History

Alexey Odinokov 37c2854cce Switching airshipctl and krm-functions to kustomize 4.2.0 Reworked build process of dependent krm functions to use the latest airshipctl Change-Id: If4c7f992123b86442980f381ae69fb003f4851e3		2021-07-22 17:06:32 +00:00
..
generator	Adding a phase to help importing external secrets	2021-05-20 04:50:06 +00:00
importer	Adding a phase to help importing external secrets	2021-05-20 04:50:06 +00:00
results	Adding a phase to help importing external secrets	2021-05-20 04:50:06 +00:00
README.md	Switching airshipctl and krm-functions to kustomize 4.2.0	2021-07-22 17:06:32 +00:00

README.md

Secrets generator/encrypter/decrypter

This directory contains an utility that helps generate, encrypt and decrypt secrects. These secrects can be used anywhere in manifests.

For example we can use PGP key from SOPS example. To get the key we need to run: curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc

and import this key as environment variable: export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"

Generator

To generate secrets we use template that will be passed to kustomize as generators during airshipctl phase run secret-generate execution.

Encrypter

To encrypt the secrets that have been generated we use generic container executor. To start the secrets generate phase we need to execute following phase: airshipctl phase run secret-generate The executor run SOPS container and pass the pre-generated secrets to this container. This container encrypt the secrets and write it to directory specified in kustomizeSinkOutputDir(results/generated).

Decrypter

To decrypt previously encrypted secrets we use decrypt-secrets.yaml. It will run the decrypt sops function when we run SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable-alpha-plugins manifests/site/test-site/target/catalogues/