From 0059b69708eb709957209b78cff7d8d73f99fa81 Mon Sep 17 00:00:00 2001 From: isindir Date: Sat, 14 Nov 2020 12:03:11 +0000 Subject: [PATCH] Managing secrets (#38) * fix: reconciling of the child secret resources updated/deleted manually --- Makefile | 2 +- chart/helm2/sops-secrets-operator/Chart.yaml | 4 +- chart/helm2/sops-secrets-operator/README.md | 12 +-- chart/helm2/sops-secrets-operator/values.yaml | 2 +- chart/helm3/sops-secrets-operator/Chart.yaml | 4 +- chart/helm3/sops-secrets-operator/README.md | 12 +-- .../tests/operator_test.yaml | 6 +- chart/helm3/sops-secrets-operator/values.yaml | 2 +- controllers/sopssecret_controller.go | 6 +- docs/index.yaml | 73 ++++++++++++------ docs/sops-secrets-operator-0.5.1.tgz | Bin 0 -> 5852 bytes docs/sops-secrets-operator-0.6.1.tgz | Bin 0 -> 8263 bytes 12 files changed, 75 insertions(+), 48 deletions(-) create mode 100644 docs/sops-secrets-operator-0.5.1.tgz create mode 100644 docs/sops-secrets-operator-0.6.1.tgz diff --git a/Makefile b/Makefile index 91262767..05f6cc7a 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ SHELL := /bin/bash GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go -SOPS_SEC_OPERATOR_VERSION := 0.1.6 +SOPS_SEC_OPERATOR_VERSION := 0.1.7 # https://github.com/kubernetes-sigs/controller-tools/releases CONTROLLER_TOOLS_VERSION := "v0.3.0" diff --git a/chart/helm2/sops-secrets-operator/Chart.yaml b/chart/helm2/sops-secrets-operator/Chart.yaml index 7a0d5851..e4eb88c9 100644 --- a/chart/helm2/sops-secrets-operator/Chart.yaml +++ b/chart/helm2/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -version: 0.5.0 -appVersion: 0.1.6 +version: 0.5.1 +appVersion: 0.1.7 description: sops secrets operator name: sops-secrets-operator sources: diff --git a/chart/helm2/sops-secrets-operator/README.md b/chart/helm2/sops-secrets-operator/README.md index 74a66b8e..d305ad60 100644 --- a/chart/helm2/sops-secrets-operator/README.md +++ b/chart/helm2/sops-secrets-operator/README.md @@ -83,7 +83,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat | ------------------------ | ----------------------- | -------------- | | `replicaCount` | Deployment replica count - should not be modified | `1` | | `image.repository` | Operator image | `"isindir/sops-secrets-operator"` | -| `image.tag` | Operator image tag | `"0.1.5"` | +| `image.tag` | Operator image tag | `"0.1.7"` | | `image.pullPolicy` | Operator image pull policy | `"Always"` | | `imagePullSecrets` | Secrets to pull image from private docker repository | `[]` | | `nameOverride` | Overrides auto-generated short resource name | `""` | @@ -96,11 +96,11 @@ The following table lists the configurable parameters of the Sops-secrets-operat | `gcp.enabled` | Node labels for operator pod assignment | `false` | | `gcp.svcAccSecretCustomName` | Name of the secret to create - will override default secret name if specified | `""` | | `gcp.svcAccSecret` | If `gcp.enabled` is `true`, this value must be specified as gcp service account secret json payload | `""` | -| `azure.enabled` | If `true` azure secret will used/created depending on other values set. | `false` | -| `azure.tenantId`| Tenant ID of the Azure Service principal to use for Key access | `''` | -| `azure.clientId`| Client (Application) ID of the Azure Service principal to use for Key access | `''` | -| `azure.clientSecret`| Client Secret of the Azure Service principal to use for Key access | `''` | -| `azure.existingSecretName`| If