Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

#2 Re-encrypt keycloak secrets with fighter's pubkey added to map

Browse Source
This commit is contained in:
Joey Hafner 2024-08-14 00:05:58 -07:00
parent 9ca38bd52c
commit b2028a5ad0
No known key found for this signature in database
4 changed files with 33 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.age-aliases Normal file
View File

@ -0,0 +1,16 @@
export SOPS_AGE_RECIPIENTS=$(cat .age-pubkeys)
export SOPS_AGE_KEY_FILE=$HOME/.age/key
function enc () {
input_file=$1
file_extension=${input_file##*.}
file_name=${input_file%%.*}
output_file="$file_name.enc.$file_extension"
sops --encrypt --age ${SOPS_AGE_RECIPIENTS} $input_file > $output_file
}
function dec () {
sops --decrypt --age ${SOPS_AGE_RECIPIENTS} $1
}

1
.age-decrypt.sh
View File

@ -8,4 +8,3 @@ file_name=${input_file%%.*}
output_file="$file_name.enc.$file_extension"
sops --decrypt --age ${SOPS_AGE_RECIPIENTS} $input_file

3
.age-pubkeys
View File

@ -1,2 +1 @@
age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00
age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855
age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00,age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855

30
homelab/fighter/config/keycloak/secrets.enc.env
View File

@ -1,16 +1,18 @@
keycloak_KC_DB_PASSWORD=ENC[AES256_GCM,data:P70pkDsO5Ak17sfzn6wKkD/QYP/RrKm2aXaSWg0z0B9hBg==,iv:oU2Qjeo7x1Z27RknsshKnOJ6j8JlxlJHio9S/puKHxs=,tag:sxmnpGGf6ccY0xVDAjNyug==,type:str]
keycloak_DB_PASS=ENC[AES256_GCM,data:ABuRFT0cGtnWc6p3klArNUSTktkDEuqQD3W9MCZ1AlLeBg==,iv:jh88fAy5xpVVGfchUarfHbGSLJpaQUqKPDUSWDFHIiY=,tag:UEdXH38xxwCaVTVBxFZKxA==,type:str]
keycloak_KEYCLOAK_ADMIN_PASSWORD=ENC[AES256_GCM,data:XVRU9x2o4T5NjfgZpGXDZ17HAsQbxTCFn6o3KOU4rTu3D+pH5SUHaq3NAL5YCkeveyUI/Xw3sJm5TutLzn4C+O4+,iv:Bou4sbeXVax92cVz4NJymV01cH1DdaYiplfwGSIEHkg=,tag:Xsr/A2GWanJE78qsrVo8PQ==,type:str]
forwardauth_CLIENT_SECRET=ENC[AES256_GCM,data:1Q9AX1DBzvWRMD+lILGkdUJZflnKIlVYmA9ue4pK1ve2XA==,iv:LVps+PzRNm0t7anDt84Gb1w2+Nvr9OrlbjttDucRSUg=,tag:I8btbBts5Ku4w7nDjggbxw==,type:str]
forwardauth_SECRET=ENC[AES256_GCM,data:9qEX8lWRvFafNzpC+4S3snjadC9zxLbh+Xl6tY4HQ4KuI6kk629+1x2pFr9waCJO+gCzE0HJJsnidDIoGXVHWnXA,iv:cwDdn0n1loI8+HQjABEGRlgh4842LoH7pvG71Ghf7dc=,tag:bOmthdV33T0QY66d/UlGGQ==,type:str]
