Differences between revisions 2 and 4 (spanning 2 versions)
Revision 2 as of 2020-05-07 00:06:40
Size: 247
Editor: PieterSmit
Comment:
Revision 4 as of 2020-06-04 00:55:50
Size: 1395
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:

 * Notes: I missed the fact that helm secrets expect the secret files to be names secrets.yaml (or secrets<xxx>.yaml)
== Using keys in Azure Key vaults ==

 * Create key {{{

AZ_AKV_RG="akv-infra"
AZ_AKV_LOCATION="Australia Southeast"
AZ_AKV_SUBSCRIPTION="Infrastructure"

AZ_AKV_NAME="helm-nsp-prd"

## Create multiple key vaults and keys each in a vault e.g. keya in helm-keya-prd, keyb in helm-keyb-prd
for ch in keya keyb; do
  AZ_AKV_NAME="helm-$ch-prd"
  echo "AZ_AKV_NAME=$AZ_AKV_NAME , AZ_AKV_LOCATION=$AZ_AKV_LOCATION , AZ_AKV_RG=$AZ_AKV_RG"
  if ! az keyvault create --name $AZ_AKV_NAME --location "$AZ_AKV_LOCATION" --resource-group $AZ_AKV_RG
    then
    echo "ERROR" ; exit 1
    fi
  i=0
  while [[ i -le 45 ]] || ! nslookup $AZ_AKV_NAME.vault.azure.net ns1-01.azure-dns.com
    do
    i=$((i+1))
    sleep 1 ; echo "i=$i dns for key vault does not exist yet sleep some more ..."
    done
  echo " Now create key --name $AZ_AKV_NAME in --vault-name $AZ_AKV_NAME "
  az keyvault key create --name $AZ_AKV_NAME --vault-name $AZ_AKV_NAME --protection software --ops encrypt decrypt
done



}}}

k8s/helm/secrets - secure secrets with encryption in helm git repo

Links: https://github.com/mozilla/sops

  • Install plugin to helm

    $ helm plugin install https://github.com/futuresimple/helm-secrets
    ##>> install package sops
  • Notes: I missed the fact that helm secrets expect the secret files to be names secrets.yaml (or secrets<xxx>.yaml)

Using keys in Azure Key vaults

  • Create key

    AZ_AKV_RG="akv-infra"
    AZ_AKV_LOCATION="Australia Southeast"
    AZ_AKV_SUBSCRIPTION="Infrastructure"
    
    AZ_AKV_NAME="helm-nsp-prd"
    
    ## Create multiple key vaults and keys each in a vault e.g.  keya in helm-keya-prd,  keyb in helm-keyb-prd
    for ch in keya keyb; do
      AZ_AKV_NAME="helm-$ch-prd"
      echo "AZ_AKV_NAME=$AZ_AKV_NAME  ,  AZ_AKV_LOCATION=$AZ_AKV_LOCATION  ,  AZ_AKV_RG=$AZ_AKV_RG"
      if ! az keyvault create --name $AZ_AKV_NAME --location "$AZ_AKV_LOCATION" --resource-group $AZ_AKV_RG
        then
        echo "ERROR" ; exit 1
        fi
      i=0
      while [[ i -le 45 ]] || ! nslookup  $AZ_AKV_NAME.vault.azure.net  ns1-01.azure-dns.com
        do
        i=$((i+1))
        sleep 1 ; echo "i=$i dns for key vault does not exist yet sleep some more ..."
        done
      echo " Now create key --name $AZ_AKV_NAME in --vault-name $AZ_AKV_NAME "
      az keyvault key create --name $AZ_AKV_NAME --vault-name $AZ_AKV_NAME --protection software --ops encrypt decrypt
    done
    

k8s/helm/secrets (last edited 2020-06-30 09:57:33 by PieterSmit)