security: remove all REDACTED secrets from repo, add pre-commit guard
- Delete 26 secret manifests containing REDACTED placeholder values (15 cert-manager TLS + 11 app secrets across 8 namespaces) - REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD applying these manifests corrupts live secrets in the cluster - Add .githooks/pre-commit that rejects any .yaml with REDACTED - Add README.md documenting secret management policy and manual creation commands for each service - n8n secret manifests already fixed in previous commits (618b1e8,db04fd2)
This commit is contained in:
@@ -1,9 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
auth: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: argocd-redis
|
||||
namespace: argocd
|
||||
type: Opaque
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
admin.password: REDACTED
|
||||
admin.passwordMtime: REDACTED
|
||||
server.secretkey: REDACTED
|
||||
tls.crt: REDACTED
|
||||
tls.key: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-secret","app.kubernetes.io/part-of":"argocd"},"name":"argocd-secret","namespace":"argocd"},"type":"Opaque"}
|
||||
|
||||
'
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-secret
|
||||
app.kubernetes.io/part-of: argocd
|
||||
name: argocd-secret
|
||||
namespace: argocd
|
||||
type: Opaque
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
tls.crt: REDACTED
|
||||
tls.key: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/alt-names: argocd.chemavx.xyz
|
||||
cert-manager.io/certificate-name: argocd-tls
|
||||
cert-manager.io/common-name: argocd.chemavx.xyz
|
||||
cert-manager.io/ip-sans: ''
|
||||
cert-manager.io/issuer-group: cert-manager.io
|
||||
cert-manager.io/issuer-kind: ClusterIssuer
|
||||
cert-manager.io/issuer-name: letsencrypt-prod
|
||||
cert-manager.io/uri-sans: ''
|
||||
labels:
|
||||
controller.cert-manager.io/fao: 'true'
|
||||
name: argocd-tls
|
||||
namespace: argocd
|
||||
type: kubernetes.io/tls
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
insecure: REDACTED
|
||||
password: REDACTED
|
||||
type: REDACTED
|
||||
url: REDACTED
|
||||
username: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/secret-type":"repository"},"name":"gitea-k8s-manifests","namespace":"argocd"},"stringData":{"insecure":"true","password":"GitAdmin2026x","type":"git","url":"https://git.chemavx.xyz/chemavx/k8s-manifests","username":"chemavx"},"type":"Opaque"}
|
||||
|
||||
'
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repository
|
||||
name: gitea-k8s-manifests
|
||||
namespace: argocd
|
||||
type: Opaque
|
||||
|
||||
Reference in New Issue
Block a user