Phase 2: GitOps-managed shared auth layer in infisical-operator ns — InfisicalConnection (https://infisical.chemavx.xyz) + InfisicalAuth (kubernetes method, operator SA via TokenReview) + identity-ID Secret (non-secret UUID; auth is via SA token, so safe in git). To be referenced cross-namespace by per-app InfisicalStaticSecret CRs later. No real secret yet. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
12 lines
414 B
YAML
12 lines
414 B
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: infisical-machine-identity
|
|
namespace: infisical-operator
|
|
type: Opaque
|
|
stringData:
|
|
# Non-secret UUID for machine identity "k8s-operator". Required as a secretRef
|
|
# by the InfisicalAuth schema; auth happens via the operator's SA token (TokenReview),
|
|
# so this value grants nothing on its own. Safe to commit.
|
|
identityId: "42c12566-1058-4674-a5f5-0cc1bc0ea4e7"
|