For SOPS documentation: https://github.com/mildronize/actions-get-secret-sops
Supported Platform: WSL, Linux, Mac OS
-
Decrypt SOPS to plain text (DO NOT PUSH PLAIN TEXT)
./decrypt.sh thadaw/dev.enc.yaml > thadaw/dev.plain.yaml -
Modify
thadaw/dev.plain.yaml(DO NOT PUSH THIS FILE) -
Encrypt and replace with same file
./modify_sops.sh thadaw/dev.plain.yaml thadaw/dev.enc.yaml
-
Commit & Push code
-
Release to Pipeline (GitHub Action)
./scripts/bump-and-tag-version.sh
It will tag version, for example:
Tag created and pushed: "0.0.1"Using this version to next step
-
Go to GitHub Action Repo which using this project for downloading secrets.
- name: Checkout Secrets uses: actions/checkout@v3 with: repository: mildronize/sops-with-azure-keyvault-secrets ref: 0.0.1 token: ${{ secrets.GITHUB_TOKEN_FOR_ACCESS_PRIVATE_REPO }} path: ./sops-with-azure-keyvault-secrets
-
Create KeyVault and SOPS
./create-az-key-vault.sh ./thadaw/dev.config.yaml
-
Encrypt secret from plain text
./encrypt.sh ./thadaw/prod.config.yaml ./thadaw/prod.plain.yaml > ./thadaw/prod.enc.yaml
brew install sops
brew install jq
brew install pwgen
Install SOPS on Ubuntu or WSL
wget https://github.com/mozilla/sops/releases/download/v3.7.2/sops_3.7.2_amd64.deb
sudo dpkg -i sops_3.7.2_amd64.deb