davide/fleet-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

encrypt crowdsec bouncer key with SOPS + variable substitution

Browse Source
This commit is contained in:
Davide Piu
2026-02-20 00:17:40 +00:00
parent 75f8c6d5d8
commit 5e55c0e277
3 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/lab/flux-system/gotk-sync.yaml
View File

@@ -29,3 +29,7 @@ spec:
provider: sops
secretRef:
name: sops-age
postBuild:
substituteFrom:
- kind: Secret
name: crowdsec-bouncer-key

2
clusters/lab/infrastructure/traefik-crowdsec.yaml
View File

@@ -25,5 +25,5 @@ spec:
updateIntervalSeconds: 15
defaultDecisionSeconds: 60
crowdsecLapiHost: crowdsec-crowdsec-service.crowdsec.svc.cluster.local:8080
crowdsecLapiKey: mDDWNQz36B/PPTbsN/QlqSmylJjW+poyWWu3Ws8GVoM
crowdsecLapiKey: ${CROWDSEC_BOUNCER_KEY}
crowdsecLapiScheme: http

28
clusters/lab/secrets/crowdsec-bouncer-key.enc.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: crowdsec-bouncer-key
namespace: flux-system
type: Opaque
stringData:
CROWDSEC_BOUNCER_KEY: ENC[AES256_GCM,data:ktUTw1k0+24RNUh1bu7HudK/5kDO0x5loeIPk4XZkpXxyTXUln0GfXhaEQ==,iv:MzwobssTi6WHZ6g+JLP4ZXv/yuuSF8i4NkyTz0f0v9w=,tag:L7eIt3721IxmO+O+SnTYvg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aq4d879wuczrqj48nnw7ktsddrxfr8y8xaf0j0aqteswmsxnfs7sfs9phj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RVhCNmZGTXB1VXd2S1px
bjZZeXJBRlBtVDkyZTJRelU0WTJFVXAyM1N3ClZFZm41TzBNNjNuSFU2RTRxMXZ1
ajRENE1Jc2xxKzRCWndzV0N4MlhUYVEKLS0tIGRtSUpGL25STU9pZ3FRN29YZjk1
c3JjdXZXSVEwN210WGwvS2pJVURtanMKht5jSKUJ9BRpcv4/Nn54mD3iKuKSITMc
3wefbIXg/klWNamO41NVq03tOPwyQb+sKLQMJ573nuX2ZWea961jPw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-20T00:17:03Z"
mac: ENC[AES256_GCM,data:2wfPq7k2UMqjRT7jjfnAY00FjbCKRd0j50v5hYy5Ql5AV16eaC5IJhj2/khBAzSyoPkbcwCO2Smdps2BdCxg+rCpeJtyWCRuuY+X38IFMm0HH9+H2cSe+IO4rWR17vdCeoqLR0M1eQzdgtrTcVLgKc1IR7XE+3w82LwgGjXZweQ=,iv:eB2orixC9Jrbx8QDvZdUyk67WErfFTN5hv0FIkiis0k=,tag:Aiyk1LBVfCqXq6nGCvs1fQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4