Add git repository verification

This patch makes sure that a cluster only accepts commits signed by me, this should prevent a compromised GitLab from escalating privileges to the OpenShift and Kubernetes API and therefore the entire infrastructure.

Add git repository verification
64ac269e · Sheogorath · d67546fe · 64ac269e · 64ac269e · 64ac269e
Verified Commit 64ac269e authored 3 years ago by Sheogorath
--- a/clusters/okd4/flux-system/gotk-sync.yaml
+++ b/clusters/okd4/flux-system/gotk-sync.yaml
@@ -5,12 +5,16 @@ metadata:
  name: flux-system
  namespace: flux-system
 spec:
-  interval: 1m0s
+  interval: 5m0s
  ref:
    branch: main
  secretRef:
    name: flux-system
  url: ssh://git@git.shivering-isles.com:2222/shivering-isles/infrastructure-gitops
+  verify:
+    mode: head
+    secretRef:
+      name: pgp-public-keys
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization

--- a/clusters/okd4/flux-system/gpg-keys.yaml
+++ b/clusters/okd4/flux-system/gpg-keys.yaml
+apiVersion: v1
+data:
+  sheogorath.asc: LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkYxdnFEVUJFQUM2RGF0K01hcXlkWkhIeEl3Y0h5Yk1TMFBBaklXZkR3WTcxZnM4SHBrRG95SS9EM2dRCmZmWU9pWGE0ZUpMS2ttb1Z6REpTcHQyWUhNdWdEU1pPWHFiaGFUcnB5NUdaeGw0bmxCaWxCc2FkYmpvWGQ3Z1oKbTVhdlRWeXJhTlFNRU5Yb1c3ZTh4RlRCMGNuY1YwbHYyemttekU5K0xUNDhXbnJoWm43MXdRRm9tNTFabVlZdgpmeXd5MzVHNzc4ME1pR0FQdy9vYUdFZSsxbjk1UW5yL1lFUDAwQjRLcTJUU09MOW9UY2N2RjZQKzVmN3FrNDBTCk1rRUN2eWJjbmlOMHNUdXpUSFk4eHU2TU4wcW1OZGRlWFBLNXkrOHFZcVRpUVl0VnQxRndyTUN3QTRRTGRvSnkKQThzVnppNmpkb1VSb1FsSkxxcWJyNjV4Mm5VaFltTzBDYXZBR2V4R3AvaldtU3FIUXg4R3ZuQWR2akNtQ3pFYQp0ajFENERxSUhpTk12SXlsVW90SEZpR0hwVGZ1bDVGb2FEbFhxbmc5QUd6QzNzK3A5aytkOC90L2wwN3BBdnAvCnB1WDVGdnh3Y0xwd1lJZmpKOEFnSjF4SzI5MlJSbVpxbERwOGpEcWlqZU1QOUo2dE9rZ1FXMGdSTGg5RmFBNVYKVG5zT1M4ampmYXU0ZmxmTys4NDcvcWM3MFJTSC9QSDBUbDJ2ZmlyQmF5MUN3cUJMUkNrSzZYaHRCL1VJQjdUeApEUXRzbjlvVUV6Z2NOeVV2aXlwRUhvbUlBcWg2djN2ajd4UVQwcDMrUVY0TWd1Y3Z6M2Z1ZUgrSlJQS3cxMUN5CmMrMjI0SzlmQnRIY1Q3N3pzcWpRcllSa1Uvblo5clRrbkhuVzdWMXZ5UEl2S3BIOEsrSDhFWTJxV1FBUkFRQUIKdEN0VGFHVnZaMjl5WVhSb0lEeHphR1Z2WjI5eVlYUm9RSE5vYVhabGNtbHVaeTFwYzJ4bGN5NWpiMjAraVFKTwpCQk1CQ0FBNEZpRUVLR2VSKzJaSVU1ZDEyekc0L0xtTUtqN0c5Z0VGQWwxdnFEVUNHd0VGQ3drSUJ3SUdGUW9KCkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUS9MbU1LajdHOWdHZUZBLytLei9BQkRZTS9NZFlrWmlqMTdabVprdDMKQW9ncEw3SlorNmJEL2RrSXgzMVdhdXhaQjhTSTZBZFQyTjRqL2dVYlZ4NHlLM20raFZadXJBd1F1Y3F6WWRnNwprZzgxRWdMSVJvakwwRXZuVnB5WU9INmJWdUVYall6R2ZmM2F1aGpCek1SRyt0b29kUXhDenY2YzFyM3dBL3UxCmYzUTQ0ZnJUU2t6R1k4L2tjUU54ckRzVW55ejVvZk9LaG9DdGFMRmN4ckFrb0hLaTV1TmJZajNzV3R0UnFkQ0UKendacEd4YVhpdm5FL2IzR2c0K3J3Ymc2TVVyaHJwUDdnd1pLN2xCN3FONU1aWWpsYm1ZM0hkK05DR2NxT2pobQoySXFqWFFPWi9GVHFhd0RmdGhsNHh2dHNHVmxSL0I1Tzk3R2lRYzhzYmtxNk1RRVZ2MkJTaHlmd2FuWjVTUHA4Ci9qU1oxekp1ckprZDh1ckNMZUpYeUpjdzkwT0ErRFJ6bjhGUXA2WDQvSUI0dnl6ZTBIVUFzTHAyLzdURkNFbGsKY3hrcVdHMHk0Z2lGeHhvM0c5WVpoNHVRbVFaMWgvNXV4dXFRM1V4Nlk0Qk5GKzFxYy9UWXRXSVh2Y2NXTEJicAp2RTVIRGdhZTRKQjFaTkcwUUg0ZklyRlRTNDhkUng0bEZZS2l1OVJIeXFNNFJvUE9xUTFpZkU3RDBDcEpaaGN3CjNOYjk5ZTYwM2pUU3VPaFVsVHJHOTdtY0kzdndRVnIwVmltdzVBZkFTeWNsdFhQeGQ5WFRKcCsxU0V3Qit4WmkKYjl6ck5TdGtxbWJXTEUwUkdyQzJ5bFl1Q2xZNHl4NFMvTU1xQ3c0bGR3ekNCL0N6OVVLeXdVd25GL1pDb1ByMQoyWVRGeU00NU8yMzYwb0xsV1ZPSkFqTUVFQUVJQUIwV0lRUUI1YlBLd01Kb0ZrZ3ErMGdmQmN3Mk5jM2YvUVVDClhXK3BQd0FLQ1JBZkJjdzJOYzNmL2JhWEQvNC94cWZuNmdJUnZ6dWZsOTFFZHVKbFVldG9rbEsrV0F2elN5MHAKZnVRTEVTakZ0TjkyUzVid3N4ZFZGN25