set the named secret will be used to find the Azure SP credentials. | `''` | +| `azure.enabled` | If true azure keyvault will be used | `false` | +| `azure.tenantId` | Tenantid of azure service principal to use | `""` | +| `azure.clientId` | Clientid (application id) of azure service principal to use | `""` | +| `azure.clientSecret` | Client secret of azure service principal | `""` | +| `azure.existingSecretName` | Name of a pre-existing secret containing azure service principal credentials (clientid, clientsecret, tenantid) | `""` | | `secretsAsEnvVars` | Configure custom secrets to be used as environment variables at runtime, see values.yaml | `[]` | | `secretsAsFiles` | Configure custom secrets to be mounted at runtime, see values.yaml | `[]` | | `resources` | Operator container resources | `{}` | diff --git a/chart/helm2/sops-secrets-operator/values.yaml b/chart/helm2/sops-secrets-operator/values.yaml index 6612985c..7a439cf7 100644 --- a/chart/helm2/sops-secrets-operator/values.yaml +++ b/chart/helm2/sops-secrets-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 # Deployment replica count - should not be modified image: repository: isindir/sops-secrets-operator # Operator image - tag: 0.1.6 # Operator image tag + tag: 0.1.7 # Operator image tag pullPolicy: Always # Operator image pull policy imagePullSecrets: [] # Secrets to pull image from private docker repository diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml index b22d1eeb..ed402fb7 100644 --- a/chart/helm3/sops-secrets-operator/Chart.yaml +++ b/chart/helm3/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 0.6.0 -appVersion: 0.1.6 +version: 0.6.1 +appVersion: 0.1.7 type: application description: sops secrets operator name: sops-secrets-operator diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md index 2d08fadc..7a316937 100644 --- a/chart/helm3/sops-secrets-operator/README.md +++ b/chart/helm3/sops-secrets-operator/README.md @@ -83,7 +83,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat | ------------------------ | ----------------------- | -------------- | | `replicaCount` | Deployment replica count - should not be modified | `1` | | `image.repository` | Operator image | `"isindir/sops-secrets-operator"` | -| `image.tag` | Operator image tag | `"0.1.5"` | +| `image.tag` | Operator image tag | `"0.1.7"` | | `image.pullPolicy` | Operator image pull policy | `"Always"` | | `imagePullSecrets` | Secrets to pull image from private docker repository | `[]` | | `nameOverride` | Overrides auto-generated short resource name | `""` | @@ -96,11 +96,11 @@ The following table lists the configurable parameters of the Sops-secrets-operat | `gcp.enabled` | Node labels for operator pod assignment | `false` | | `gcp.svcAccSecretCustomName` | Name of the secret to create - will override default secret name if specified | `""` | | `gcp.svcAccSecret` | If `gcp.enabled` is `true`, this value must be specified as gcp service account secret json payload | `""` | -| `azure.enabled` | If `true` azure secret will used/created depending on other values set. | `false` | -| `azure.tenantId`| Tenant ID of the Azure Service principal to use for Key access | `''` | -| `azure.clientId`| Client (Application) ID of the Azure Service principal to use for Key access | `''` | -| `azure.clientSecret`| Client Secret of the Azure Service principal to use for Key access | `''` | -| `azure.existingSecretName`| If set the named