security: remove all REDACTED secrets from repo, add pre-commit guard
- Delete 26 secret manifests containing REDACTED placeholder values (15 cert-manager TLS + 11 app secrets across 8 namespaces) - REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD applying these manifests corrupts live secrets in the cluster - Add .githooks/pre-commit that rejects any .yaml with REDACTED - Add README.md documenting secret management policy and manual creation commands for each service - n8n secret manifests already fixed in previous commits (618b1e8,db04fd2)
This commit is contained in:
@@ -1,21 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
tls.crt: REDACTED
|
||||
tls.key: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/alt-names: '*.chemavx.xyz,chemavx.xyz'
|
||||
cert-manager.io/certificate-name: wildcard-chemavx-xyz
|
||||
cert-manager.io/common-name: chemavx.xyz
|
||||
cert-manager.io/ip-sans: ''
|
||||
cert-manager.io/issuer-group: ''
|
||||
cert-manager.io/issuer-kind: ClusterIssuer
|
||||
cert-manager.io/issuer-name: letsencrypt-prod
|
||||
cert-manager.io/uri-sans: ''
|
||||
labels:
|
||||
controller.cert-manager.io/fao: 'true'
|
||||
name: wildcard-chemavx-xyz-tls
|
||||
namespace: default
|
||||
type: kubernetes.io/tls
|
||||
|
||||
Reference in New Issue
Block a user