1
0
Fork 0
distrust-stack/kustomizations/forgejo/docs
ryan-distrust.co 710af7dbc7
docs: add steps to rebuild kustomization secrets
2023-05-16 22:06:13 -04:00
..
README.md docs: add steps to rebuild kustomization secrets 2023-05-16 22:06:13 -04:00

README.md

Secrets

Forgejo requires three secret keys, each protecting a specific component. They are generated using the Forgejo container, to ensure they are in the correct format. These keys can be generated by running:

sh kustomizations/forgejo/scripts/generate-forgejo-secret.sh | sops --encrypt --encrypted-regex='^(data|stringData)$' --input-type=yaml --output-type=yaml /dev/stdin > kustomizations/forgejo/forgejo-config.enc.yaml

Forgejo supports SSH but requires host keys to be pregenerated:

sh kustomizations/forgejo/scripts/generate-forgejo-ssh-secret.sh | sops --encrypt --encrypted-regex='^(data|stringData)$' --input-type=yaml --output-type=yaml /dev/stdin > kustomizations/forgejo/forgejo-ssh-keys.enc.yaml

To get the database credentials, run:

sops exec-env secrets/production.enc.env 'terraform -chdir=infra/main output -json' | jq '.database_users.value.keycloak' | sops --encrypt --encrypted-regex '^(data|stringData)$' --input-type=json --output-type=yaml /dev/stdin > kustomizations/keycloak/postgres-auth.enc.yaml

Check the Keycloak Kustomization documentation for information on generating a Client ID and Secret.