secret will be used to find the Azure SP credentials. | `''` | +| `azure.enabled` | If true azure keyvault will be used | `false` | +| `azure.tenantId` | Tenantid of azure service principal to use | `""` | +| `azure.clientId` | Clientid (application id) of azure service principal to use | `""` | +| `azure.clientSecret` | Client secret of azure service principal | `""` | +| `azure.existingSecretName` | Name of a pre-existing secret containing azure service principal credentials (clientid, clientsecret, tenantid) | `""` | | `secretsAsEnvVars` | Configure custom secrets to be used as environment variables at runtime, see values.yaml | `[]` | | `secretsAsFiles` | Configure custom secrets to be mounted at runtime, see values.yaml | `[]` | | `resources` | Operator container resources | `{}` | diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml index 58974f09..f1c32e31 100644 --- a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml +++ b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml @@ -30,8 +30,8 @@ tests: app.kubernetes.io/instance: sops app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: sops-secrets-operator - app.kubernetes.io/version: 0.1.6 - helm.sh/chart: sops-secrets-operator-0.6.0 + app.kubernetes.io/version: 0.1.7 + helm.sh/chart: sops-secrets-operator-0.6.1 # template metadata and spec selector - it: should correctly render template metadata and spec selector @@ -140,7 +140,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: isindir/sops-secrets-operator:0.1.6 + value: isindir/sops-secrets-operator:0.1.7 - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml index 6612985c..7a439cf7 100644 --- a/chart/helm3/sops-secrets-operator/values.yaml +++ b/chart/helm3/sops-secrets-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 # Deployment replica count - should not be modified image: repository: isindir/sops-secrets-operator # Operator image - tag: 0.1.6 # Operator image tag + tag: 0.1.7 # Operator image tag pullPolicy: Always # Operator image pull policy imagePullSecrets: [] # Secrets to pull image from private docker repository diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go index 9ac06db3..f7bba7f0 100644 --- a/controllers/sopssecret_controller.go +++ b/controllers/sopssecret_controller.go @@ -87,9 +87,6 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) return reconcile.Result{}, err } - // totalSecrets := len(instance.Spec.SecretsTemplate) - // reconciledSecrets := instanceEncrypted.Status.SecretsReconciled - // iterating over secret templates r.Log.Info("Entering template data loop", "sopssecret", req.NamespacedName) for _, secretTemplateValue := range instance.Spec.SecretsTemplate { @@ -199,6 +196,7 @@ func (r *SopsSecretReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&isindirv1alpha2.SopsSecret{}). + Owns(&corev1.Secret{}). Complete(r) } @@ -286,7 +284,7 @@ func getSecretType(paramType string) corev1.SecretType { return kubeSecretType } -// decryptSopsSecretInstance decrypts data_template +// decryptSopsSecretInstance decrypts spec.secretTemplates func decryptSopsSecretInstance( instanceEncrypted *isindirv1alpha2.SopsSecret, reqLogger logr.Logger, diff --git a/docs/index.yaml b/docs/index.yaml index 0dce7f9b..9ff29c6f 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,9 +1,24 @@ apiVersion: v1 entries: sops-secrets-operator: + - apiVersion: v2 + appVersion: 0.1.7 + created: "2020-11-14T12:01:26.207716Z" + description: