feat(ops/secrets): Add tf-keycloak secrets file
This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
		
							parent
							
								
									4f030f085d
								
							
						
					
					
						commit
						e616f978d0
					
				
					 4 changed files with 33 additions and 1 deletions
				
			
		|  | @ -11,7 +11,7 @@ TARGET_TOOL=$(basename "$0") | ||||||
| 
 | 
 | ||||||
| case "${TARGET_TOOL}" in | case "${TARGET_TOOL}" in | ||||||
|   age) |   age) | ||||||
|     attr="third_party.nixpkgs-age" |     attr="third_party.nixpkgs.age" | ||||||
|     ;; |     ;; | ||||||
|   age-keygen) |   age-keygen) | ||||||
|     attr="third_party.nixpkgs.age" |     attr="third_party.nixpkgs.age" | ||||||
|  |  | ||||||
							
								
								
									
										18
									
								
								ops/keycloak/README.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								ops/keycloak/README.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,18 @@ | ||||||
|  | Terraform for Keycloak | ||||||
|  | ====================== | ||||||
|  | 
 | ||||||
|  | This contains the Terraform configuration for deploying TVL's Keycloak | ||||||
|  | instance (which lives at `auth.tvl.fyi`). | ||||||
|  | 
 | ||||||
|  | Secrets are needed for applying this. The encrypted file | ||||||
|  | `//ops/secrets/tf-keycloak.age` contains `export` calls which should | ||||||
|  | be sourced, for example via `direnv`, by users with the appropriate | ||||||
|  | credentials. | ||||||
|  | 
 | ||||||
|  | An example `direnv` configuration used by tazjin is this: | ||||||
|  | 
 | ||||||
|  | ``` | ||||||
|  | # //ops/secrets/.envrc | ||||||
|  | source_up | ||||||
|  | eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age) | ||||||
|  | ``` | ||||||
|  | @ -30,4 +30,5 @@ in { | ||||||
|   "nix-cache-pub.age" = default; |   "nix-cache-pub.age" = default; | ||||||
|   "owothia.age" = default; |   "owothia.age" = default; | ||||||
|   "panettone.age" = default; |   "panettone.age" = default; | ||||||
|  |   "tf-keycloak.age" = default; | ||||||
| } | } | ||||||
|  |  | ||||||
							
								
								
									
										13
									
								
								ops/secrets/tf-keycloak.age
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								ops/secrets/tf-keycloak.age
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,13 @@ | ||||||
|  | age-encryption.org/v1 | ||||||
|  | -> ssh-ed25519 dcsaLw CRX6a8zfz3BaDYhwrBPXBgEn/o0WuS6UdvA55wYNTBc | ||||||
|  | /5gTObQ8770g8kIxCQyQj8hOh+1dkOu5DW1sz33eiy8 | ||||||
|  | -> ssh-ed25519 CpJBgQ 1/oDGaLOKblznS/ciKQ0g7Jdfg1KtEKWugjE9o9n1jo | ||||||
|  | A5wcsx6NXQpjKR8Y9jlM4JN34IUi3T4UuTIOtmOHwcs | ||||||
|  | -> ssh-ed25519 aXKGcg pYkMVxIGv408998UFzNQZvCQqBNPOSx+fvMs9FGd2nc | ||||||
|  | Ue1rNrARXo0/Fq0qazNo+5a4zc7JBLdEgrqUowOEOBg | ||||||
|  | -> ssh-ed25519 OkGqLg iLVc9k937aMAyl82TFsmDeX46PSrjQ6QpEzU0BcrNHg | ||||||
|  | NzZYEXjz4mwafayIIvGxcE0cLhhUZuzh5loyfIZzl+0 | ||||||
|  | -> `^*"*qb-grease r`; Fwf.0CJ+ | ||||||
|  | 5qQRDetp1IFec1AkHd17faslyU+7OHDiTmwoSJGZZPWrdiY | ||||||
|  | --- uguIPraC7NNVfyDIWoTVjiunofaRYY8xeLipwZuU0iQ | ||||||
|  | fÑÜÒÚEÿ''èɆ<C389>…˜%:·´»Ç'%ÖUî3aÌUÃ4‚æ.‡Étm.qW	*–ZÚÿiâp
ªÝz†g¤=v{éÌcX¾Æþo‡!-L÷i5	óL2	@A¾ÍAì | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue