treasuremap/manifests/type/airship-core/shared/encrypt-secrets/encrypt-ephemeral.yaml

18 lines
480 B
YAML

apiVersion: v1
kind: ConfigMap
metadata:
name: encrypt-ephemeral
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.3.0
envs:
- VAULT_ADDR
- VAULT_TOKEN
network: true
data:
cmd: encrypt
cmd-json-path-filter: '$[?(@.metadata.name=="combined-ephemeral-secrets")]'
cmd-extra-params-json-path-filter: '$[?(@.metadata.name=="ephemeral-encryption-keys")]'
encrypted-regex: '^(data)$'