sops secrets operator + digest: f2a606c3837843241bb9d59adc02c38e1cca98753c602b9f758cc61d735ca7cd + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + type: application + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.6.1.tgz + version: 0.6.1 - apiVersion: v2 appVersion: 0.1.6 - created: "2020-11-08T11:26:09.88463Z" + created: "2020-11-14T12:01:26.206844Z" description: sops secrets operator digest: a2bbf9b39ec5f5b82965037f8f245fb3122adbe31b1c7d336fa1f4cddb228b88 maintainers: @@ -16,9 +31,23 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.6.0.tgz version: 0.6.0 + - apiVersion: v1 + appVersion: 0.1.7 + created: "2020-11-14T12:01:26.20573Z" + description: sops secrets operator + digest: b54b5d8497564ddc04bd6d8b105eb0a3559e82ae1f6aab2f59ed3e426f119287 + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.5.1.tgz + version: 0.5.1 - apiVersion: v1 appVersion: 0.1.6 - created: "2020-11-08T11:26:09.883758Z" + created: "2020-11-14T12:01:26.205036Z" description: sops secrets operator digest: 177f1ed214d6e72eda589a6ab155a417c1a4229bfda11e87f24af125a3542ad1 maintainers: @@ -32,7 +61,7 @@ entries: version: 0.5.0 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-08T11:26:09.882992Z" + created: "2020-11-14T12:01:26.203955Z" description: sops secrets operator digest: 1535e130357afa883db0b3d30735c817d3b7d412fe5bdfd71534d0c08defa7d1 maintainers: @@ -47,7 +76,7 @@ entries: version: 0.4.8 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-08T11:26:09.881392Z" + created: "2020-11-14T12:01:26.202843Z" description: sops secrets operator digest: 19b11dc2d1945f3c436a7d03763b4391d4a382fc13ea515d25422827d859d6d0 maintainers: @@ -62,7 +91,7 @@ entries: version: 0.4.7 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-08T11:26:09.880387Z" + created: "2020-11-14T12:01:26.201815Z" description: sops secrets operator digest: c839e5d3374b948d27ad49643411f4891fdec44d179dea06423bb0d6e29d5e32 maintainers: @@ -77,7 +106,7 @@ entries: version: 0.4.6 - apiVersion: v2 appVersion: 0.1.4 - created: "2020-11-08T11:26:09.879162Z" + created: "2020-11-14T12:01:26.200254Z" description: sops secrets operator digest: c71f9f66be32f8b9d3c8d780b09b2455a40fd9755314004efd2bb8d379dafe3c maintainers: @@ -92,7 +121,7 @@ entries: version: 0.4.5 - apiVersion: v2 appVersion: 0.1.3 - created: "2020-11-08T11:26:09.878056Z" + created: "2020-11-14T12:01:26.199442Z" description: sops secrets operator digest: f3f2f89d4ef6018776df0a12a63dd2f9c9519b9d1ac03a9a405e31d0fd902ba0 maintainers: @@ -107,7 +136,7 @@ entries: version: 0.4.4 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-11-08T11:26:09.877231Z" + created: "2020-11-14T12:01:26.198498Z" description: sops secrets operator digest: 1fd5eed318627f5ed0656f4e8ce4a25729568a1626ae313bcbe21050f5f26240 maintainers: @@ -122,7 +151,7 @@ entries: version: 0.4.3 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-11-08T11:26:09.876415Z" + created: "2020-11-14T12:01:26.197557Z" description: sops secrets operator digest: 1f4f9869c75f0922e83ba5d530e101bd4252d5c1c31365800cc9d1425680cf18 maintainers: @@ -137,7 +166,7 @@ entries: version: 0.4.2 - apiVersion: v2 appVersion: 0.1.1 - created: "2020-11-08T11:26:09.875213Z" + created: "2020-11-14T12:01:26.196731Z" description: sops secrets operator digest: 6b054a4e9f261eea3cb84ee2e70b87b24780f1703e2c218ea5f69b7f82d1876f maintainers: @@ -152,7 +181,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 0.1.0 - created: "2020-11-08T11:26:09.874428Z" + created: "2020-11-14T12:01:26.195036Z" description: sops secrets operator digest: 78b62ab37eac1b45f0a68a9752a3615c5d3f1c960bb4057e665923ce104931cf maintainers: @@ -167,7 +196,7 @@ entries: version: 0.4.0 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-08T11:26:09.873663Z" + created: "2020-11-14T12:01:26.194196Z" description: sops secrets operator digest: 41baa3c580cb9d8951c18513a4f04c4dbbfad99de9c62f53de2450c0c7b76725 maintainers: @@ -181,7 +210,7 @@ entries: version: 0.3.7 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-08T11:26:09.872322Z" + created: "2020-11-14T12:01:26.193051Z" description: sops secrets operator digest: 1103b1f7bf7af3f400c172227cd5a3659f3a03e5e8158b19ba0b25f7ed45208b maintainers: @@ -195,7 +224,7 @@ entries: version: 0.3.6 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-08T11:26:09.871465Z" + created: "2020-11-14T12:01:26.192216Z" description: sops secrets operator digest: 15c72ba7fb09d0e980ec32fd94f56893c439c05c435281a9ab9c8bc94bd20063 maintainers: @@ -209,7 +238,7 @@ entries: version: 0.3.5 - apiVersion: v1 appVersion: 0.1.4 - created: "2020-11-08T11:26:09.870604Z" + created: "2020-11-14T12:01:26.191341Z" description: sops secrets operator digest: 025a6a6381b75286756ef55105ace6e911e5a5818b495ede6356cc8ec572aeac maintainers: @@ -223,7 +252,7 @@ entries: version: 0.3.4 - apiVersion: v1 appVersion: 0.1.3 - created: "2020-11-08T11:26:09.868366Z" + created: "2020-11-14T12:01:26.188731Z" description: sops secrets operator digest: f61b070b640169439cf4ab500047c1e356748a85871f7aeefde46d63d87d453a maintainers: @@ -237,7 +266,7 @@ entries: version: 0.3.3 - apiVersion: v1 appVersion: 0.1.2 - created: "2020-11-08T11:26:09.866878Z" + created: "2020-11-14T12:01:26.187297Z" description: sops secrets operator digest: 2b37dc4e545e8a9540f6b7693079b98bf161ec5a68899defcfc9420bdcbb33e3 maintainers: @@ -251,7 +280,7 @@ entries: version: 0.3.2 - apiVersion: v1 appVersion: 0.1.1 - created: "2020-11-08T11:26:09.864728Z" + created: "2020-11-14T12:01:26.185764Z" description: sops secrets operator digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091 maintainers: @@ -265,7 +294,7 @@ entries: version: 0.3.1 - apiVersion: v1 appVersion: 0.1.0 - created: "2020-11-08T11:26:09.863104Z" + created: "2020-11-14T12:01:26.184424Z" description: sops secrets operator digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a maintainers: @@ -279,7 +308,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.0.10 - created: "2020-11-08T11:26:09.861444Z" + created: "2020-11-14T12:01:26.182914Z" description: sops secrets operator digest: 5e4c8bc37ea2c819c55b288c0a5e76ff8c9c02be591bd53776606666af45581c maintainers: @@ -294,7 +323,7 @@ entries: version: 0.2.1 - apiVersion: v1 appVersion: 0.0.10 - created: "2020-11-08T11:26:09.860353Z" + created: "2020-11-14T12:01:26.181727Z" description: sops secrets operator digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f maintainers: @@ -306,4 +335,4 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz version: 0.1.10 -generated: "2020-11-08T11:26:09.8588Z" +generated: "2020-11-14T12:01:26.179109Z" diff --git a/docs/sops-secrets-operator-0.5.1.tgz b/docs/sops-secrets-operator-0.5.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f5e0da7e6fbfe6289c8dbc383c87cd06d0a85e11 GIT binary patch literal 5852 zcmV<279;5&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBjQ{1?