|
|
|
|
@ -88,6 +88,8 @@ Now the sample secrets file _in this repo_ has been updated, and the New User sh
|
|
|
|
|
The following commands explain how to update the `.sops.yaml` for a repository:
|
|
|
|
|
|
|
|
|
|
#### Prerequisite
|
|
|
|
|
|
|
|
|
|
Obtain Repo
|
|
|
|
|
```shell
|
|
|
|
|
# E.g. update sops config for DevNSO
|
|
|
|
|
% git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git
|
|
|
|
|
@ -96,7 +98,14 @@ The following commands explain how to update the `.sops.yaml` for a repository:
|
|
|
|
|
|
|
|
|
|
#### Commands
|
|
|
|
|
|
|
|
|
|
Configure Project Repo for New User
|
|
|
|
|
**Create Branch**
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
## OPINIONATED GIT - use preferred method
|
|
|
|
|
git checkout -b `add_pubkey_[firstname]-[lastname]` origin/main
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
**Configure Project Repo for New User**
|
|
|
|
|
|
|
|
|
|
<!-- TODO: auto-determine group with git remote show origin -->
|
|
|
|
|
<!-- TODO: auto-determine secrets files by integrating the 'find . -name secrets.yaml' in the script -->
|
|
|
|
|
@ -119,6 +128,8 @@ devnso-adp-argocd
|
|
|
|
|
# SUCCESS: all users with keys in this dir should have functional keys
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
**Commit the changes, Create Change Request (PR/MR)**
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
# commit the changes to any .sops.yaml or secrets files, e.g. with
|
|
|
|
|
## OPINIONATED GIT - use preferred method
|
|
|
|
|
@ -130,7 +141,12 @@ y
|
|
|
|
|
% git push
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
At this point, the New User has been configured and can grant themselves access to any of the secrets files in this project.
|
|
|
|
|
Open an MR and Merge the changes back into the trunk branch (e.g. `main`)
|
|
|
|
|
|
|
|
|
|
At this point, the New User has been configured
|
|
|
|
|
|
|
|
|
|
Hand Off to New User
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## 3. Onboarding: [New User] Configure SOPS
|
|
|
|
|
|
|
|
|
|
|
LeeW
10 months ago