Andrew Polischuk 1:20 PMТам не все так просто еще, ща скину кусок кода, там ди

1. Andrew Polischuk 1:20 PM
2. Там не все так просто еще, ща скину кусок кода, там дичь конечно, но это мне Кевин прислал
3.  
4. helm plugin install https://github.com/futuresimple/helm-secrets
5. SOPS_VERSION=3.3.0
6. SOPS_LINUX_URL="https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux"
7. curl -sL "${SOPS_LINUX_URL}" > /tmp/sops
8. chmod +x /tmp/sops
9. mv /tmp/sops /usr/local/bin/
10.  
11. sed -i 's/?secrets/?.*secrets?/g' ~/.helm/plugins/helm-secrets/secrets.sh
12.  
13. echo "chart/*secret* diff=sopsdiffer" >> .gitattributes
14.  
15. cat > .sops.yaml << EOT
16. # creation rules are evaluated sequentially, the first match wins
17. creation_rules:
18. - path_regex: -dev\.secret\.yaml$
19. kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-dev+arn:aws:iam::624562569683:role/helm-secrets-dev-role'
20. - path_regex: -test\.secret\.yaml$
21. kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-test+arn:aws:iam::624562569683:role/helm-secrets-test-role'
22. - path_regex: -prod\.secret\.yaml$
23. kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-prod+arn:aws:iam::624562569683:role/helm-secrets-prod-role'
24. # If the rules above have not matched, this one is a
25. # catchall that will encrypt the file using KMS set
26. # The absence of a path_regex means it will match everything
27. - kms: 'arn:aws:kms:us-west-2:624562569683:alias/helm-secrets-dev+arn:aws:iam::624562569683:role/helm-secrets-dev-role'
28. EOT