+|GxI8=>M>%2psHr2nkzrYES(+z;dWffC}tx?akd{ zGTb29_Ai2^!WHOql)_~xav~Y; z9!v?B-kikIH;-`jdcEH3-Cg}}uh(n-+k5$H@J;{a-m8~;yDxVKufOT_U+wMQ}o#^R-8?pl@55iH|AYLZhaQ!(sz zLn^1)*z;N3wG_Iob-j>EXI6IPmDhLvY)St$uXg*Nktjp)SPo!?{lDIO)oa@S-fr*N z{-5I7fJ2;+ERtZx943sn+oR`fz~z(*paKZ|y8rf#J7GK~QeprT8lft1h<-#k!i;cA z#t{mT48{m45ds6CiDWQm83&1R8WD-Ya~zIoM169=vP2G{51{Cz5u3-DNU(3gSFZtF z5L1>#0VGT+$}tP*gks=0G$tVq9Z)rxppx-<;b_|3glg$5|E;S#0Fs2(_bt9wFCBn1 zi=uNDQGY&!{pg0wMN3gt2vS|j@^+p@(S>1Q2=9MWb?mK@k}hwmPB@Dp<#a|QLcsiM zlb)<4v{ubtYL9-HS-XlCVL;*#L4Q zoRkIoNx~#i6NDJT=P!y-<&jkY5(F5i--YZ`7C4STKBGSF`+9WM;E@KkJBi6Df+YdO z&~ThE4HY3wlmZ4rn2<=I;_74qBgr!y!STVloyOpXMvE?g3DXS3ND=|#dCmz#fBORCDn!?3UkVY9-$4muzl8E-{%-$A}NUkOp&ANRwl5eWf)_` zZj^ec_XJXoZeGgvS@~)!K0WvwaA|H2m5v#{F6?NgoF+a^Nn|NHPz-{tdth!4;l+Nc zCmiK);N);?k=Xe%Viiry30e<-2N5l$^TqBN&GDHIt+mNq<6IP7-YGh;s5>`QPIV2E zrktgmD*H0pq=s@q*p}nmJX@umbE2Ls6URYicwgiK-LaA|&FvI}w57bip8fX4Q8N3P z@M2c@xHvj^cXWAm{O;)J z^5pc`*~q=C5l1|?v4R_NL?wl?#E&>1Lh-ol!w)pVb$d`uCU@})`%$C=E1?IJCe0}; zr$Q6xbW!@<31b};WQ z3U0!f5``{vPULi0X?jtL)=-^1bSMIZB380mr2`yWMjOO0YM3(;MRVZjvpB}YgnW_} zZZw}EikjLIB!dW*C)D1as9@D+iSQ}Q3~7JLl-jC^OxcK9pL!;;C6Qo26Xik$3h<{S z@y)+n3N=!|lB(93fq{rhsUv`ml9e40nLky{zoiMi&c^8FQ$)bvh9tF~RH|i(>8;ev zO;{AM8>MK9dPEadgajXyYmifnRRan7CJ9G1I+Qy2qnAj5*P=nMmZYSq{af zXNksCilP1u;HTLT`n_Ik?_-R09Niy$_m|ul<9HO)XphwXgq+)miuS?DFWslb_^QtT9*Z|Eb^g z_5WV~_4EGUlU%FD|7wa+id=XyeehP$it!)py?j|8|3Ry1Onl5p zWY>FXs{7$Nzo4P6%S+XU>XU#m`b4=>!D56TvoZ1nB?{B~3B@Q7KscHiG~bY*0$z;g zS~7>H7pkm|p;Pp?Jm+Kr93vH77$P?Mu_1Gerkpr3tsp5Z4sjeLrgEGS0FOJRHX%$CNiqt}tTlknUS&&t-ZKV>EgoGHl<9VH@ zd?DT#o3;G^s`+1U09}~^4?PcBG5_~_3-f=!-`{(l|DWQrdaS%r?v(YA=liGdLM^%* zuNF3twv_H&(--Olw!C8zKFH;lix%r#zuwdHEHXJnB&B*2Pj6hh z(CO$*fg;IBJu_R6F-e8KwQV?{0`;*iv$?&wNGxUvl}tHu&u1K&@O&08(zj=ewseDV zsHZm99^fsuVKW)LG6!n00ma+`w|Bbq``G{0SaFbq_w@rS?SHS|u>Zm9m(Te>PjaoW z{{^%Dmr;TB9Yg5`{vr-RWaAI$OYIZ#khPkG@-^J48z)wHc4v9th4kt za(9Jd z^o`{K;88b#?!N^DMFORq@((c?bcHDM^N79Y;1_pD!e{m1Mua`aN)HiA$XhF-)OoNv&UkAa*{1sWvwHSqo$50ESr8qx zm{~oJU2A+93nN@Tkk{ynneUQfwRkVS+RT5Y-u+)OiaVvqNfP2(ic>Y4WWiu+$*ZbJ zaoa4%kpyQ+G&ebRt9Z;^X^oL?CU`euK8dt@H7B@L7fpCrQ|=8HI<6a|E+4(n~OHqTMfILugDhISs2Ont+vAD=}+g!|2}J%hkDx|Mc?e|VTD#x=@2dTOyXSOe-R*;p0al&=?e6uO`9H6FyU+XoPjTHN|ED+^ zXq=Zn!s)<*ZPYhlJ<{9)U$*_d{5b6~4j}#)CP%Kae~Chxzpl@c#B46y(+jM!|5tm> z{O`eD|M~l`C%IY;{G0_XR^7R;S-TCj={!>EcFp+J?AOUZ{g^U#-BIgsAzhLAJ_=Es z8a6lB^N8*yEaGdsmp;zKe9S%-8}r2x$#phHUq;0#M}70oh0PG*o<4EbNfg|yqhrvysFgmHX?Hdf~U^jfO6q@A(dVI z*Rbz+;<1--=n%EeVZ@f1RZUX~Ws}#7*jKdt-9#Y?0ehJw)gSlM`zn3 zW8c~KW;Ax*l514W{)w)j-TvPl?H|59^5Wo8+E|hQ^K!Sp+qD1Q;Q9NnC%HD3fNwe{ ziI60U1iWu8@Y{=rU~+D0pgRMu2AKGKo@$Ibo612G_yx%fZy3K8a7^V{D&U7G`&0#8 z@f>Gk11{hEM;I*@7+G{E{elX#9nrWk8V;(!A0j#mQgT0tSQfyKZ!a8Y8}@&> zfYOy?pkcyB*ObJgirf?_4M0*^e=)AhzCYQ23!FtcWMmySO_cf(Fkg7&MtCG9zq3Ru z3SNt@USG&=CXk024X|s$a9m3&-{E!jr$Cq=c~z$LGgwG;>rWIn^cVxHQ`q1Z$xlX~7&zqf8V~ZCZU#63JPR`3B=g z&#LCD?=fRiNKR5!;c-o`q9QC&)JsSMLvq;d))KY0z<&KxbH)2HxMTWVAWu?dh}^^G3z{U=(rDmG7<;RME0*K6W3*8Bp)^IMgW8XcS_gdu2k#C`d1)d0 zr8JKZ&YhAQWemCA+D(_Gy^<{NP+8xioaGp@)F6(L62A%zR_suFZ0+KjXp=U_qK@f! z>+0pyXS=BC$a#vLA#@tslARq}!1Fx)>x=QA50dsn-187YD;_UpQjv&`+OELSMMiJ4jXv0qOGznd8i8dGE8t3jzajvZD$e?4UnY7@5 zP@)FH$)TQw>S&5NcH1HZAx$jOWK|&zgr?R?#`EZaRF$F$oG1(=rcqiA(V=F-Og7MO zNHN#s?N%D}a#%7uQy36ORit~VIy?XYHX{yZkqAXMorp|E~l99gIIhyp`im+0~IOyEKXUXf$@kC z%%>WOv=FMX5=Fx_B=l3uoax;`9sKRG3V{dO7ehpaG&PGESv^h(CoxLoA_peAXoY+( znUGVYynv^%f_9u+IL}Ez3G93vV=?Q8l-Hq}#eLIyT(G zs6R5)n(3j6VgtMS7Dk;rBZ^LqmLy>d5lKQ#NMmW&E0l?(E%hqE*}A?