Skip to content

Commit

Permalink
fix: keys are not idempotent
Browse files Browse the repository at this point in the history
  • Loading branch information
@fredleger
fredleger committed Dec 30, 2024
1 parent 6758e13 commit f965c78
Show file tree
Hide file tree
Showing 7 changed files with 78 additions and 3 deletions.
5 changes: 4 additions & 1 deletion .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,7 @@ repos:
rev: v0.1.17
hooks:
- id: kubeconform-helm
args: [--strict]
args:
- --summary
- --strict
- --values-dir postal/ci
2 changes: 2 additions & 0 deletions postal/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@ A Helm chart for Kubernetes
| global.existingSecretName | string | `""` | |
| global.maximumDeliveryAttempts | int | `18` | |
| global.maximumHoldExpiryDays | int | `7` | |
| global.railsSecretKey | string | `""` | the secret key used to sign and encrypt cookies and session data in the application. Generate it using openssl rand -hex 64 |
| global.secretName | string | `"postal"` | |
| global.signingKey | string | `""` | key used to sign emails. Generate it using openssl genrsa -out path/to/signing.key 2048 |
| global.smtpHostname | string | `"localhost"` | |
| global.smtpRelays | string | `""` | |
| global.spamFailureThreshold | int | `20` | |
Expand Down
32 changes: 32 additions & 0 deletions postal/ci/base-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,34 @@
global:
railsSecretKey: 61a476b314ca633b67734951b4565f1f27489195e3ba0be5b569e4385d776cd126c3000df6c046de338719c14d36c8a7867140a741e76b6ea3d4a15b11c6af94
signingKey: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7FSCnvzdKiA7d
+q47EXn4gXx96+maosDtg49W+AF6owNilF/ptAIE8Cm+NLIOZ/bQnIL1n1yP72iN
rPtJylDNfoYJMyzCBmQib/8RqBVCDXnR0KbrMoogeofAVbUY75iw+B+S2ZbGv97I
A+5k5r5feZWvzoRHSNk5Bn11/Eg1DhnIvqtvPtKmaHetJAVBO299cB+mALUzQE5X
KLU8EVEAPF6AGaEtDuHGdvkn3gNGlaiEQ46/MsEWoLSSJxCaxyImZTtYFuTK0lQM
bS3a8lL/Wl0RuMX0XLCNJim3QYQPxmghieK/khXCKKaslHIIMEkCiPBkmot/Mipw
iu9ih531AgMBAAECggEAU6puMTbdxlI0u+dJFheJwa4++52Oml5hA5eLeixtlOfk
MqkCf+TF5ml1cZ/lZXXvNnpYQvqjDafWzU1oECcPnecQkHq3cIolLBWEL+RIpYKb
UU8L5zFx/nZt0YFC/UTht3svu5/dw0K5oh/H9I4Q42ffnoEwPSUCKHOTljleHYNN
WQSlxo+j1XETmVcJBASJ977aXFDOyxL+/4qFLGRq7J9ru9VWYK2VZ5mXx22tdnXu
NIu11FD3SnFduKSpS1T0ZX51b680w+i4cy5mjwC1H0u4yYYSvVpMxOjxWqrqInr2
hnmzGKKwFQX/tlZlJ3Fsi234NvAbd0ZCUUTOaZ33fQKBgQDvCaUTEGAkb9TlPcN3
L9KvQvxVCtK0Fg537vDZtQMxAdyVZDR8zFeytat4XldXKf7/7XIwt1RSVny04wPn
4jWaEcYlw4H+UHDPDq8sawp3/k3vonorh1eM4ZIlzOWyMUBEMDn5X3XEe+n+K89d
R16Lv8oGCF9zc+BHpn0vVwRCjwKBgQDIW6qQVT/f8mMIsCWVyfJ+j0rRHuLTTXIs
5ECn2tuTV2J2xnHV/EBgTyjPhR0DBNg7Q4R5XF5PNOXeY1g2jDraQnzWPIX6UmYX
3ye9PkPdIqJWWNm3nOcBEirpGFxsmQgDj1gFYBhUCXpepBdfl4ssWPzzfRiUj2fZ
GRvXfBbJOwKBgQCp5A36HbJnU0BZ6erp5Ah23kIfY0DcE60W2rE92mQ5SZxwZTbU
2BsgffQv6cVjwwpk9WsqarI4jxW1LoARJ/p21Vkib/ENQjjbQRGJnU5keE8GGVGB
bIDyNUQ9L4K1gkGt9STPM2StUHC/YH3SSy5MXvSEEyFcGih2ZEMnCU6SywKBgGUt
XTGryyjFF1vA0AoXRBzDMa3u4e6AsoKW9UuOismaHEAMsFm2G7BG6T36Y48tuCAd
VV2P1pQ7C0XFdzt8jw+++ZmaULH7QFEXwNKhCdY28jGWhsNhOYph6UdypOG2WcSq
c3GreD2f16rJRIBiX8aSXZJ7/piu3mtUcancoQkXAoGAceHeeqfkgzBIaQ/eyp1/
1Ri30uMr2VAEr8SRqPHk940cZVSoPjqdvDph4NpDb2h0Sch1A93K2QH5fKeoTwWb
MtOHJv8UieLT+5AtJp9/1VDI7bTnpj8y9GzYcKKPkiDMa6FOJdBj/qyHATIGyHA8
wwoL2dTdesL4u1/nRHp19lU=
-----END PRIVATE KEY-----
image:
registry: fake.registry
