security: remove all REDACTED secrets from repo, add pre-commit guard
- Delete 26 secret manifests containing REDACTED placeholder values (15 cert-manager TLS + 11 app secrets across 8 namespaces) - REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD applying these manifests corrupts live secrets in the cluster - Add .githooks/pre-commit that rejects any .yaml with REDACTED - Add README.md documenting secret management policy and manual creation commands for each service - n8n secret manifests already fixed in previous commits (618b1e8,db04fd2)
This commit is contained in:
@@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
ADMIN_TOKEN: REDACTED
|
||||
DOMAIN: REDACTED
|
||||
SIGNUPS_ALLOWED: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"name":"vaultwarden-secret","namespace":"vaultwarden"},"stringData":{"DOMAIN":"https://vaultwarden.chemavx.xyz","SIGNUPS_ALLOWED":"false"},"type":"Opaque"}
|
||||
|
||||
'
|
||||
name: vaultwarden-secret
|
||||
namespace: vaultwarden
|
||||
type: Opaque
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
tls.crt: REDACTED
|
||||
tls.key: REDACTED
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/alt-names: vaultwarden.chemavx.xyz
|
||||
cert-manager.io/certificate-name: vaultwarden-tls
|
||||
cert-manager.io/common-name: vaultwarden.chemavx.xyz
|
||||
cert-manager.io/ip-sans: ''
|
||||
cert-manager.io/issuer-group: cert-manager.io
|
||||
cert-manager.io/issuer-kind: ClusterIssuer
|
||||
cert-manager.io/issuer-name: letsencrypt-prod
|
||||
cert-manager.io/uri-sans: ''
|
||||
labels:
|
||||
controller.cert-manager.io/fao: 'true'
|
||||
name: vaultwarden-tls
|
||||
namespace: vaultwarden
|
||||
type: kubernetes.io/tls
|
||||
|
||||
Reference in New Issue
Block a user