23 lines
609 B
Plaintext
23 lines
609 B
Plaintext
# Decrypted helm values — never commit plaintext secrets
|
|
helm/*.yaml
|
|
!helm/*.sops.yaml
|
|
!helm/*.yaml.template
|
|
!helm/openbao-values.yaml
|
|
!helm/openbao-middleware.yaml
|
|
!helm/openbao-ui-overlay-k8s.yaml
|
|
# Kubernetes manifests (no secrets) are safe to commit
|
|
!helm/*-cluster.yaml
|
|
!helm/*-networkpolicies.yaml
|
|
!helm/*-databases.yaml
|
|
|
|
# ArgoCD repository credentials — encrypt locally, never commit
|
|
argocd/repositories/*.repository.sops.yaml
|
|
!argocd/repositories/*.repository.sops.yaml.template
|
|
|
|
# Kubeconfig
|
|
*.kubeconfig
|
|
|
|
# Credential broker local lease/token material
|
|
.local/credential-leases/
|
|
*.openbao-token
|