[terraform] configure intial sops setup
ClosedPublic
Actions

Authored by will on Mon, Jun 3, 8:03 PM.

Details

Reviewers

bartek
varun

Commits

rCOMM4f8c01a99fa0: [terraform] configure intial sops setup

Summary

This sets up sops for our self-host keyserver config.
secrets are stored in keyserver_secrets.json

Test Plan

terraform apply and outputted secrets from keyserver_secrets.json like so:

output "my_secret" {
  value = nonsensitive(local.secrets["mariaDB"])
}

Depends on D12277

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

will created this revision.Mon, Jun 3, 8:03 PM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptMon, Jun 3, 8:03 PM

will added a child revision: D12298: [terraform] mariadb on aws.Mon, Jun 3, 8:13 PM

Harbormaster completed remote builds in B29407: Diff 40908.Mon, Jun 3, 8:19 PM

will requested review of this revision.Mon, Jun 3, 8:19 PM

Not sure if using SOPS isn't an overkill for self-hosted keyservers (sops main advantages are for secrets stored in git repos), but let's keep it for now, we can simplify it later by e.g. using gitignored plaintext env files or terraform variable files.

This revision is now accepted and ready to land.Mon, Jun 3, 10:53 PM

rebase before land

Harbormaster completed remote builds in B29459: Diff 40991.Wed, Jun 5, 10:55 AM

Closed by commit rCOMM4f8c01a99fa0: [terraform] configure intial sops setup (authored by will). · Explain WhyWed, Jun 5, 11:57 AM

This revision was automatically updated to reflect the committed changes.

will added a commit: rCOMM4f8c01a99fa0: [terraform] configure intial sops setup.