|
|
|
|
@ -77,17 +77,36 @@ For verification purposes, this repo also contains a _sample_ `.sops.yaml` to wh
|
|
|
|
|
|
|
|
|
|
The following commands explain how to update the `.sops.yaml` for a repository:
|
|
|
|
|
|
|
|
|
|
#### Prerequisite
|
|
|
|
|
|
|
|
|
|
1. **Prerequisite**
|
|
|
|
|
1. Obtain Project Repo
|
|
|
|
|
- CLI: **e.g.**: `git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git`
|
|
|
|
|
1. **Create Branch**
|
|
|
|
|
- CLI: **e.g.**: `git checkout -b `add_pubkey_[firstname]-[lastname]` origin/main`
|
|
|
|
|
1. **Configure Project Repo for New User**
|
|
|
|
|
1. List available groups: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh --list_groups`
|
|
|
|
|
1 Update sops config AND all secrets files:
|
|
|
|
|
- `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g <group_name> $(find . -name secrets.yaml)`
|
|
|
|
|
- **e.g.**: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd $(find . -name secrets.yaml)`
|
|
|
|
|
1. **Commit the changes, Create Change Request (PR/MR)**
|
|
|
|
|
1. git: commit the changes to `.sops.yaml` and secrets files (`secrets.yaml`) files
|
|
|
|
|
- CLI: **e.g.** `git add .sops.yaml $(find . -name secrets.yaml)`
|
|
|
|
|
- **CAVEAT**: check for other changes with `git status` ! The files do not always follow consistent conventions.
|
|
|
|
|
- CLI: **e.g.** `git commit -m "adds <firstname>.<lastname> to sops config`
|
|
|
|
|
1. git: push branch
|
|
|
|
|
- CLI: **e.g.**: `git push -u origin add_pubkey_[firstname]-[lastname]`
|
|
|
|
|
1. gitlab: open a MergeRequest, Review, Merge
|
|
|
|
|
1. **Status**: New User has access to SOPS-Encrypted Secrets within Project Repo
|
|
|
|
|
1. **Hand-Off**: Proceed to next steps; Instruct New User to verify access to secrets
|
|
|
|
|
|
|
|
|
|
#### Example
|
|
|
|
|
|
|
|
|
|
**Prerequisite**
|
|
|
|
|
Obtain Repo
|
|
|
|
|
```shell
|
|
|
|
|
# E.g. update sops config for DevNSO
|
|
|
|
|
% git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git
|
|
|
|
|
% cd devnso-adp-argocd/
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### Commands
|
|
|
|
|
|
|
|
|
|
**Create Branch**
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
@ -118,17 +137,6 @@ devnso-adp-argocd
|
|
|
|
|
# SUCCESS: all users with keys in this dir should have functional keys
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
**Commit the changes, Create Change Request (PR/MR)**
|
|
|
|
|
|
|
|
|
|
1. git: commit the changes to `.sops.yaml` and secrets files (`secrets.yaml`) files
|
|
|
|
|
- CLI: **e.g.** `git add .sops.yaml $(find . -name secrets.yaml)`
|
|
|
|
|
- **CAVEAT**: check for other changes with `git status` ! The files do not always follow consistent conventions.
|
|
|
|
|
- CLI: **e.g.** `git commit -m "adds <firstname>.<lastname> to sops config`
|
|
|
|
|
1. git: push branch
|
|
|
|
|
- CLI: **e.g.**: `git push -u origin add_pubkey_[firstname]-[lastname]`
|
|
|
|
|
1. gitlab: open a MergeRequest, Review, Merge
|
|
|
|
|
1. **Status**: New User has access to SOPS-Encrypted Secrets within Project Repo
|
|
|
|
|
1. **Hand-Off**: Proceed to next steps; Instruct New User to verify access to secrets
|
|
|
|
|
|
|
|
|
|
## 3. Onboarding: [New User] Configure SOPS
|
|
|
|
|
|
|
|
|
|
|
LeeW
10 months ago