feat(ops/secrets): Add tf-keycloak secrets file
This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
parent
4f030f085d
commit
e616f978d0
4 changed files with 33 additions and 1 deletions
|
@ -11,7 +11,7 @@ TARGET_TOOL=$(basename "$0")
|
||||||
|
|
||||||
case "${TARGET_TOOL}" in
|
case "${TARGET_TOOL}" in
|
||||||
age)
|
age)
|
||||||
attr="third_party.nixpkgs-age"
|
attr="third_party.nixpkgs.age"
|
||||||
;;
|
;;
|
||||||
age-keygen)
|
age-keygen)
|
||||||
attr="third_party.nixpkgs.age"
|
attr="third_party.nixpkgs.age"
|
||||||
|
|
18
ops/keycloak/README.md
Normal file
18
ops/keycloak/README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
Terraform for Keycloak
|
||||||
|
======================
|
||||||
|
|
||||||
|
This contains the Terraform configuration for deploying TVL's Keycloak
|
||||||
|
instance (which lives at `auth.tvl.fyi`).
|
||||||
|
|
||||||
|
Secrets are needed for applying this. The encrypted file
|
||||||
|
`//ops/secrets/tf-keycloak.age` contains `export` calls which should
|
||||||
|
be sourced, for example via `direnv`, by users with the appropriate
|
||||||
|
credentials.
|
||||||
|
|
||||||
|
An example `direnv` configuration used by tazjin is this:
|
||||||
|
|
||||||
|
```
|
||||||
|
# //ops/secrets/.envrc
|
||||||
|
source_up
|
||||||
|
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)
|
||||||
|
```
|
|
@ -30,4 +30,5 @@ in {
|
||||||
"nix-cache-pub.age" = default;
|
"nix-cache-pub.age" = default;
|
||||||
"owothia.age" = default;
|
"owothia.age" = default;
|
||||||
"panettone.age" = default;
|
"panettone.age" = default;
|
||||||
|
"tf-keycloak.age" = default;
|
||||||
}
|
}
|
||||||
|
|
13
ops/secrets/tf-keycloak.age
Normal file
13
ops/secrets/tf-keycloak.age
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 dcsaLw CRX6a8zfz3BaDYhwrBPXBgEn/o0WuS6UdvA55wYNTBc
|
||||||
|
/5gTObQ8770g8kIxCQyQj8hOh+1dkOu5DW1sz33eiy8
|
||||||
|
-> ssh-ed25519 CpJBgQ 1/oDGaLOKblznS/ciKQ0g7Jdfg1KtEKWugjE9o9n1jo
|
||||||
|
A5wcsx6NXQpjKR8Y9jlM4JN34IUi3T4UuTIOtmOHwcs
|
||||||
|
-> ssh-ed25519 aXKGcg pYkMVxIGv408998UFzNQZvCQqBNPOSx+fvMs9FGd2nc
|
||||||
|
Ue1rNrARXo0/Fq0qazNo+5a4zc7JBLdEgrqUowOEOBg
|
||||||
|
-> ssh-ed25519 OkGqLg iLVc9k937aMAyl82TFsmDeX46PSrjQ6QpEzU0BcrNHg
|
||||||
|
NzZYEXjz4mwafayIIvGxcE0cLhhUZuzh5loyfIZzl+0
|
||||||
|
-> `^*"*qb-grease r`; Fwf.0CJ+
|
||||||
|
5qQRDetp1IFec1AkHd17faslyU+7OHDiTmwoSJGZZPWrdiY
|
||||||
|
--- uguIPraC7NNVfyDIWoTVjiunofaRYY8xeLipwZuU0iQ
|
||||||
|
fÑÜÒÚEÿ''èɆ<C389>…˜%:·´»Ç'%ÖUî3aÌUÃ4‚æ.‡Étm.qW *–ZÚÿiâp
ªÝz†g¤=v{éÌcX¾Æþo‡!-L÷i5 óL2 @A¾ÍAì
|
Loading…
Reference in a new issue