From e5c3236bb1279144567f373edc613231ee15bbb4 Mon Sep 17 00:00:00 2001 From: George Angel Date: Mon, 7 Oct 2024 13:16:27 +0100 Subject: [PATCH] Make the Strongbox logic "on" by default (#104) --- README.md | 29 +++++++---------------------- main.go | 3 ++- 2 files changed, 9 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index ae552c6..fd222e2 100644 --- a/README.md +++ b/README.md @@ -39,28 +39,17 @@ resources: ## Environment Variables -### Strongbox ENVs +### Strongbox envvars -Plugin supports following _plugin envs_ which can be set in ArgoCD Application crd: +Secret name containing Strongbox keyring/identity file MUST be `argocd-voodoobox-strongbox-keyring`. -Set following envvar: - -``` -- name: STRONGBOX_ENABLED - value: "true" -``` - -to enable Strongbox decryption for your Namespace. - -Secret that contains Strongbox keyring/identity used to encrypt app secrets, must be `argocd-voodoobox-strongbox-keyring`. - -`STRONGBOX_SECRET_KEY` the value should be the name of the Secret data key which contains a valid Strongbox keyring file data. The default value is `.strongbox_keyring` +`STRONGBOX_SECRET_KEY` - set a custom "key name" for keyring data. The default value is `.strongbox_keyring`. -For age, the key must be `.strongbox_identity`. +For age, the key name MUST be `.strongbox_identity`. `STRONGBOX_SECRET_NAMESPACE` If you need to deploy a shared strongbox keyring to use in multiple namespaces, then it can be set by this ENV. the Secret should have an annotation called "argocd.voodoobox.plugin.io/allowed-namespaces" which contains a comma-separated list of all the namespaces that are allowed to use it. -Since ArgoCD Application can be used to create a namespace, wild card is not supported in the allow list. it is an exact matching. +Since ArgoCD Application can be used to create a namespace, wild card is not supported in the allow list. It is an exact match. If this env is not specified then it defaults to the same namespace as the app's destination NS. ```yaml @@ -99,15 +88,11 @@ spec: targetRevision: HEAD plugin: env: - - name: STRONGBOX_ENABLED - value: "true" - name: STRONGBOX_SECRET_NAMESPACE value: team-a - - name: STRONGBOX_SECRET_KEY - value: .strongbox_keyring ``` -### Git SSH Keys Envs +### Git SSH Keys envvars Set following envvar: @@ -272,7 +257,7 @@ subjects: |-|-|-| | ARGOCD_APP_NAME | set by argocd | name of application | | ARGOCD_APP_NAMESPACE | set by argocd | application's destination namespace | -| STRONGBOX_ENABLED | "false" | Enable Strongbox for decryption | +| STRONGBOX_ENABLED | "true" | Enable Strongbox for decryption | | STRONGBOX_KEYRING_KEY | .strongbox_keyring | the name of the secret data key which contains a valid strongbox keyring file | | STRONGBOX_SECRET_NAMESPACE | | the name of a namespace where secret resource containing strongbox keyring is located, defaults to current | | GIT_SSH_CUSTOM_KEY_ENABLED | "false" | Enable Git SSH building using custom (non global) key | diff --git a/main.go b/main.go index 8d7a79b..5259af5 100644 --- a/main.go +++ b/main.go @@ -88,8 +88,9 @@ to get comma-separated list of all the namespaces that are allowed to use it`, Name: "app-strongbox-enabled", EnvVars: []string{argocdAppEnvPrefix + "STRONGBOX_ENABLED"}, Usage: `set 'STRONGBOX_ENABLED' in argocd application as plugin - ENV. If set to "true" will use default values to lookup the + ENV. If set to "true" (default) will use default values to lookup the Strongbox secret and use it.`, + Value: true, }, // following envs comes from argocd application resource // strongbox secrets flags