forwardauth_ENCRYPTION_KEY=ENC[AES256_GCM,data:n01nxFqPK5+2qEVNyFo+zBSp6KV+Qeww/FazUUyN5+YXhw==,iv:GgIwzZOH20Me5f5xF9BfTUeTDmpDbH8SZbRjRSttHhQ=,tag:Gb8BcABBGjnJQpL1nr+k/A==,type:str]
forwardauthprivileged_CLIENT_SECRET=ENC[AES256_GCM,data:dAMvL6VHi+FRZ/yLf0k+w3ctYxWAz6aTRP6CwIHGCWt9aQ==,iv:0S70DtS04ayXHEoTPzvmKyNMNFwZr0DnBVLe6gGr77g=,tag:Tvq2o9DhepmGjpLzYWnxSQ==,type:str]
forwardauthprivileged_SECRET=ENC[AES256_GCM,data:YEBRYfEzH3Seqb+tS7AaRJtXyVOSIrHErBaL11JSRywtemVbZuBRnL2CEgxZAiP/3zI=,iv:sVd6PfC/aJWMk/+1NojW5hCOAYAPCEqLTBBmWYyLKG0=,tag:qCasD+ngKjdxo6zTLngSRw==,type:str]
forwardauthprivileged_ENCRYPTION_KEY=ENC[AES256_GCM,data:eARXrKKaoE+me1PchYuUPMPL/M63OBEgLO67kDYslyA3Pw==,iv:Dw+3wn+i+afIPlQxuh5wswAcTMhzroBXaHBnF0j2mDw=,tag:OeFSu50RsPvRlRu5YS3etA==,type:str]
postgres_POSTGRES_PASSWORD=ENC[AES256_GCM,data:aWfkhXHRslusFrelk4IMGsElEZKqiFnhGjhZJA3l/t/RpA==,iv:TZcDiACS4d3WttS6pmICCpgxLpyTg6o45P4rqoR6i2c=,tag:JBCv4hefBOU/kU/CXAhe4g==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSmVTS0ZnRVk1UURUZlJY\nSWJVZHY1RlJuQW5VMGRTZ29nR0hPYWZ0VVFVCkZndy81UXArOVNpWjJrekE5UVFU\ndHBQOWNoSzNpSjR0Y282Rno4OUZLUG8KLS0tIHMwS2pUT0NSUkRUcHpwbGIrMk81\ndWltUUtJRVI4SEJrN045cjkxMUdOTHcKN49PAzlu6yfWItZy5UdkmJzkVwCID6Tl\nL/os2MZF4ZjxuAcbltt8Jc7/rHmZwPKivyVeJ71e13ar+hYdU9h/dg==\n-----END AGE ENCRYPTED FILE-----\n
keycloak_KC_DB_PASSWORD=ENC[AES256_GCM,data:Sa6/qn+gFQx+gthxrXpb9zpbSIqTyFh3lWy3uVdycR4xKw==,iv:hf/5wLeB6gYvN/GEKIlxSpQsYMovXobcEUkakhQP+eA=,tag:Sbz1jsEt9HvDvy+HcVw0Wg==,type:str]
keycloak_DB_PASS=ENC[AES256_GCM,data:Pq0TO3aRxHVTs/216Q3YaJWRLbcYpuATWcyOtmtY5/EOAQ==,iv:sTEr5DnfCHGSCCybqskTNtI0M3V5IO1faAOROuRWo20=,tag:cdBcRfCtO4NriGwe7Yn1Vg==,type:str]
keycloak_KEYCLOAK_ADMIN_PASSWORD=ENC[AES256_GCM,data:YZ4i8dpMwqJFOZKPBuQWw3YzthKVndIQvw5O4JmMocgkRMn2COAR6wTR32gN2tv+I8eO+Ke0U4mP3uxaNESx+86s,iv:7hLH9Qir1Q9c0xEvKEnKFx+mshku38iDaEsG227Fzps=,tag:RS7JNAw8FHiARmfwMrpT/Q==,type:str]
forwardauth_CLIENT_SECRET=ENC[AES256_GCM,data:URHSO4KgdcSEsCQL1fiBVm+89U1H3DHSnsaJQswuQfIpMw==,iv:+IdIadL82TIutr2ffqPRtkF2SwL2WShJxB1XGgvefsU=,tag:5lJMLwZJxK4ldYBAavw3Dg==,type:str]
forwardauth_SECRET=ENC[AES256_GCM,data:Kz5lvloDt45XBiwLTRGEtuz37vZu+3XmvhPuDtaDNjzmXbPrZt92x6HObcAzVvGmf95yOO+DXE1Z6FmENTVhywsW,iv:XRETk6CTv4EWtwqjfbbcvU1aflxPrZBViT55HY4hD10=,tag:dL5AsoXHa3+XZPa9Qf502Q==,type:str]
