247
Comment:
|
1395
|
Deletions are marked like this. | Additions are marked like this. |
Line 8: | Line 8: |
* Notes: I missed the fact that helm secrets expect the secret files to be names secrets.yaml (or secrets<xxx>.yaml) == Using keys in Azure Key vaults == * Create key {{{ AZ_AKV_RG="akv-infra" AZ_AKV_LOCATION="Australia Southeast" AZ_AKV_SUBSCRIPTION="Infrastructure" AZ_AKV_NAME="helm-nsp-prd" ## Create multiple key vaults and keys each in a vault e.g. keya in helm-keya-prd, keyb in helm-keyb-prd for ch in keya keyb; do AZ_AKV_NAME="helm-$ch-prd" echo "AZ_AKV_NAME=$AZ_AKV_NAME , AZ_AKV_LOCATION=$AZ_AKV_LOCATION , AZ_AKV_RG=$AZ_AKV_RG" if ! az keyvault create --name $AZ_AKV_NAME --location "$AZ_AKV_LOCATION" --resource-group $AZ_AKV_RG then echo "ERROR" ; exit 1 fi i=0 while [[ i -le 45 ]] || ! nslookup $AZ_AKV_NAME.vault.azure.net ns1-01.azure-dns.com do i=$((i+1)) sleep 1 ; echo "i=$i dns for key vault does not exist yet sleep some more ..." done echo " Now create key --name $AZ_AKV_NAME in --vault-name $AZ_AKV_NAME " az keyvault key create --name $AZ_AKV_NAME --vault-name $AZ_AKV_NAME --protection software --ops encrypt decrypt done }}} |
k8s/helm/secrets - secure secrets with encryption in helm git repo
Links: https://github.com/mozilla/sops
Install plugin to helm
$ helm plugin install https://github.com/futuresimple/helm-secrets ##>> install package sops
Notes: I missed the fact that helm secrets expect the secret files to be names secrets.yaml (or secrets<xxx>.yaml)
Using keys in Azure Key vaults
Create key
AZ_AKV_RG="akv-infra" AZ_AKV_LOCATION="Australia Southeast" AZ_AKV_SUBSCRIPTION="Infrastructure" AZ_AKV_NAME="helm-nsp-prd" ## Create multiple key vaults and keys each in a vault e.g. keya in helm-keya-prd, keyb in helm-keyb-prd for ch in keya keyb; do AZ_AKV_NAME="helm-$ch-prd" echo "AZ_AKV_NAME=$AZ_AKV_NAME , AZ_AKV_LOCATION=$AZ_AKV_LOCATION , AZ_AKV_RG=$AZ_AKV_RG" if ! az keyvault create --name $AZ_AKV_NAME --location "$AZ_AKV_LOCATION" --resource-group $AZ_AKV_RG then echo "ERROR" ; exit 1 fi i=0 while [[ i -le 45 ]] || ! nslookup $AZ_AKV_NAME.vault.azure.net ns1-01.azure-dns.com do i=$((i+1)) sleep 1 ; echo "i=$i dns for key vault does not exist yet sleep some more ..." done echo " Now create key --name $AZ_AKV_NAME in --vault-name $AZ_AKV_NAME " az keyvault key create --name $AZ_AKV_NAME --vault-name $AZ_AKV_NAME --protection software --ops encrypt decrypt done