This is an opinionated template to use as a starting point for managing secrets with Flux and SOPs.
Problem: "I can manage all my Kubernetes config in git, except Secrets."
Solution: Encrypt your Secret with SOPs.
For more information on SOPs see here.
- Leverages SOPs for encryption/decryption
- Leverages age for file encryption/decryption
- Commits must meet Conventional Commits
- Automated with GitHub Actions (commit-lint)
- Pull Request titles must meet Conventional Commits
- Automated with GitHub Actions (pr-lint)
- Commits must be signed with Developer Certificate of Origin (DCO)
- Automated with GitHub App (DCO)
While this template uses age for encryption, for production environments we recommend transitioning to AWS KMS.
We've provided a detailed guide on how to adapt this template for production use with AWS KMS, here.
secrets
├── us-west-2-platform-engineering-prd
└── us-west-2-platform-engineering-sbx
Before working with the repository it is mandatory to execute the following command:
make initialise
The above command will install the pre-commit package and setup pre-commit checks for this repository including conventional-pre-commit to make sure your commits match the conventional commit convention.
As well as this it validates that unencrypted secrets are not committed to the repository.
For an example of how to add a secret to this repository see here.
For more information on how this repository works with Flux, please read here.
To contribute, please read the contribution guidelines. You may also report an issue.