forwardauth_ENCRYPTION_KEY=ENC[AES256_GCM,data:Fri2u0iO/GyI8vuJbjUI75A1CF/b4jJ224W8ZdWblrPhLA==,iv:+zbc2KuRw32x/uxlkRdCXtPgaRcXX5CNFvlmB9Wifoc=,tag:1NxvfUk3hkSCiL2lAnxK4w==,type:str]
forwardauthprivileged_CLIENT_SECRET=ENC[AES256_GCM,data:E8CmrjhoAa+ByZW/GN2CR72YbRLMpPwtcrCuqkkPtQoaxg==,iv:a6gZ9lJuG+9QUt7cfp/EKQk8rIE9JivtGM5ryk5VLEo=,tag:r2Y/sDCbUmmRtMMrBi1KVA==,type:str]
forwardauthprivileged_SECRET=ENC[AES256_GCM,data:vd0HwADInp+HRVXc4v7x9aP3usN2Q5ZCU2ro5ucm3OPWQ1uNIHgIYgquhaSitLSEVmA=,iv:jO83wNiUXgtTPIcgsdFMynG8bVCUB+1Z/ignoaNnYe4=,tag:X1X6ERgYp1tImaIIfNhFyA==,type:str]
forwardauthprivileged_ENCRYPTION_KEY=ENC[AES256_GCM,data:mrkngv5W5PcB14tS3XqRcbqsNGuzKOaTqi8ZFu7kLL9m6A==,iv:w4E/MSq87im3EqMD//5/Bex6ktUQlnKZLC9NyMWQ48U=,tag:t/TTL4/CSPF7WhVGslAxgQ==,type:str]
postgres_POSTGRES_PASSWORD=ENC[AES256_GCM,data:2eMWJK8LR1yNed8vardojB2+Xbl0u53mbr3MWxEZRy3IdA==,iv:MpV3yFfv/GRjP4r0hSuBBsApLW0lznDA0Rbm1Bokeps=,tag:RhGhTkR+O3up8+Cr440LSA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1RGtUaUtlMVFORDBKU1JQ\nZUJSeXZ1aWhsZndwU2pDWktxY0lzb3lEQmpvCkV1Zk4rZVpFcXNITHNDemx4alIy\nQVJjZDE5Z0xhVU5hV05ydm1PR0Q1a0EKLS0tIDFnT3NpWGhPWW9MZ0xsbzZERmR2\nZjA2Zk92REhhUDlBTjk5VUw4Y1lKTnMKMNpzaYpazx0MeaDR931sPNG043OLHczz\nKB42qQe91dZ8xsxCR2j4Rv9R8iHljlexPEbdYdTXZB4qyoJcPfOzPw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00
sops_lastmodified=2024-08-14T06:28:48Z
sops_mac=ENC[AES256_GCM,data:mPzTbLH3nEo0D3w1RJ1Ik/VzRim8hs82ApAklzNPkUxMhDOXR2m9XuKITyDxORcRSeiMyiTWSvL6ePNDrrVkbMCM6wcsyrA+unrSWYTDaFkXJ+1sXxlOH8yYoUJrWRytuRhLmwM7Kf+CUdrQKgAitekfc9K0HbIYczsotM4ZQBo=,iv:DL1ym0PQiHbwOPV7WJzUhYC4kWq68KET/8WzbcsALcM=,tag:Vhcq3BbfN4m/82jwqjvzNw==,type:str]
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieVlsTmZSdGxidmlYRTJv\nQnVxLzh5bkp4bnpibE5RdEx1WEFtRWYrVWswCnJSaDJuV1YxRGtoaFptVUZhOUY2\nY0cxZlpKRmhteXF3RUw4S0RRa1RHM2MKLS0tIDhQOG5sNkFDL3hpQWJ5dFRpdEhO\nRk8xa2wrV1ZBRnB1VVdYcUdoeXlmMDAKa3LSvmSIIYdPLuUwy/Z+a+piiY3C1+ot\n76gYAhe6fTPkwk2479dQ2PyD2m4zuIxprsAHdRFuBhG5BvkVnG2mpw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855
sops_lastmodified=2024-08-14T07:04:27Z
sops_mac=ENC[AES256_GCM,data:CW8Jl6siqoaAkJaXW26x7LC7jqKW3yaLd9995F/pAJQCqJrpbrx+bJnFtukPFlH3LV9hvX5Hc2FASu9UXR6xbJ4Q8rzd6Yy1L0LhNy2cwl3m/qzvpYCrDViSX17V6AFp0cmbPN+qUsInsgqP4UhWNU8Qm7hfaBtzMyNGzSIva9k=,iv:PxOMsYbwQQ004e1ael6cqbicCpan6wZYfPQ8rRUx6us=,tag:VArxq+lteHYY7J8mRWgKHA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0
sops_version=3.9.0