generated from coulomb/repo-seed
feat(sso-mfa): T02/T03 live apply — age-encrypted secrets, CNPG cluster (NK-WP-0001-T02/T03)
- Add encrypt-secrets.sh / decrypt-secrets.sh: age-based secrets workflow replaces KeePassXC dependency; encrypted .env.age files committed to repo - Add bootstrap/secrets.enc/: all component secrets encrypted to age pubkey - Fix .gitignore: allow secrets.enc/**/*.age while blocking plaintext - Fix verify-t02.sh: update netpol names for Authelia+LLDAP+KeyCape stack - Fix verify-t03.sh: remove keycloak_db/role checks; fix ((PASS++)) set-e bug - Update postgresql/cluster.yaml: drop keycloak_db, bootstrap privacyidea_db only - Update postgresql/create-secrets.sh: remove keycloak secret - Fix netpol-databases.yaml: add port 8000 for CNPG instance manager HTTP API - T02 COMPLETE: namespaces, network policies, cert-manager issuers applied - T03 COMPLETE: CNPG operator installed, net-kingdom-pg cluster healthy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
7
sso-mfa/bootstrap/secrets.enc/lldap/secrets.env.age
Normal file
7
sso-mfa/bootstrap/secrets.enc/lldap/secrets.env.age
Normal file
@@ -0,0 +1,7 @@
|
||||
age-encryption.org/v1
|
||||
-> X25519 yR2D3J78/vw1ohcdXCLy5IOoIuG+FtRs7Eiswk3gKyo
|
||||
c9axBYTsFS4Gqb3Zdv5Gtk+/yEtKNH21iFLU1U3mxNs
|
||||
--- Kc/0n9icRSyEEcAHJJdx2Vcv5CgjLucU8FdZArV3C2U
|
||||
ìÏ9ÍôeY<EFBFBD>œ·ŒdT-GÄëÊiΑ%½0xžày=„0úOñî—Ö«ü豃־Qÿ"ú-[gß‹ÁóÐ3eýœV3”<33>wt1½º<>“Cä$rj2\zû=IW ï7>=ŽKü<4B>ª8JUT¡G†læ"bv{g3@þ-¡â:Ƚ™2£;ÖÍPrÕUH<55>Aö-Æë<C386>°ZØÌx¦„«.ïÑx}@EMž“+©ÚHÐ
|
||||
€Óš´$¤Î;”¤<ɶ>iûáÕe˜ò1xtCÌU¡4¹àÜÒ‚‘O®¦zÃ
|
||||
Žý<EFBFBD>O{qãÔ<C3A3>qE¬Ù¡?àS<ÂsµÎg©XL<58>¬ÎÂþy«í'‚¶Ùñ«f[넪Òü6<C3BC>°W£@C{‡¢#ö<>xÐñƒÅ9<C385>÷Τ%ò2³~ªyQ™(–¥c ;¿ìùÄ͆’«#l`}uNÖ»Ž
|
||||
Reference in New Issue
Block a user