Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Andrew Polischuk 1:20 PM
- Там не все так просто еще, ща скину кусок кода, там дичь конечно, но это мне Кевин прислал
- helm plugin install https://github.com/futuresimple/helm-secrets
- SOPS_VERSION=3.3.0
- SOPS_LINUX_URL="https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux"
- curl -sL "${SOPS_LINUX_URL}" > /tmp/sops
- chmod +x /tmp/sops
- mv /tmp/sops /usr/local/bin/
- sed -i 's/?secrets/?.*secrets?/g' ~/.helm/plugins/helm-secrets/secrets.sh
- echo "chart/*secret* diff=sopsdiffer" >> .gitattributes
- cat > .sops.yaml << EOT
- # creation rules are evaluated sequentially, the first match wins
- creation_rules:
- - path_regex: -dev\.secret\.yaml$
- kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-dev+arn:aws:iam::624562569683:role/helm-secrets-dev-role'
- - path_regex: -test\.secret\.yaml$
- kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-test+arn:aws:iam::624562569683:role/helm-secrets-test-role'
- - path_regex: -prod\.secret\.yaml$
- kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-prod+arn:aws:iam::624562569683:role/helm-secrets-prod-role'
- # If the rules above have not matched, this one is a
- # catchall that will encrypt the file using KMS set
- # The absence of a path_regex means it will match everything
- - kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-dev+arn:aws:iam::624562569683:role/helm-secrets-dev-role'
- EOT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement