN1V5NzUrSjN6a3ZFRFExNUMwQVo4VUhYcDRKbFNRdVhwRmhyT2hmWVVGLwo2cHIvUWV4VCtoUWpPYWN2WTRxZm5qNHhLYS9BR2R2NXZQSXlndFF1bUU2cjNHaEVWQXhRMUdTd3RDV1NVM1psCjNVcWY3UzhrRHZKVGVtdFIyVWtWZnBYY01kNEFtTUtndDdmVmhQTzhlRm90cVRMUHZ6L2lDbHpFUitxNjFmTEEKZDFyUDlZbG1ZNDZNSnAvUGZmUGljV2RKaUt2Mmk2eW5LY0l3a3JReVA2VjJaellpL2dBaE5Kc3QzWmxNZnNpTgpla0N0Y293OUJuNDR1eFczVThXMDJGTlFTTnluNlY2UVBESVhBQkVCQUFHMFUxTlBVRk1nUm5WdVkzUnBiMjVoCmJDQlVaWE4wY3lCTFpYa2dNU0FvYUhSMGNITTZMeTluYVhSb2RXSXVZMjl0TDIxdmVtbHNiR0V2YzI5d2N5OHAKSUR4elpXTnZjSE5BYlc5NmFXeHNZUzVqYjIwK2lRRk9CQk1CQ0FBNEZpRUUrOGU1NHFUNUtKckF3ZFNFUFJiTwo1S0p6Z2JRRkFsMW9RVjBDR3dNRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUVBSYk81S0p6CmdiVERjUWY3QnA3ZTJ6WTlwQkJYVGdEQVNRbDMxU1NIcDlXa1JVVjVpcVBWQzlpUENFTGdndGVCR013SXBiRGwKb2JjNk84LzA2Zm94V2N0VFVhYWNpUEJvMitqZVdGVE8rRE52QjdvWElBcnFyNTY3M1FITGg2akVBQkJqeXQ5MQpydnRhMndZRjFYSkJneHB1aTlhTElDc0NwdEZOSVJ2SGVLVXJYQkk0Zkc1ejNDRHMvRU9vWThLL0FBWUpVRitFClJ0bXZtaXNpRS9tMjBVcGJZUm1rQkp5MjVjODlXY24xMkkxU1VKQTNIM2hHd3ZaQ1lwOGhZMUhQeHhRVXRVK0QKWkJJcHJ5aTB4UXFFeEdBbFlxY2s3RzAzRitBRDcvY3NhVDFMRWRDdFdSTE53RThVa3ZmVUY2bGlGMFNnenhGbwoxcHAzZ0JVNHN3ZHM5eU85d05lMTJKWS9NNUEvQkxrQkRRUmRhRUZkQVFnQXR1bjhKaFNwTkFLdk9Yd1dYMm5GCmhuTVhUSnA0dmlNaGxBWkVkbU1YRWkyN0IyRE0vblJ6bGRqeEdab05VQlNWYkpOajJreDVaVURsMG82ZU9wQ2gKdlJhR3VDT3BZcU91U1F2RDhGblgwTmdRVUx3dVRaK01hd3NhZXprdEpFakRTQk0xUjZ1QVNlSndEWmo0aGNVbgpQZ3lBSUVTYWpQZG93RWtFamRZdDI2MWZHT0xMY1ZvVmR0cXpPTUJrTFZkcksvRkQxa0dSOWpuU2xLRVlEVjlECnZlQlVCUUdkcWtnV1hqUzVCS2NhZTA3dmlDNnhNYTlBSlM0cGl6eURBTEIyazBIUU9lbFpOaWhPR1hZVXV2a2MKczJGaXZsMFRrM09DZkg5WER2RmVoYllSSG1rUkRvTXVLVURTemR5NnRGQkFrTDBDUGxYQVdJNmtRa2xhQkVwMQo5UUFSQVFBQmlRRTJCQmdCQ0FBZ0ZpRUUrOGU1NHFUNUtKckF3ZFNFUFJiTzVLSnpnYlFGQWwxb1FWMENHd3dBCkNna1FQUmJPNUtKemdiUzd6d2dBbmRiZjUzMk9YbzlId1BIK3lRUW16UUNMREZMNlA0VjdMY0ZycnlkWUl0VEUKaHhxSTN0YmI5Nk1LWFJBdCtHNU13NkpqUmtXaHd6YlUzakU3RDdYQk1IdzdHcmlUVFU5UWx0TkhnN1ZVcFNTYQppVGZWY1NORXJ6c2FxYmpiQTdqTXM3Vld6T3E0TFpvNkVmeThVREtnNXFjcUxGYVRRcnpRWllOSE5mTStrTEFpClVQVThtN3Z3bXo2b0pXc2pIa1FLVWhLaEhwdGxwd013ZEhrb2FjcURPMHgySDZIOTFsL1BuRG00Wkc2RnliSnQKY2pyOThpK3A1Mi9YT284MW5MZ1g3dGNGUzNuck45SE5kZ0tnMVpXM3lyemc4Tk9hRkNWQThxTERnTGsvL00zcQpEaXhPeGl1ckVDa0ZyTXZ0L2JEeEVHcE41R1Z5NTUwTW15