Empty file removed postal/ci/empty-values.yaml
View file
Empty file.
32 changes: 32 additions & 0 deletions postal/ci/ingress-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,35 @@
global:
railsSecretKey: 61a476b314ca633b67734951b4565f1f27489195e3ba0be5b569e4385d776cd126c3000df6c046de338719c14d36c8a7867140a741e76b6ea3d4a15b11c6af94
signingKey: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7FSCnvzdKiA7d
+q47EXn4gXx96+maosDtg49W+AF6owNilF/ptAIE8Cm+NLIOZ/bQnIL1n1yP72iN
rPtJylDNfoYJMyzCBmQib/8RqBVCDXnR0KbrMoogeofAVbUY75iw+B+S2ZbGv97I
A+5k5r5feZWvzoRHSNk5Bn11/Eg1DhnIvqtvPtKmaHetJAVBO299cB+mALUzQE5X
KLU8EVEAPF6AGaEtDuHGdvkn3gNGlaiEQ46/MsEWoLSSJxCaxyImZTtYFuTK0lQM
bS3a8lL/Wl0RuMX0XLCNJim3QYQPxmghieK/khXCKKaslHIIMEkCiPBkmot/Mipw
iu9ih531AgMBAAECggEAU6puMTbdxlI0u+dJFheJwa4++52Oml5hA5eLeixtlOfk
MqkCf+TF5ml1cZ/lZXXvNnpYQvqjDafWzU1oECcPnecQkHq3cIolLBWEL+RIpYKb
UU8L5zFx/nZt0YFC/UTht3svu5/dw0K5oh/H9I4Q42ffnoEwPSUCKHOTljleHYNN
WQSlxo+j1XETmVcJBASJ977aXFDOyxL+/4qFLGRq7J9ru9VWYK2VZ5mXx22tdnXu
NIu11FD3SnFduKSpS1T0ZX51b680w+i4cy5mjwC1H0u4yYYSvVpMxOjxWqrqInr2
hnmzGKKwFQX/tlZlJ3Fsi234NvAbd0ZCUUTOaZ33fQKBgQDvCaUTEGAkb9TlPcN3
L9KvQvxVCtK0Fg537vDZtQMxAdyVZDR8zFeytat4XldXKf7/7XIwt1RSVny04wPn
4jWaEcYlw4H+UHDPDq8sawp3/k3vonorh1eM4ZIlzOWyMUBEMDn5X3XEe+n+K89d
R16Lv8oGCF9zc+BHpn0vVwRCjwKBgQDIW6qQVT/f8mMIsCWVyfJ+j0rRHuLTTXIs
5ECn2tuTV2J2xnHV/EBgTyjPhR0DBNg7Q4R5XF5PNOXeY1g2jDraQnzWPIX6UmYX
3ye9PkPdIqJWWNm3nOcBEirpGFxsmQgDj1gFYBhUCXpepBdfl4ssWPzzfRiUj2fZ
GRvXfBbJOwKBgQCp5A36HbJnU0BZ6erp5Ah23kIfY0DcE60W2rE92mQ5SZxwZTbU
2BsgffQv6cVjwwpk9WsqarI4jxW1LoARJ/p21Vkib/ENQjjbQRGJnU5keE8GGVGB
bIDyNUQ9L4K1gkGt9STPM2StUHC/YH3SSy5MXvSEEyFcGih2ZEMnCU6SywKBgGUt
XTGryyjFF1vA0AoXRBzDMa3u4e6AsoKW9UuOismaHEAMsFm2G7BG6T36Y48tuCAd
VV2P1pQ7C0XFdzt8jw+++ZmaULH7QFEXwNKhCdY28jGWhsNhOYph6UdypOG2WcSq
c3GreD2f16rJRIBiX8aSXZJ7/piu3mtUcancoQkXAoGAceHeeqfkgzBIaQ/eyp1/
1Ri30uMr2VAEr8SRqPHk940cZVSoPjqdvDph4NpDb2h0Sch1A93K2QH5fKeoTwWb
MtOHJv8UieLT+5AtJp9/1VDI7bTnpj8y9GzYcKKPkiDMa6FOJdBj/qyHATIGyHA8
wwoL2dTdesL4u1/nRHp19lU=
-----END PRIVATE KEY-----
ingress:
enabled: true
className: "nginx"
Expand Down
4 changes: 2 additions & 2 deletions postal/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ metadata:
{{- end }}
data:
mariadb-password: {{ .Values.mariadb.auth.password | b64enc | quote }}
signing-key: {{ $key | b64enc | quote }}
rails-secret-key: {{ $key | b64enc | quote }}
signing-key: {{ .Values.global.signingKey | required "You must provide a global.signingKey value" | b64enc | quote }}
rails-secret-key: {{ .Values.global.railsSecretKey | required "You must provide a global.railsSecretKey value" | b64enc | quote }}
{{- end }}
6 changes: 6 additions & 0 deletions postal/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ commonsAnnotations: {}
global:
# use an existing secret instead of the automaticaly generated one
existingSecretName: ""
# -- key used to sign emails.
# Generate it using openssl genrsa -out path/to/signing.key 2048
signingKey: ""
# -- the secret key used to sign and encrypt cookies and session data in the application.
# Generate it using openssl rand -hex 64
railsSecretKey: ""
# The hostname that the Postal web interface runs on
webHostname: localhost
# The HTTP protocol to use for the Postal web interface
Expand Down

0 comments on commit f965c78

Please sign in to comment.