viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/woodpecker
History
Viktor Barzin 63c20f23ed migrate all secrets from SOPS to Vault KV 
- Add vault provider to root terragrunt.hcl (generated providers.tf)
- Delete stacks/vault/vault_provider.tf (now in generated providers.tf)
- Add 124 variable declarations + 43 vault_kv_secret_v2 resources to
  vault/main.tf to populate Vault KV at secret/<stack-name>
- Migrate 43 consuming stacks to read secrets from Vault KV via
  data "vault_kv_secret_v2" instead of SOPS var-file
- Add dependency "vault" to all migrated stacks' terragrunt.hcl
- Complex types (maps/lists) stored as JSON strings, decoded with
  jsondecode() in locals blocks

Bootstrap secrets (vault_root_token, vault_authentik_client_id,
vault_authentik_client_secret) remain in SOPS permanently.

Apply order: vault stack first (populates KV), then all others.
2026-03-18 08:03:59 +00:00
..
main.tf migrate all secrets from SOPS to Vault KV 2026-03-18 08:03:59 +00:00
secrets [ci skip] Add Woodpecker CI stack (WIP) and claude agents 2026-02-22 21:30:25 +00:00
terragrunt.hcl migrate all secrets from SOPS to Vault KV 2026-03-18 08:03:59 +00:00
tiers.tf [ci skip] Phase 1: PostgreSQL migrated to CNPG on local disk 2026-02-28 19:08:06 +00:00
values.yaml [ci skip] Fix Woodpecker GitHub forge: add explicit GITHUB_URL to prevent Forgejo URL bleed 2026-02-24 23:02:33 +00:00