28 lines
1.1 KiB
Markdown
28 lines
1.1 KiB
Markdown
# Secrets
|
|
|
|
Burrow secrets live in `secrets/<name>.age` and are managed with `agenix`.
|
|
|
|
For the Forgejo Namespace Cloud runtime:
|
|
|
|
- `secrets/forgejo/admin-password.age`
|
|
- `secrets/forgejo/agent-ssh-key.age`
|
|
- `secrets/forgejo/nsc-token.age`
|
|
- `secrets/forgejo/nsc-dispatcher-config.age`
|
|
- `secrets/forgejo/nsc-autoscaler-config.age`
|
|
- `secrets/cloudflare/api-token.age`
|
|
- `secrets/hetzner/api-token.age`
|
|
- `secrets/forwardemail/api-token.age`
|
|
- `secrets/forwardemail/hetzner-s3-user.age`
|
|
- `secrets/forwardemail/hetzner-s3-secret.age`
|
|
|
|
Use:
|
|
|
|
- `make secret name=forgejo/nsc-token`
|
|
- `make secret-file name=forgejo/agent-ssh-key file=/path/to/source`
|
|
- `Scripts/provision-forgejo-nsc.sh` to refresh the Forgejo Namespace token and runtime configs in `secrets/forgejo/*.age`
|
|
- `make secret-file name=cloudflare/api-token file=/path/to/cloudflare-token.txt`
|
|
- `make secret-file name=hetzner/api-token file=/path/to/hetzner-api-token.txt`
|
|
|
|
The forge host decrypts these files at activation time and feeds the resulting
|
|
paths into `services.burrow.forge`, `services.burrow.forgeRunner`, and
|
|
`services.burrow.forgejoNsc`.
|