VVpRcmt1cWc9PQo9WnMycwotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi0tLS0tQkVHSU4gUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQoKbUkwRVhXaEJpQUVFQU0rNVUvb2wyVDhuOU5zMXIxMWVLdW4vUFBBclh4bW8yNTAycEFZM2NmN1pwS0RGZkF2QwpWRi9QTHVzSGNKVG9UQ1BPVDBSVmg1ak8xTWlRWWN2UWxuVUlKT0lFa0N1VWM3UnNkQkRzSTk0bytTRWlHU040CkR6SzcxMXhUdnVoZ0xiRnZDQi9qY3BqTjh3cElZVEp1RDZ3RTc1c2Y1anFsb2tybmhYWnk1TGNiQUJFQkFBRzAKVTFOUFVGTWdSblZ1WTNScGIyNWhiQ0JVWlhOMGN5QkxaWGtnTWlBb2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dApMMjF2ZW1sc2JHRXZjMjl3Y3k4cElEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCtpTTRFRXdFSUFEZ1dJUVRYCklwQkRPRXZNWURKc2I3blljZzJWZkQwd2RBVUNYV2hCaUFJYkF3VUxDUWdIQWdZVkNna0lDd0lFRmdJREFRSWUKQVFJWGdBQUtDUkRZY2cyVmZEMHdkRWRuQS85bU1HaWVONGhybm1nTXdjaFo1ZnBsQkFVQ2VCNFIrS2V3U0hjZQpnZlFJeE44aTN2Q09IYXFtRjhjbWMyaWZYZmlvcXNTUVU5SmRSbDdkeCtUTjlzZ3lXYXMxd2ZUMDFqOThzZlBrCk5RcmdyT3hDLzI0U1E5ZjdDM2JwbFhPKzI1a0xYQ1BUVW9tTWo4emY5bWFyVmVVVk5lQzZJZHVGUlJJN2h4cnoKdEl5Ti9yaU5CRjFvUVlnQkJBQ2hYaTAwZm1wRXMwSmlxMHpPeVltOWk3NDlWb09zTlJlb0IvNWl4MVFDaW13VgpaS2UxRDM3SVA1UXF5c3h5K0xJUWM0bEorUThmb05PeDFBZXY1K1REeXYraVU4MkQ5eHI5dVBMTGJBODJrM0FaCjA0T3JCanJaL1l0MU5aaHVhSHpjaVpDUHBtcXpGOWtxVnFBWmMrdk1pS1pMMVdaalM3TzFGd2FpZFkxdlh3QVIKQVFBQmlMWUVHQUVJQUNBV0lRVFhJcEJET0V2TVlESnNiN25ZY2cyVmZEMHdkQVVDWFdoQmlBSWJEQUFLQ1JEWQpjZzJWZkQwd2RNTWZCQUMvNjZMdlh3QlBhSERha3IwbG8yNVBHT1dXc2Y0bzh5V3VpL1EveWhjYzhLaUVMbHpFCnptd25xMEpEU29kZko1YWdNVHhYZlZ1Mm9WVUJES3V2VERMU0NlMlhVdisydWZBd2VnL3hyL0ZyUkVjMlRrTHUKR1p5NkZNZHRCN0lrMXVKRWxta0loblU3S3NYWHY2cnE3MWdFK1BDcW53cXNuL1N2TExhVEp2dGxFdz09Cj1QYWZWCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0KLS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUVOQkYxb1FhWUJDQURzQ3cyMjNXRGoySVNua1pRSjA3TlM3RVIvZnQyVHo2RlB6c01xejVKbUdsd1FhbnRICk16anFOR0U1ZHUxVEJLK3lDSXV6bitQL2lva21PZEZqa0gyME9ISENFbWdCUVBRMld4cFI0QmMvakR2c3dvTDIKMmFta25JWVN0ZitTZ0N3dE5QVDUxUlM3LzVick41cFZuNEdqRFlnK0lSTGszM2J4ejFrTjM5MzNvbGtNRkhKRgpocnIxcmNFMXV4dDNqMkNFUHpmS0FVeXZpS1hrU2w0MUlBb3BFMmU2OXpzVmcwWWFlbnNUbkUvaFk0NXIxcTBXCkFCWG9KTGc0SDZVdEhaV1dHZzd2bXRRWUNwaWlVSWFXWjNZQjQ0OVVyNGp4WGVJWlBVcWhsaXFPb1VrOGE3RW4KMVpDMWhHTHcwamFFTmVhSHl3VkdpOVpxQUJtT1ZZbXZJdEkzQUJFQkFBRzBVMU5QVUZNZ1JuVnVZM1JwYjI1aApiQ0JVWlhOMGN5QkxaWGtnTXlBb2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyMXZlbWxzYkdFdmMyOXdjeThwCklEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCtpUUZPQkJNQkNBQTRGaUVFdGhHaStmRWREL2dsYUlCUkdmbTEKMnVxUi80WUZBbDFvUWFZQ0d3TUZDd2tJQndJR0ZRb0pDQXNDQkJZQ0F3RUNIZ0VDRjRBQUNna1FHZm0xMnVxUgovNFljM1FnQTJXY01sQ0NVQjR1eXl2S3ExYThaVEJsaTBZekl4VCtLc2xMK1BiT3hmaG94Z2x4UFJDbEIwL2w2CnN0RzNSRDBVWEtxOWNUZTlmNW5JOTZYSlJxVXplUGZLdGl4U2llaXJOVFpzd2lISVlpZllmZzQ2MGdYWUFJc1YKZGV6dFJHeEVhTVVWcTZ2YWprQTY5eUdiaTJuRXhhUXJQUUFnY09veUVjR2hzUVZpNU0zcmJJR0lKdEsvSzc3NwpsQXZXc2tNV2pFTC9WSVEzcUhKYXBCd2h0eUs4cEtpUTFVMnNzdlhTUDE1Um91VVUvOFBkRDZkODJkTGxMZkJtCmVpeVFDZUpZUXlSL2dlSkF2aHlCTytKeStTUzJSTkNFNkZHaXJBQ3pSaDNTU0xwS0F2aWVvTUhxWXphdjhrTWgKelNNYTUyMzBTS3BhcnRic2dGdTd0Mzl6c2MzdDZMa0JEUVJkYUVHbUFRZ0E2MGtKZ2hUdXh2WmFOalhDWkJuagowK3orTlNuZmhkUGFHZ2RVU3RYRENienNPMmwvNmt2bFdNd3dTM1Z1RHdHangxdkxXdDlLV3htTDg1K3FMRTJICkZ1UnBINHNKRmErMEhyYVk5U1AxVXhnTzV5ZG9tbVJLZExEdzVpUUlhSkFDTVNzTUFISE9RQ0o5VnVORTFndDgKZ09iNUo5MDJnUmFoZ0lLcEdycm10STZ4M1ptdTFyeUtyQkg5TG42MGtZdnJVMTRBTlBZdEl2T3dxQ054ZVU0Qwo5cTFxNC9iNzNSWGcyR3JpOGFsR2IySE1JYWVLNnU3aTVNbEVPcWtRb2YyRmttR2czbkV3LzZDdmNuZjRqZXNKCmliS2E2OXZDNm4zOVpKMGVSaG1ocjN0dzNNUDc2TGFheWhxcThUK0Zmb2c2OEEzT2UraTYrZjdQeUxlMG9hSEEKdVFBUkFRQUJpUUUyQkJnQkNBQWdGaUVFdGhHaStmRWREL2dsYUlCUkdmbTEydXFSLzRZRkFsMW9RYVlDR3d3QQpDZ2tRR2ZtMTJ1cVIvNGI1bHdnQW1WQ2EwWFllY282RWMrSXowQ0xCdk5YREZIL0tzUC95cFdLNWR1elpSS2ViCkQzMGNEd1FIVUZXSDVXaXZHWjVuSitSczl6a0Q3YTA3b21NVFJtQ3NyakQ0STN4REdNVFUyM2wrZ0JTQzUrOVIKQjZiT2k4MW5nSDNPTGFTYmVoMnQyMVBERWY1N005NFdGTmx3MkxWZ012WjZTNHJzN0k0RlpnbTc1aDRFR0d1WQpJdDFsOFNxTldjS0RtOUt6L3FHMGxxZVNHR0ZuUXFtU0JGSDBWYjBodXMvWEVyVTJyM2ZRcjFsRGowVktwT0lPCkowWXM5cm1JNnlFUFRpK0doRnIxYkhLd1pNaW56NWxjSG5PbDh4eWU0OHRzck90SE1HTjE3L0I2aFVVR3pkK1cKVHBock9mbmZUTzFZQ2tnMW5FQjVFMlJhai9LVitvaHFQdmpFK0toRTdRPT0KPWdxaEUKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQo= diff --git a/docs/spec/v1alpha1/kustomization.md b/docs/spec/v1alpha1/kustomization.md index c86a438..47bfd1d 100644 --- a/docs/spec/v1alpha1/kustomization.md +++ b/docs/spec/v1alpha1/kustomization.md @@ -18,7 +18,7 @@ type KustomizationSpec struct { // Decrypt Kubernetes