azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 14:01:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8b7d8a42752ee379d3f2ce111ed1a74c09fe6055
admin/secrets/.sops.yaml
T
Oleksandr Bezdieniezhnykh c7b297de83
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
refactor: remove deploy.cmd and update Dockerfile for health checks 
- Deleted the deploy.cmd script as it was no longer needed.
- Updated Dockerfile to include curl for health checks and added a non-root user for improved security.
- Modified health check command to use curl for better reliability.
- Adjusted docker-compose.test.yml to reflect changes in health check configuration.
- Cleaned up appsettings.json and removed unused configuration properties.
- Removed Resource entity and related requests from the codebase as part of the architectural shift.
- Updated documentation to reflect the removal of hardware binding and related endpoints.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 08:47:21 +03:00

29 lines
1.2 KiB
YAML
Raw Blame History

# sops creation rules — see https://github.com/getsops/sops
#
# Each rule routes a path-regex to one or more age recipients (public keys).
# The matching age PRIVATE key lives outside the repo at /etc/azaion/age.key
# on the deploy host and is consumed by `scripts/deploy.sh` via
# `SOPS_AGE_KEY_FILE`.
#
# Onboarding a new operator:
# 1. They generate `age-keygen -o ~/.config/sops/age/keys.txt`
# 2. Their public key is appended below as an additional age recipient on the
# relevant rule.
# 3. Run `sops updatekeys secrets/<env>.env` to re-encrypt the file with the
# new recipient list.
# 4. Commit the updated `.sops.yaml` AND the updated encrypted file in the
# same commit. NEVER commit the private key.
#
# Cycle 1 placeholder: the recipient values below are the literal string
# `REPLACE_WITH_AGE_PUBLIC_KEY` so the file is reviewable but no real key is
# leaked. The first deploy MUST replace these before encrypting any real
# secret. The deploy script will fail loudly if it cannot decrypt.
creation_rules:
- path_regex: secrets/staging\.env$
age:
- REPLACE_WITH_AGE_PUBLIC_KEY_FOR_STAGING
- path_regex: secrets/production\.env$
age:
- REPLACE_WITH_AGE_PUBLIC_KEY_FOR_PRODUCTION
Reference in New Issue View Git Blame Copy Permalink