generated from coulomb/repo-seed
chore(deploy): add encrypted runtime secret source [skip ci]
This commit is contained in:
@@ -4,7 +4,7 @@ type: workplan
|
||||
title: "Railiance01 Deployment — Production Operations Scaffold"
|
||||
domain: inter_hub
|
||||
repo: inter-hub
|
||||
status: active
|
||||
status: finished
|
||||
owner: custodian
|
||||
topic_slug: inter_hub
|
||||
created: "2026-04-29"
|
||||
@@ -217,7 +217,7 @@ that database through the `inter-hub-env` Kubernetes Secret.
|
||||
|
||||
```task
|
||||
id: IHUB-WP-0018-T05
|
||||
status: in_progress
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "926f82d1-15cd-425d-8a41-3d6b51c07f0b"
|
||||
```
|
||||
@@ -256,9 +256,17 @@ and related runtime env is committed and wired into the deploy path.
|
||||
**Progress note (2026-06-14):** Added repo root `.sops.yaml`, plaintext
|
||||
guardrails under `deploy/railiance/secrets/`, an example Secret manifest, and
|
||||
`k8s-secret-json-to-sops-input.py` to convert the live Kubernetes Secret into a
|
||||
SOPS-ready manifest without printing values. This remains in progress because
|
||||
`deploy/railiance/secrets/inter-hub.env.sops.yaml` is not committed yet; local
|
||||
`sops` tooling was not available during this session.
|
||||
SOPS-ready manifest without printing values. At that point the encrypted source
|
||||
file was still pending because local `sops` tooling was not available.
|
||||
|
||||
**Completion note (2026-06-14):** Created
|
||||
`deploy/railiance/secrets/inter-hub.env.sops.yaml` from the live
|
||||
`inter-hub/inter-hub-env` Kubernetes Secret using temporary `sops` v3.13.1 and
|
||||
the shared Railiance age recipient. Verified the file is SOPS-encrypted, parses
|
||||
as YAML, leaves only non-secret metadata reviewable, and does not contain the
|
||||
checked plaintext runtime markers. Decryption/apply verification remains a
|
||||
custody-backed operator capability because the private age identity is not
|
||||
present in the normal workstation or haskelseed shell.
|
||||
|
||||
### R6 — Helm chart in railiance-apps
|
||||
|
||||
|
||||
Reference in New Issue
Block a user