tegwick
01d280120d
Lays out the S3 platform layer foundation for RAIL-PL-WP-0001 T01: - .sops.yaml: age encryption policy (shared key, *.sops.yaml pattern) - .gitignore: prevents accidental commit of decrypted values files - Makefile: pg-deploy, pg-status, pg-pgpool-check, valkey-deploy, valkey-status, backup targets with KUBECONFIG/HELM wiring - helm/postgresql-ha-values.yaml.template: annotated values schema with CHANGEME_ placeholders; includes pgpool-password fix from RAIL-BS-WP-0003; notes on single-node vs ThreePhoenix scaling - docs/postgresql-ha.md: connection strings, DB creation, password rotation, pgpool-password critical note, HA failover test ref, ThreePhoenix scaling path To complete T01: fill in CHANGEME_ values, encrypt with sops -e -i, then run make pg-deploy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 lines
513 B
YAML
13 lines
513 B
YAML
# SOPS encryption policy for railiance-platform
|
|
# Encrypts any file matching *.sops.yaml using the shared age key.
|
|
# Decrypt: sops -d helm/postgresql-ha-values.sops.yaml
|
|
# Use with helm: helm upgrade postgresql-ha bitnami/postgresql-ha \
|
|
# -n platform -f <(sops -d helm/postgresql-ha-values.sops.yaml)
|
|
# Encrypt: sops -e -i helm/postgresql-ha-values.sops.yaml
|
|
|
|
creation_rules:
|
|
- path_regex: \.sops\.yaml$
|
|
key_groups:
|
|
- age:
|
|
- age1aq8twfd78wvpra0had8cezcnj96tj4q0068edrz5jez8d6xwmflqdepsh4
|