-TCNeOWO*wB z4?)pZq~HH$iB@rlG)MP9)7CuZ+%<8N?j*K|s$HX1&*4{;)`ZnoR6c*PRFpCGSKqD+ zyuBcwrP(TfObwhE zG(55AxzM9#4x`TfZGIVV=sOJE!(d-&<&b0=Le7xH1*8+uHbGX&S zpTaq;g`(S-5L)wm6vYONu5U^-tz&6ok0S9C4NBx(9d-12y}K&v^c+?5xLNb%@|u&f z+7A|qSJfDlH7a>D+J4uCeUQz}dFwbiTs{(i zTE?`M4VaPZ3Y5x^eXrH){Z8@ow-FE?W(GW(!AQsSc1bYu;0MNYIPe|E*^eahM4!|| z^Bwy?x|lVRS=U%cY(nkIe-5K@<;QGR3%Pxg=>O&=pW1JxW(%OUQZY!O4L<$}+uN5k z-QFI;ul7GU$XBQN-1EL-N58$O+-y0H>$=X>VRcOkWq>uF!}}jN4T;2Zr8+SWJhiZv mQ`Fm&lx=xee~km#=j-`;zMiiqy8b%=0RR7I4T2~DasU8?|CuuY literal 0 HcmV?d00001 diff --git a/docs/sops-secrets-operator-0.6.1.tgz b/docs/sops-secrets-operator-0.6.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..787bc6c8d416f6364c1e9ce3b07311c2e30345c8 GIT binary patch literal 8263 zcmV-NAh_QjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKJI)Xg>2-^c|fo+d3v^MwYGAY-Q_eB}LJ-EvYQUsdIf( z5{ATZ5Rn88fFqA%-`~E47YRP*p@-#cR{UUVNTAVZbT=A}MuXFw`y7W13+~e#GbAYM z?@bXC!5pQ@5BKm427|$??QQk{U@&O@KX|dT{loCZ&dV1&+b_1aUi~l_zTDn<^#cs< zqw!Tw!3APJ4DQ@kvvdDV9+Z>!m~le05zMwcl;`EoK`;zx z3i*Gv^K#IX|DEl@qx?U_vjO{ff{H|d9&?yb)-8{Lw*lu{6AckRv7(wF%a}X597;?lpj(}u>!kiWi1Wxk=3Csh}V_1pk9xXC4f+2u} zlP7eZ;!J?~3ZeWA-~*r1B8ecQLPAbyL?#4Bo<~v?H1mwIj41l5tNAmBI_Bo9_k7G6?A>Iwu z=*q!E4QNY&i75sH0+5E`d2t>~Ksb{O7>!_p5{@NSM-#XdtiYFWxOZx%F}Nm4B4LIM ztF9W_(;1O%D4_t9MUYD1I0D20XEVZRrnu8Gx(5c}a0GE4D<(chDF!+*SgO_pH4TBU zTc(EO5E(Hv1tpDvOn~P&)ckE5*isE_-G2jK9Om7GJEjqa1dVZ`^@BTxfH)_yB8Eh9 z7Vd_j=IXtI3z{CQ8UD$WZ$c2KHQR<9P514+$+a=x|CU+scVd%7|Q_ z2HLVk38z3ZsX{sC5Kd7R>i?PGa-@J}F4yUSfrJR5EP#y)mFK{Va4MUBOEPj*jB#M6 zh={^9%4$7vsuh{;tx(8KXp+!t$!HRKLNZwdMSn=uAf`B#4P-dPoFg`WuKLe#N>%SA z@3CYKV}=xMCIT~fQVqqEzyM8&;3M@nK$sUJ7!C%h`JLia+0nzTAKwzw#g7H%>(=lx z8sRgX;80LzM_<_!+`P0peq!tiD>|A*rF<2Pi1{AP1pXwt4U_{t>o&^Dr9hGG@?SY- z3dMme`|HuZY*LOU;*fIqs9Af##^8`&Wv-YYM{`2aUHCW}8 z(q;dm$%JG?%xjdfFH4d*CYHy>D6A1d&BAiN(Porn0ZGnx|GB&8$kd|sU-$aIT%Glg zPtFg{0`W=QVU4-U|0n;hum5+3ueKi7{}1u38vlzaPIAn6Ao5$gf>w5 zo+;ac8MQb=RsV}TO0-pg~yRKEo{r~=GW*A8vaGV9a~wVkyrT&)oJi|J12NW*F)_?StiFiS z7K}vRV7n%vt&gXo51Ev-Z90I;G7Af=H2`upwm<%%Iy3rd{V{g%Ea{@51n)G_bmbD) z+S?l=D3^p{0=<9Z{=e~F1DbC4CS14Z?;1Bc!z@L~>_^BURzq$0Mwe3lmbHgl)#)wl zoJ)KCx7p@_FUrA+LJYls_MmssyN#^TG^LsG5Uq=`F0DbLJP)o)0SgH2>($1ee@b&a zDWVnnB!I79y(v!8fKU616zkMAG*gw^7?6w$Y5yxob?$HkN)vOp+&1fmRc<^~#wfGi>s$8Vdt9Mq#P?l@U^@arF%qVoDkLtlV3{)sNb|85-rkr@7@FP4KN$ezj;Z z%JuG=o)w9XAwoG(PCVtf^r6>Nkpg9qk$k6Jk15Kz`f1wmKpN^}Q|8I$lQyuFW<*e_ z$b*nFOnDH}v<=_vEt=8|z_FUze6xYqZo@<}1XT=Fy8($@3)`hC{U-8%F_su)@lEx> zYWd%3$p6->7u%2W{}9g#`EQB!e`*$3Uoree)BrEWf8bCkO<)aGH}vE#*vTI}M_uNg zdacwDP4GKBkyL1_$~&}emBf-!SgHV4$$uQ?cU=9gvHsg?%KzZy_RB~4e~70c|4!u0 z`b)YF7~OF|mAKSaBFih3j=Os0^%swEnA@eJBME=!Rpb?(2Y+xmPG5X)385R^d0hMb z&wEzs|B_qp5DUIs{|~ozwziu3f9uub`Hu&AT&0fkoL6hPDg^s4W5eY*H1XXD2@$VN zB5n}5ZqNppjFfs!kqD=63=RPIs=9BkyrB$$H`pzjOzZL0PJ>REv?QsZ|3Yc9s9H(K z9~*jJ150XTxmUv6hBN?nqyZ$ZD#*(AtQkpPHPwo-FHw*{EP>z)WG*r6_ZmU!Vd=-W zWqAwRHIDMwHLwik84-K5Izwggwn2CDyPwVtR^?~YR=- zX^Nz@e|XX#ldR9DPoBdQKa~H5IrwiF^k<0mO<((Q9@~ERH(Q_jPkwh`&uCJl_^qU% z() zST0;L{?)FbDsP$Q(7`}e(E#sC}o$B069S6hXly$Bnx>(=7 zt4Gh)p)TT|7U`fv%XzOUKIPcVuw^Oem*Xyz8f*=$tnm?hBZ z$^OOh?%RXfN6=B|KQo$+8XrJMJsCe%=QmAOYtAV0*NUzyrxlWiCntw*4lZ_2Pv0Ev z?VcZ<9AE6cJJ>%sK0n%hbJm4=r(pN(qPT@lYb4i~S_jMHUr!HzIq9b53W;71iTbvD zN7;X9_%`m!2?27q&wKE6Jsa+s3L;sJQ2Xf43fz8L4WX;$4hmV~@BZIk-yK|>9~|!< zpI;p9ug}iqiH-#n6>aTA9mIHl`gj&J6ot_@S^s$Kx{R*vh1jIffjT~pTr%C;=O zCQTQUCyxy)4A*UC>n^QqEojA^S#g?