Browse Source

[AIAP] - Use SOPS_IMPORT_PGP for user specific key

* Enable user to set SOPS_IMPORT_PGP in env and consume that.

Relates-To: #654
Change-Id: Idb610980e11d228a48db8e412b0436556ac00ca5
changes/25/815125/7
Siraj Yasin 10 months ago
parent
commit
afe5640383
  1. 5
      tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml
  2. 1
      tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
  3. 16
      tools/airship-in-a-pod/runner/assets/entrypoint.sh

5
tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml

@ -40,3 +40,8 @@
path: "/data/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD"
value: ""
# The following relate to key used for encryption/decryption of secrets
- op: replace
path: "/data/SOPS_IMPORT_PGP"
value: ""

1
tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml

@ -24,6 +24,7 @@ data:
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD: ""
SOPS_IMPORT_PGP: ""
---
apiVersion: v1

16
tools/airship-in-a-pod/runner/assets/entrypoint.sh

@ -41,13 +41,15 @@ kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/do
curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf -
install /tmp/kustomize /usr/local/bin
curl -fsSL -o /sops-key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
SOPS_IMPORT_PGP="$(cat /sops-key.asc)"
export SOPS_IMPORT_PGP
export SOPS_PGP_FP
echo 'export SOPS_IMPORT_PGP="$(cat /sops-key.asc)"' >> ~/.bashrc
echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.bashrc
SOPS_IMPORT_PGP=$( cat /opt/aiap-secret-volume/SOPS_IMPORT_PGP )
if [ -z "${SOPS_IMPORT_PGP}" ];then
# set user1 key
SOPS_IMPORT_PGP="$(cat ./manifests/.private-keys/exampleU1.key)"
fi
export SOPS_IMPORT_PGP=${SOPS_IMPORT_PGP}
echo "export SOPS_IMPORT_PGP=${SOPS_IMPORT_PGP}" >> ~/.bashrc
echo "export KUBECONFIG=$HOME/.airship/kubeconfig" >> ~/.bashrc
install "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin

Loading…
Cancel
Save