1.1 KiB
1.1 KiB
Secrets
Burrow secrets live in secrets/<name>.age and are managed with agenix.
For the Forgejo Namespace Cloud runtime:
secrets/forgejo/admin-password.agesecrets/forgejo/agent-ssh-key.agesecrets/forgejo/nsc-token.agesecrets/forgejo/nsc-dispatcher-config.agesecrets/forgejo/nsc-autoscaler-config.agesecrets/cloudflare/api-token.agesecrets/hetzner/api-token.agesecrets/forwardemail/api-token.agesecrets/forwardemail/hetzner-s3-user.agesecrets/forwardemail/hetzner-s3-secret.age
Use:
make secret name=forgejo/nsc-tokenmake secret-file name=forgejo/agent-ssh-key file=/path/to/sourceScripts/provision-forgejo-nsc.shto refresh the Forgejo Namespace token and runtime configs insecrets/forgejo/*.agemake secret-file name=cloudflare/api-token file=/path/to/cloudflare-token.txtmake secret-file name=hetzner/api-token file=/path/to/hetzner-api-token.txt
The forge host decrypts these files at activation time and feeds the resulting
paths into services.burrow.forge, services.burrow.forgeRunner, and
services.burrow.forgejoNsc.