+`94vHj+PN?J-c$5s#x8DE)CF$OwHBd9-XR+ z)ecmx?c!L?DUHKZZLaA!iKQRskd-r9O?YJ~mvrvot5tPXF}Lz$jhd5Ywbf)Vk6%^J zHhW6zuH>$@Xhcrbeb+S>ulrF0)bwO8@?tOEnEb9A5P!oB(pB;=Fcc>eD}o=yQjrBTP8U+<1 z%z3$M*mSU4i|#ru?Q7#p9~XQ+rk_g3e7Qw(Rg7^cl5&@$?!5EiNsPr4_jgVs{zQjq z3dDqUtRLeUW`7M8(k=giBq)h9%J4n3u}c154PLeKzYQMazaQk;fKwy{W;#`Y9&)&z z;ta+GNg|TPkfZPl#h8}~;CPYelnD-eijxH5gpT$0I?3Yaz;J>DnPJG0m^$xK7I_ffwwbU7QKZu(tu`wBh@`Gl&S| zUJw(}SO04Cy|G=T}0uo`=*X0=f!wY6Sq!CuIm4m?h`0-<~>7j8LYa!1}edK2wPfb#gtxS;*$O%28-SIYS$xeio5&YhyUjR z_W*9Ep1uji?F!h0OY&xRy2B~ylW&SCotRPAEy@VDK zyncJ;d7H5N+Zj}<97ifm+~pNP>7_$A2}&iPaTacrsj?rAcHaV{iA@<=Pn*Xp{)lME z19Z&;l%mfxQ;dSIcwenAM8Dve#RZ9Q-y}ow4Jhm3_0`d{sYsJ&-lj^?*TQ>2&c5p@ z38#RPgkE!qu;Mm3^%PuAYZ8(q#wHw|9(KXBS+T@am8j<>+B8YfTJ=yz&bd4(c$unC zvF}kP7>$Zh=QvWcsy_8Urc`jjP%bOnujn}}LNf`yN@<}%j{5ytpw=@mr+*B^#1zAa zUvQFE7#PF*nKcr?>~L!#J!P2Tj|JgGV11;@$)Yg~hFkwsFO@*O2>xj(qr}O!r@~(3 zhYiWHl5=%jB7Bg%+DVFnUlS2d`?A0@gSslMN!(dSqM#E8@V;Oe_fsT0-sb|16Rbgb zn>NRiWPQYWkzyqQbw)GktX{u8gDb3aI90q?!D!?Y(ehSHu33%ObIpaS50xlN9#nel zvUAWcVej33MK49j1q=XG;h=Zl@Jn%D*tHty{&u{>*ScFgmasc zOb(^VD5OkEuEPubP`XgKebj<*ACVjBa=&}a$7 z4vMt`FkN0*nGJkVLvFJ7r=jV*OPnPO54@n_$*1{;8*B zmY?f`tY^+Io@Z}Lz$lznHm&1(x%7RGh16p|DfasCy!`X`OF%3xblz|Zm&%+s#{6Xf zKT~Ei!9VxB-9%uPsZE+>{@h&VqnAf|Nn;eTHnp95fz*`(V>+vu+#$-;4L^2jzn<#V ze{GSXlf*Xg_z&3JJSX|)<_P{}?zXTCQ#<#3aOCLsr_PUOp6C0%cd_p-N1-yX#&h`a zGb1q)xLTx6^ou~Qsl^m4&m^JGf{VY#UhMaHx?R<-Kio+;T{SY|8p9Id7uc*r7GsXgyS-#Xn_|7P?eXJCtT(r9}Bds6}Ii)a~ zB$&x{kUA2qwwN)iWk{V3f)~NS18tQOnw^srbAi%)1X+V?j^p_6TRpl6>^cV;f- zX4E}5QFAos&S8dxaPhkF;SJ&XW1bWYCAB`P_i7D#TtW7=qeguqSzIKDxs^Ns9#V;N znTtqWn^cS&X9slOO{DY;B_vX$*B@z)v)$99_b<-EDNd0Mc&S|sS@l60`N{>O3YXJ{ z(-YV|Ju)zICRL6gxOVuwWJV{Vy4KngiH=F0tCI|ysY<_-i*?<)TIvuk*ZvIi^4=5I zeIqU045-Qu6)1FWHl<1jLU&@i9IWR2S zfFg6CnHdeTnNf|Kf*Jd^f`%r#KI{NI1~lLeUuYl zA)YDe3({z#9PTF$rVVD+kK)yZbe9aP@Bh=)%nGg~ubuAS9h{w4?hQEvb($+`SJik$ zcu6RdO)%2~r@RIdBF>_m5_2nxUP9DB@?xA4!OPo8K+pj8loC>_gFKREK>$Y??4cAV zdx+z2PIgIQ?n{!cCcLXV>jgEns?!EE=L<(j%HdlBsU{k@^zcK31tN(%B3)vrL{TMw zzM3_UH`SU{-tE^ZZ)}j(YY>4`-aaMO3Ft`Rw8Xu;*`U~Py5>i$lSa!RC{Uua8thG@s8-Vx!J+x9xGJKIsJNGvAukifhjv5L@ z5yQN*bNA0At3-bHn%{@Wcgg$iZ)Zy0JGkMNV~^MZ{ao)7%fK&VPIliNS65TEpA{p9 zuK7jI=!7J<8}aX=i*CUt3F5+Tk}lS2?el)^*S{n zTVISP`i-!tky)xGInZjoD~W3M!bs*0BX8#rS+h^g%!m)uE1jlN_C*J(3wl4jS!~4B znpZo&N_yOT{#qC;;o3F2tUj;CrK8n(ev1ZG95QQ9^Z>qMo{rb8+*Pog!YRp)lxBe8 zT8g|2CBLchR;p#~xm`mstAaHpM8_Pn*{yZ6@suyOYjhd#T@SIw8C*|$vzP14NsU+4 z4uU?vu~oe@&VKFAcRuSxpHA?xq$g$S5U6@nQ5S_F&IOK+n{NG{&a`Gd_UdOyGp!ob zmB5~cilg@y8~O5kZ~T~N(fMyKs@%^P^5-2AK(E;U+u7P~?*9$8AMbyCn8){hj~7Hp zNot3}tCQ5+6R!Q`LoFw`=LvlqxVruuG#&9T<$f*60YLiDv58@oN zD$A!2guiZVM9@hsC3RJ>+6!tHxB0AX*(u^ST%e}PRCJlt+Nujq@2yW>p=@rqZ1m3b zOkGo-MVNI}_q4WGvCg*LY7f(SVJ;CV-?qqtKNhIw>dlv?TQtcBwTyQj^II2i+4(x? zn(khf=-KJ$qQdU&mcQU6T~XZ0`m~@|i)xk=g^EtDyBF(Mh;~Bv2f?er@QM|TI;Y5` zQW>4Kl3~_^@ogDMwiejd0w-1aHy!cSL%1AaOS#}7*>oAwiYIJ#`o#k;HKGl0a!TKD zxN0@s-fBg*q-`7Fo7G$ARSq-v)WHZ|-Y0S|HI*8tN=t;Br%g=<##rZbgYn#wZqdYX zAj_@IF)j{Gsu=-oqC_T&isj*)Ch_XQ`%YlPI2^&pj~~kyVT4EU`Sa(SlXrPPma~5o ziy9_sY@D+gRq%MHczS-ae=^cn+J{mXNp7Q) zG9S?L)I!hxk``D8+1htV+{iLh^iwC(Ga{-0@n-KcD(v}B&>z;hJ%)2;nrHk&dgd18pk<@YetPj;to7f<)B(Ds!Q0xp{YVn zA4)Bc%&qLr{i0uitl_`(@ZiX`x$oF?byYfr)SrGOSa9l%)lV<*H+QO9i-^9y=FqkjXI>r#dF?8;sR5g0-6d2Ar{w zKqEtw29xU~()x%^%bYetsjUvKk37{X+^h1d_s_kVWD$?WVP3;$nHmi98>zwD4vUMn z{9Rsr(H^SBH>2EN^Gnpthl2 zCzMuK*tqG`)48+%`CWw7p!YyRDqAvsX>GCKYz8yLstK{0=gbgspf;1DJpp^a)WX?p zxs&06FBnqvF?3mdUy$)+Ow<%@b6uk-;w!4!7QWZ?jkDQ@;qS`{f8#5Y*10gLPG0At zql%Jw+@Pc_wUB5JGz;H=Xq`7WEt;XVsj5$ewm3PaGpz*D|`{(%N{Fj4w7wa^HGAgE+-MF>CtqSUD zdJ!R4VzBCJp{tHjbf0V$Gr$do{eiGu#8KaSgZ%M%d>)_2=WqJ_R{#J2|Nl}g!!7`_ F008-=G(i9W literal 0 HcmV?d00001