secrets before applying them on the cluster. // +optional - Decryption Decryption `json:"decryption,omitempty"` + Decryption *Decryption `json:"decryption,omitempty"` // The interval at which to apply the kustomization. // +required @@ -75,7 +75,7 @@ type Decryption struct { // The secret name containing the private OpenPGP keys used for decryption. // +optional - SecretRef corev1.LocalObjectReference `json:"secretRef,omitempty"` + SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty"` } ``` @@ -410,6 +410,52 @@ account. If the kustomization contains cluster level objects like CRDs or object namespace, the reconciliation will fail since the account it runs under has no permissions to alter objects outside of the `webapp` namespace. +## Secrets decryption + +In order to store secrets safely in a public or private Git repository, +you can use [Mozilla SOPS](https://github.com/mozilla/sops) +and encrypt your Kubernetes Secrets data with OpenPGP keys. + +Generate a GPG key **without passphrase** using [gnupg](https://www.gnupg.org/) +then use sops to encrypt a Kubernetes secret: + +```sh +sops --pgp=FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 \ +--encrypt --encrypted-regex '^(data|stringData)$' --in-place my-secret.yaml +``` + +Commit and push the encrypted file to Git. + +> **Note** that you should encrypt only the `data` section, encrypting the Kubernetes secret +> metadata, kind or apiVersion is not supported by kustomize-controller. + +Create a secret in the `gitops-system` namespace with the OpenPGP private key: + +```sh +gpg --export-secret-keys --armor FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 | +kubectl -n gitops-system create secret generic sops-gpg \ +--from-file=sops.asc=/dev/stdin +``` + +Configure decryption by referring the private key secret: + +```yaml +apiVersion: kustomize.toolkit.fluxcd.io/v1alpha1 +kind: Kustomization +metadata: + name: my-secrets +spec: + interval: 5m + path: "./" + sourceRef: + kind: GitRepository + name: my-secrets + decryption: + provider: sops + secretRef: + name: sops-pgp +``` + ## Status When the controller completes a kustomization apply, reports the result in the `status` sub-resource.