From b2a69c92c3badcb529c9001c7d7461e3c589e4d8 Mon Sep 17 00:00:00 2001 From: Danny Grove Date: Mon, 8 Jun 2020 03:25:52 -0700 Subject: [PATCH] argocd: Add GPG public key for user import --- README.md | 15 +++++++++++++ extras/deploy-key.pub | 51 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 extras/deploy-key.pub diff --git a/README.md b/README.md index c9b9239..73ad11e 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,19 @@ Secrets are encrypted in this repository using [SOPS](https://github.com/mozilla If you'd like to change anything about hashbang's infrastructure, please send a PR! +## Setup + +### Dependencies + +1. kubectl +2. kustomize +3. sops +4. [ksops][ksops] +5. gnupg + +For encrypting passwords please ensure that you import the Hashbang ArgoCD GPG Key. +This can be done by running `gpg --import extras/deploy-key.pub` + ## Common Tasks @@ -31,3 +44,5 @@ Add the new user to the admin group (`argocd/argo-cd-rbac.yaml`). Have the new user create a password for accessing metrics and hash it with `htpasswd -n -B adminusername`. Add it to `monitoring/user-auth.env.yaml`. Add the admin's PGP key to `mtls/files/admin_seeds/` (and update the list in `mtls/kustomization.yaml`) + +[ksops]: https://github.com/viaduct-ai/kustomize-sops diff --git a/extras/deploy-key.pub b/extras/deploy-key.pub new file mode 100644 index 0000000..ee0b6a2 --- /dev/null +++ b/extras/deploy-key.pub @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF7LrDwBEAC1QdiZkithEU5QKFG0/AcZP2wi39erICfdHnGYsn1KmlVTHNxq +s6fjmy7Ks6UBoII4LUYgUAgz8yMTtxbU43B/ZAO3NOOGXOYsHeR6pWFEI4XlYAxq +D1a75Tp/x2HrvmDfpN9mrYNg+ld854XFzqG5Qi2W8sOaXt5zZ0HwVSb8wkRbPu1W +g3nTodwQ15KG28EU8cz/JKRZwtPQUmTiskdUSL1rN+NWLGeaPnj3y70PVKHvkRXh +WxX6Qlxc8Wleu0Hh3KLsYtJivE/hHZpC3+IRIUgu4QlwhWc6QXwjJy/vwunlbxH7 +77Xn3Y1yqAwvrwGqGjlDLMl/MsOA3t0hW3UxrrMcroZGZfh4GVwV2Jiwft4c6GgQ +tn1A6Gf9P4A2s5IKwQD42NoUYXIR0vCo7FxUpMyVkm8AixO2FeGPTdtyjb7GV7wd +m8o37V1rJXpe2Luq+sa3gDjwRh4du0rsc/My/QBhNKptgggt6wPTRrCC5Xzmv1mT +AIXt4tRBOPqj+H4fye/OYltL8MDgaKx1+WbCNbIm/ZQFUrt4jNY1EWwAevOmaL9X +3ZbJ30bKk+Lm/1DoYrGwj1cfPvwO2740bkj5I0Aatxh0XtWW4zoEqCOy5ve2RPsU +UEOElY4KVNXTHV+kfEa8rcqgqFWEuDqjooWZlU6LtujAP3Jb95Au6j31hwARAQAB +tA9IYXNoYmFuZyBBcmdvQ0SJAlMEEwEKAD0WIQQf1mZ6CAjU1Ivbh1emG0jYKI/P +igUCXsusPAIbAwUJA8JnAAULCQoIBwQVCgkIBRYCAwEAAh4BAheAAAoJEKYbSNgo +j8+KA5kQAJ6mpI8cBFWGLWurMB8/J45gkDmqVfRVSoelkd8GtFST90UGkpKXLFcE +Qcm29LtN0Rhi2KelfOJiKYkR7i7O0bG8h8PtzoQ/vqFJjvCpKe5tFKD/Go/tZp37 +dG8thG0MiQwuCf7BVpq1+n7QMUgJ+jjYSsNJXqIShaB9ReYONVk0AWyQkr1eR+2J +Ke6OaQP61RRZCF+F7rwJV54thgznvr4OEp6FBhfePzlIgGGEDI0YjRxXb+YRMdlz +xFtTfE9blZ7+0RRM1iKrBKbydC7nS7f9iJLntSQzvLeL+0IUsoArdjwRd8bg6/P1 +HezpHxvFpbNXGRaips0NsmqiAdO/L/tU8KWmqKFYjURHnjVjgu4eFcmDlc8+ZPjI +WkF6SwKmt/2TwQFtp/BCSaz5oopKq6YcxdhUN8lRI8MA+q96s5v/zFDzhNkOIv0e ++fczDGRb5JtkXFVqHNcQY76V+qu5mPhy2ayXObgnavTh7fBMSdz/vOzdGFTE6Osr +K0oTQ6PZpBYSWaw0HH/x/raFG+a4YYeemkfoKguO9YL9TSlGzcuGvxDXVrtjimv1 +MEtGDksqyr1Gm1xt/DF6TRx0stvVnmM++pxHUX0psH1Noz/vcx9fPQmiqNWYSBkj +LohakviPoGEQOS5IiE0xxHF8Vrzd+OgFSItKdAj0mPUXn06yK4xLuQINBF7LrDwB +EADfX3InYFYljCvRrhTRe9o4y/eU3NKOPK8zk9Z108jbuMW76ze3oNLwP9Ljz+TG +SHEYTq/8c6DI4oMglngc5Y+bC36/51KM+Qi+xTH+X0oNvJi6cRdAzi1aVeRc9g8d +zZ2e5+FaogLX8PIDTRNJgbahR4eBOXVV5xFkPvRnRGoL78Ss1BKN2EjXX6R03juX +Pzf8PX7PALVvHpKryALyTSdDdlIk68wyBJ4P1q2KVI9VBR78ZSf8Jvc+RWIK0QuW +ajYyDNqZA6ARBRXoorg2HnfnO+CuvI2+l/NMP8Ootq/5fixlpnM6gcz250vK7jPd +wub4Hsmkst2bWDj/aezLvj6eGoRdZLmdUyZHiFRKGUnAckhOJFaZHOQaeniaWyWt +xY7w2duSygq2+mRjPLT4jrdbLlLD3CVWXpm72rxA5OVZRLwHWSWzFDaBZZF2eyz7 +edTJsqK/RsQAQYnoheWe3aUvuM4+RXfb3+Jtaire5CH/CBzBZogRHJjD07VXtH13 +nnXudNUKgdBourozGjPhDfm2esgW24FgY4LfpyWzC7BKSKO74wUBUjzarugCIUxU +9/1EQ/RBFKHZbuLLcsI7geekdOCW550aspl32NVpRowxSaxL2ZYqrZhOiq/W5c8r +KZBs4bIZdUVAaviZvyOylhNVnUyvWkc7C4JKwafrfHGvdQARAQABiQI8BBgBCgAm +FiEEH9ZmeggI1NSL24dXphtI2CiPz4oFAl7LrDwCGwwFCQPCZwAACgkQphtI2CiP +z4qUDA//RMxzOoV2pJRTYmiuCNcHlH3IZ2b7AjQ+x2/8urItisMTk/vRsFRSrFmI +Mc3KxwszK67lFTAhSVFv9+KzXSs3ZSOAwVaHTleP5RLtFfCfaxb1YEeT9cBUlDUq +zkm7DOGqcICu6q6Sl+Kd9Qpv3cYIEpmBe2O8mtY600bb5domgoO6l62QVC5vwF0Y +q9ey/lZaFRWypOwtrdFAcUQ/u36NfJ+hsf81+SkAFj/ioDB/muQQg7SwuNxmN0Mi +INarO9qKkBwm5ojoBJjEcg4WtsQf6EDwzj9yLNITalJChj3HQKpqSVvjXV+jX5my +6djOFzhRyj3QpT5BZr5tylHB2E+iV3xkz7Z81whFENkfV7ZLjEd0ciNBAZ3HGElH +HcU1ZWk/qJfH8i1a6LOkcf5E7Tle5huauqbKckeTqQgzJ5Bg0kE/fvZ/zK7bLiZP +SpR8SCGt78kd7jDrSha0NyuNgFCWZl4DhmvDMRavHhcEiQbomIDgBEIVXL+pxAQn +KECKQ2EiJq6jw8hUpqCcwPXtji0aECX+72P13ErJSo9VRzOHgwlq5eYchJOep4dN +1oJQBjaYjjOPcj6P1l1GPFK+gwHG/TEfiMq2f6YVrONSk9XNq9U6RWmPo69BDAHA +/+s1BIcIyGDlmxaqpMTTnBYhV7Xt1bLRZHFkoNRQbvHP3pBzaRk= +=5hAt +-----END PGP PUBLIC KEY BLOCK-----