|
|
|
|
@ -75,26 +75,28 @@ For verification purposes, this repo also contains a _sample_ `.sops.yaml` to wh
|
|
|
|
|
|
|
|
|
|
### Update Project SOPS Config
|
|
|
|
|
|
|
|
|
|
The following commands explain how to update the `.sops.yaml` for a repository:
|
|
|
|
|
The following commands explain how to update the `.sops.yaml` for a repository.
|
|
|
|
|
|
|
|
|
|
Note: For a worked-through example, see next section.
|
|
|
|
|
|
|
|
|
|
1. **Prerequisite**
|
|
|
|
|
1. Obtain Project Repo
|
|
|
|
|
- CLI: **e.g.**: `git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git`
|
|
|
|
|
- CLI:: `git clone <repo_url>`
|
|
|
|
|
1. **Create Branch**
|
|
|
|
|
- CLI: **e.g.**: `git checkout -b add_pubkey_[firstname]-[lastname] origin/main`
|
|
|
|
|
- CLI: `git checkout -b add_pubkey_[firstname]-[lastname] origin/main`
|
|
|
|
|
1. **Configure Project Repo for New User**
|
|
|
|
|
1. List available groups:
|
|
|
|
|
- CLI: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh --list_groups`
|
|
|
|
|
- Reminder: Group Name usually corresponds to Repository Name
|
|
|
|
|
1. Update sops config AND all secrets files:
|
|
|
|
|
- CLI: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g <group_name> $(find . -name secrets.yaml)`
|
|
|
|
|
- **e.g.**: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd $(find . -name secrets.yaml)`
|
|
|
|
|
1. **Commit the changes, Create Change Request (PR/MR)**
|
|
|
|
|
1. git: commit the changes to `.sops.yaml` and secrets files (`secrets.yaml`) files
|
|
|
|
|
- CLI: **e.g.** `git add .sops.yaml $(find . -name secrets.yaml)`
|
|
|
|
|
- CLI: `git add .sops.yaml $(find . -name secrets.yaml)`
|
|
|
|
|
- **CAVEAT**: check for other changes with `git status` ! The files do not always follow consistent conventions.
|
|
|
|
|
- CLI: **e.g.** `git commit -m "adds <firstname>.<lastname> to sops config`
|
|
|
|
|
- CLI: `git commit -m "adds <firstname>.<lastname> to sops config"`
|
|
|
|
|
1. git: push branch
|
|
|
|
|
- CLI: **e.g.**: `git push -u origin add_pubkey_[firstname]-[lastname]`
|
|
|
|
|
- CLI: `git push -u origin add_pubkey_[firstname]-[lastname]`
|
|
|
|
|
1. gitlab: open a MergeRequest, Review, Merge
|
|
|
|
|
1. **Status**: New User has access to SOPS-Encrypted Secrets within Project Repo
|
|
|
|
|
1. **Hand-Off**: Proceed to next steps; Instruct New User to verify access to secrets
|
|
|
|
|
@ -112,7 +114,7 @@ Obtain Repo
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
## OPINIONATED GIT - use preferred method
|
|
|
|
|
git checkout -b `add_pubkey_[firstname]-[lastname]` origin/main
|
|
|
|
|
git checkout -b add_pubkey_max-musterman origin/main
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
**Configure Project Repo for New User**
|
|
|
|
|
@ -138,6 +140,22 @@ devnso-adp-argocd
|
|
|
|
|
# SUCCESS: all users with keys in this dir should have functional keys
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
**Commit the changes, Create Change Request (PR/MR)**
|
|
|
|
|
```shell
|
|
|
|
|
# git: commit the changes to `.sops.yaml` and secrets files (`secrets.yaml`) files
|
|
|
|
|
% git add .sops.yaml $(find . -name secrets.yaml)
|
|
|
|
|
# **CAVEAT**: check for other changes with `git status` ! The files do not always follow consistent conventions.
|
|
|
|
|
# output:
|
|
|
|
|
% git status
|
|
|
|
|
...
|
|
|
|
|
no changes added to commit (use "git add" and/or "git commit -a")
|
|
|
|
|
|
|
|
|
|
% git commit -m "adds max.musterman to sops config"
|
|
|
|
|
|
|
|
|
|
git push -u origin add_pubkey_max-musterman
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Now proceed to with the remaining steps, i.e. gitlab: open a MergeRequest, Review, Merge
|
|
|
|
|
|
|
|
|
|
## 3. Onboarding: [New User] Configure SOPS
|
|
|
|
|
|
|
|
|
|
|
LeeW
10 months ago