tvl-depot/infra/kubernetes/nixery/secrets.yaml

# The secrets below are encrypted using keys stored in Cloud KMS and
# templated in by kontemplate when deploying.
#
# Not all of the values are actually secret (see the matching)
---
apiVersion: v1
data:
  gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }}
  gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }}
  id_nixery: {{ passLookup "nixery-ssh-private" | b64enc }}
  id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }}
  known_hosts: {{ insertFile "known_hosts" | b64enc }}
  ssh_config: {{ insertFile "ssh_config" | b64enc }}
kind: Secret
metadata:
  creationTimestamp: null
  name: nixery-secrets
  selfLink: /api/v1/namespaces/kube-public/secrets/nixery-secrets
type: Opaque