feat: Add SOPS and Age support to Core and Periphery#1053
feat: Add SOPS and Age support to Core and Periphery#1053Nikhil-Gohil wants to merge 2 commits intomoghtech:mainfrom
Conversation
That can be handled in the periphery install script, that also needs a disclaimer, and different distros support because apt, dnf, pacman and others I very likely missed have different ways to install packages apt/dnf install -y <package> #Oh lol, same syntax
pacman -Sy <package>Or alternatively it can still have the pre-decryption script as a fallback if sops and age aren't installed, and then be slowly phased out(?), emitting a warning to the log about the requirement at first |
|
I built docker images to include the SOPS + Age binaries, and found that pre-deployment hooks run after a check is performed ensuring all files exist. This means if you use alternative names for .env a dummy file must exist to pass the check before the SOPS command can run |
Nikhil-Gohil
force-pushed
the
feat/add-sops-age-support
branch
from
73fdec2 to
fa55f16
Compare
3 participants
Adding sops and age binaries to the runtime dependencies. This allows users to decrypt secrets (e.g., .env files) directly within the container for GitOps workflows, removing the need for pre-decryption scripts on the host. Will make it much easier to use sops + age based secret handling in komodo.
Right now, we have to build docker images for core/periphery (tedious) or bind mount these binaries to the docker containers (could break).
I tested this workflow by creating a komodo periphery image and running a stack:
Repo with periphery + sops/age is here: Komodo Periphery Sops
Can use this as a pre deploy for stacks in komodo assuming secrets are stored as .env.enc in git:
sops --decrypt --input-type yaml --output-type dotenv .env.enc > .envOne issue I can think about is this creates a slight difference between komodo periphery as a docker container and the systemd agent since it will be expected that if installing as a systemd agent, sops and age needs to be manually installed.