NVjNEbGVEQnFwNDFMRHZVaDZSbUkxT1NHa1F6WC9TZEtDL2tVNDFkZgpoRktjbmk2OUh4U21ETzRIVGpSNXBYdzZmN1QwVENmeWZBYkF5WGhuWDQ5T2pRVjR4NFpCSVdoTWs5aEJET0xJClRzQzlXTFhJSGpCcEFLclZobCtRM0ZmWkJHbDZZZWpUTlRPWXpGcGc2NEVxTDJIaHUvYVBpV2RieWRJeW9ZT0IKOENoN2pCZ0tMdEFrZnByR1R5Wm9DM2hSTFZmT2kyN1UwcHp4MUZOV1V4bXN5cGxld1RqS0dLbWN1aGpJWDRFTwpUZ2xmWlJUdjh0WmI2eDdRNzZyaGw2bGJCakdFcGJFQmd4WlVwL2c3RURFZG5GWXVtWmUzL09lUktCem5QWVc0CnMwZ1NoR1lEWGplODZXMWM3MHY0RDJ3d3lDVUR3SWYyQ2hqdm5Yc3NHWXlzRERUVW4wamRNQXdMYUlRWXpWWUcKaWpMR0I5V0hVdEpmTG9RRjJzclI3ZC90Qk5YZkxlVjFMSEllREpEdEF5SGFXOC92cEJWeHllOEtVWGZHYnFSbQpwQm5BMmR6cFhOL1huS2pOV2JtbjhZaXhXd05zT2RMQVBkV1FnU0lKWkV3VnVzby9nQlVLN25sdFZ2ZXFuWHNtCmpxYnEwb0JNT0REcGI3cW5VNzkzT2JSbVc2S3VrMWJ2L1pQN0pWaklnUmdXdWttcU5oa0hncjNQU2txYThLTVIKcFVKN1hsaHZlQTNHcWt1eUlWeWh0VGJERjdjOUlyN2htcGtBZEppT1VPTVVubWpla1I5QUE0OHBuOUVhcDlyQQpLNWZoMTdrQ0RRUmRiNnBKQVJBQXpEYU5NalBWY2tVSjR0eVdGTitjOWl2ZnpQZTg3ZGUrZHZPUmE2aUlGa1JyCkJWZ2k5ZjRJU3lyWnpNTTlmZzdURHVuSW5RdWs5eGtCZjFtQjZaSFFBMjRFaHRPd1ptWEN1elhZNTRVMUNMcTcKNXBUU2NoQUlOOUg1dUxIZVYvamlSWHJEVjQvSjRjNzgwVXNLdnB6ZWZQaDl4T3lvSTV4ZjRIZm5CdnJYT0Q3RwpocEk0R3lFaFVWeWpkaFVoVEhtVUt1YUR6Z3J1emhRWGJLN1o4a2VTWG5ITkNHRTgvbldiTzZ6Z2tIQ0NVY2F5ClNmVCsrVU9iamU5TTBoNTR6a1VmTzRISzNmQVBLNWtwZ0tYWXMzQkVDcWdJanFGSElLQzR1SUtVeXRZRVYzN0sKN1dmY1NnRGo0UmJ5U1E0b3VHMjZjSEYrQ1ZkSUF0WjkrTDFuYWVQRVUveDVnc0NlYllyaEFwVFFYQkJKa3pEdApyMWN2OFlMaHhUTCtVODFyb0JvMHR0RjhuL1RDMFdtcFFOT0Z1Vklxa29LN2hPNHdScWVMbWtZQlNFSnRsbHo2CmxremRJdUUxV0xLRm4zeUFadS9Qb3Rzd3RZOUU0dTZvZklucXBWUUhsWHFhUTVteXVpa25VOFVtY3JIOGhkOEUKTFd5L3lCN2FIWkQrMjFaZy9nOUo2VTBpYjAwZFBlNDVFTVl5Q2x1OTZrQ3AvOXRVTFRoYlRaZ1NxdU5xMGg4Kwpxc2lIWUlxVTFlM0kxdGc2Ym4wOE0xZ0JRbGgrS2R5aUl5ZGZhVUpSVmtjNjRVaC80QjlhVHRSUERxQmdYNmsxClhQUjMybStyVWpJNHVqdnlSSytaWHVNbEFOMkloOUh0MzRrYVFud2ZWanE2cllMNVkvK2FlS2I4T3hvRmFROEEKRVFFQUFZa0VjZ1FZQVFnQUpoWWhCQ2hua2Z0bVNGT1hkZHN4dVB5NWpDbyt4dllCQlFKZGI2cEpBaHNDQlFrQgo0VE9BQWtBSkVQeTVqQ28reHZZQndYUWdCQmtCQ0FBZEZpRUVYcWY0R2I1LzJRT2FhNzE1eWJISUJ6ZTV6aGdGCkFsMXZxa2tBQ2drUXliSElCemU1emhnZ0ZBLzlIdzlQU0M2UlFMSDZxRzJTWTRkeGFiTnh2dUZQTEt5ZHMzdnYKNFQ2RmFPamE1ZE1OMmMydVdBSXRzck4rMFhOUi90UzBZcXhWS1kwaVFLZlBpallNdDE1K1VVZ0NReHdVcjMrUApvdTRZRWtzUjE5c1dqSTM0Y0J0M2ZTUVlCdmNpUGZpZmQ5RXFiczhja2xYVFBXa0JNRFNGVEVxdXJoWi9DNG04CmwvWStodE91bWtxR0lTem1mOGVDK2EyeEJEL25ONXIvZ2FTeHZ3Sk9uak1WbloxeDVFcGZBdXJyNWlrTEN1bVMKVEJFdm5ZR3IwS2VJY0UycmJWTXIxMXhEbnF1VVZJK3FDbmtQRXpjakZSa1FqY2RoL2hVSUJLSFkwdFFkN3BuTQo0Sndsd2sxSjV1ZzczeWFGZGUrdWJSWnNkSXdUSkRKYldpdDJsem13NTkvTS9RTDFZVEtBR1pJWUx4YlFva01VCi9WUjA3WTlhUDl1bGhLOW9XSWtCTUY1bFdKZWVBS1Q0NXZQSjBILzhzam1qMnBMYVdDa2h6YkRUVHZtZEFpY1gKVjlLekhkbEhRcU9QMEhFdGd4ZEJwbi9yb2VHZTZ3clZvbEdIOEFXSkd4ZGg0dllhMk9Rak04bFBtbDRmTHNSMwpOSmZrYi93c0cxV3NUMjB4NnVGaUo0N0VZYVpWZThRSjZ3bG14L1VEN1I3WjdXY0NGRDY5Y0t3ME4wSzB1SnVKCk9Ec3NtMTdzVFV2L09hckdhdkdzS2pLamdVWTN1YWRGaERpWUFFWXlpVHIvTk5tTFIzOS81N2FvcTFTUEc3czcKSUh5SFg0TkdWbnpCM1RUVnBSVE1zcVk4Tm1hcjRtMFJWVGNIOU8wOW4xRTlSRXFnUlZPTmNEdE1IUFVrQjRydAp6QUtYdnc0a25BLy9SNkt5Z2hlTmJBQ0lVcVVNem5aT0t1MGg5TWg4Rk9sYnlUdGVqai9ndDZJWXppY0JKZ2hOCjR2UThTUzdXZGZhajE1dGZ2OVNDY1RVaFU0RGNXd3RsMVdlaUYwcWlkY3ZzaEpwWjRVcE9CVGQvOE85WWhmK1cKSVZYZ2M1Vks0eEJVWjZPb3pmYm1SN081VmhSYXVrWTNQV0lqTkc1Wmp1QTF2c2YxeEhyaG9Vb3lFWVFMWTdSQgpvVHpXVEFwVnBuQnc1VnBVdkI4K3dUaWRBKzhqNjNBUkUzV0F3Z1paOGtOSUNOblFQM3JVS1lCTmZVd0kzb09MCkNQVmhmeUEwYktSOG9TTjdaTFZibzdyRUltdkJUZXE1QXRINkRkSFovMTB6amNjb1NiUFdtL3Vjclk2eFBEay8KTlk4clV4SHltTEtBWnl3dmZPTWZTUjc0UU9aaWwrdkYxMHcwdkx3WUZWR3BKblpwWUpPMWZzWC9LNm92RUZtRgplYWF4cUFYYzFmWUowdytqN2xFZnpaWTZ1Z1RhK0xQem9wbm84dFFpbnk3dUJLZTRDanVrcEVMM3FkOTZPWlNJCjlURDZTZ0xnckdYT0h4SU56Rk03TXhqNHF2akNQbms3TnVVNjFmS3dNYVlTSW5DdnRJTC9ReWRkWE9nNVNJVGEKOSs1WW5EcXJ3S0lneG12dDRwYlQxY0gwL0FNL1FKUzI0ZWJVcEZ2SEpVRUVWZXNtU1FLUUU2U2VSakZkQVNNNgp6UStpTkhYcjFkQVh5U0R1eWtlS2VzKzBvbC9pUm5ZVUVUOVpTazZ1eGNIUFQ4NlYwejFjd2NCZmgxQ1VrVXhsCmhHcDdrTnYvS1BNcDJkNjQxQmw2bHFYVVNDVHV4Ukl5aVBobHBlQ2NwTnl0THhKcW1xYXRSQXFKQkhJRUdBRUkKQUNZQ0d3SVdJUVFvWjVIN1praFRsM1hiTWJqOHVZd3FQc2IyQVFVQ1gwcFhrZ1VKQTd2Z3lRSkF3WFFnQkJrQgpDQUFkRmlFRVhxZjRHYjUvMlFPYWE3MTV5YkhJQnplNXpoZ0ZBbDF2cWtrQUNna1F5YkhJQnplNXpoZ2dGQS85Ckh3OVBTQzZSUUxINnFHMlNZNGR4YWJOeHZ1RlBMS3lkczN2djRUNkZhT2phNWRNTjJjMnVXQUl0c3JOKzBYTlIKL3RTMFlxeFZLWTBpUUtmUGlqWU10MTUrVVVnQ1F4d1VyMytQb3U0WUVrc1IxOXNXakkzNGNCdDNmU1FZQnZjaQpQZmlmZDlFcWJzOGNrbFhUUFdrQk1EU0ZURXF1cmhaL0M0bThsL1kraHRPdW1rcUdJU3ptZjhlQythMnhCRC9uCk41ci9nYVN4dndKT25qTVZuWjF4NUVwZkF1cnI1aWtMQ3VtU1RCRXZuWUdyMEtlSWNFMnJiVk1yMTF4RG5xdVUKVkkrcUNua1BFemNqRlJrUWpjZGgvaFVJQktIWTB0UWQ3cG5NNEp3bHdrMUo1dWc3M3lhRmRlK3ViUlpzZEl3VApKREpiV2l0Mmx6bXc1OS9NL1FMMVlUS0FHWklZTHhiUW9rTVUvVlIwN1k5YVA5dWxoSzlvV0lrQk1GNWxXSmVlCkFLVDQ1dlBKMEgvOHNqbWoycExhV0NraHpiRFRUdm1kQWljWFY5S3pIZGxIUXFPUDBIRXRneGRCcG4vcm9lR2UKNndyVm9sR0g4QVdKR3hkaDR2WWEyT1FqTThsUG1sNGZMc1IzTkpma2Ivd3NHMVdzVDIweDZ1RmlKNDdFWWFaVgplOFFKNndsbXgvVUQ3UjdaN1djQ0ZENjljS3cwTjBLMHVKdUpPRHNzbTE3c1RVdi9PYXJHYXZHc0tqS2pnVVkzCnVhZEZoRGlZQUVZeWlUci9OTm1MUjM5LzU3YW9xMVNQRzdzN0lIeUhYNE5HVm56QjNUVFZwUlRNc3FZOE5tYXIKNG0wUlZUY0g5TzA5bjFFOVJFcWdSVk9OY0R0TUhQVWtCNHJ0ekFLWHZ3NEpFUHk1akNvK3h2WUJsdVlQL1JpWgowSUkrUDFsM2lJaTNtNlNySFJUdi9VZWpZNkEyelF1aEJCQm1uQUM1MXRHRmNuY3NWUzVVSkRwVWtKT1YwTE1CCi9Cc05WVVhvMFJuc2hqSEpCdnZRZFFCRitpYVBXSjMxNFNWaWZGTHQ0NFlURm4rMFp0UU0xc1ZkV2xEUW1QTnEKdW5HTkFiR09LYTdtU1gxMVc3MXNiS2dXUTVIZWIralBJLzJiWVNvZnVmMG01TzdHRStyekptK3pMQXJMdkxmawowcitCR2xsQng4aU80aGE5TnUxb0YxWWZqWG11anFiYkRRSXplL2V0UXYra3U5bWJUWmZwcVpzNzc3TWtqbm5hCkNPSmd1bEUvZnhwc3pLOHUvK3VmQ2h1S0dXbENpUkxZVU04ZHJIaFNNaFBzMndRT2V6WFdmelprVWRiOWVBU0sKZ0NqeUlKL1ZrN1pKbURMdi9XK2hTVXdtdEEvK2p5UE5VRjVBRmRPaElQdXRnL2tyVE9KV1k5WTQzRGZuRjZxbApqV3pNNlA5THJqaEwxclFYYUhhTE4xZFZyeCtVWXdPT3NIbkh5STQ5NTlSK0s0VTNpSE9zZGRzVkJNWktCSHc0ClEyc3FML29WM081YUJhNlJlU0NMN1dSVHVEUFROemVUcjQ0MjR6dnpHNzc0ODJYcVZjcEd3bUhrVW1DZERDWGkKTnZmRURPL1B5aUZoNmszYlJiSnd6UVZDZ1p3em11cnZTUWlXMDFHMHdMbzhxOVU0dk90UUJmTTBDS1g4Y0lRQgpwYVR6UXFhaGg3blIvQm8xME1OTXlQZkgzakZ1NEVYUW1OREFaSDdkNmNCZkRyNFBXMnAzM2cvT215NEh4UXdYCm1JNVZyYjBVUXlxQzdYV280Q0x6aGgxUjczUDlJRGVCZGNQRmNDOTN1UUlOQkYxdnJ4UUJFQUMrNkdLU3lNdGkKNE0zTUcrVnFjbnIzZUJGdXdxVGdpYWhtZEUyVDF5MWhQSTZtS1BoYTNWUzVuMVBOd0FLZGZNSnF1VkcrcGE3Tgo0b0srY1JjNElKSVZybWlNWVJXWllSaDU4Lyt3dm50cUt5YmdEOHdlb3lIYVN5c1VGSUNFUk11Q29LMTJ0a2w3Ci90cXVrbEJjcWtFMEQ0aGtIVlhNY3U4aFhTSFg0aDlFNVJyWGdPY1VqdHBYVlZNTmgrQi9TcTZPT2NCL2NrOE4KeU5HWloyTm9ER1ZkRkZQRlZHVDlWa0grOWpmYmpFL3RRNEs2cTZDV0pVNXBYTXZjTWMwQTV0V1VPdFNXdXNlKwpCcWRwVjI2QTEvTzZ4K2lLTWcxbGJtY3lRc0xIbFRVSFJDS1hjUEVMYVFOZzVrSUliRzk5OW1Gd0dGcW1GZk1RCnN3UUM2bGY2ZDZyN1QzQjNvRnFScEdsREhyaDFXZXpNMFY3YkI1NFAybWZFeExxRlYxcm5zc1FGMFA1Zmk4YkgKZmJ6RHJ3OEhwVHZaMEljL0R3OFUwVHJpTVQzeTJENTQxUEJ3MmI3SHBMZlJmRlYwTEdDNjl6Ty84Umg3SGtWawpILzY2Sm9NckVNT2VLa0NvR2tvanVPeG9KVlVZVzJpUDBWMVV0d0RieG9BMUdSSmQ4aXhLOVNnYUNmbFZBUDZrCitvK0YzYm1XZ09jUWxOdU51RXFlbkxSZjFxUWJpY1k2YVVTNTg1djJtMW9tbGg1Y1VxMDArZmVZYUQ4alpjemcKSTNzRW0vM3dkS3MxVHJHUkFPUHgwTGoybSt0cXByWXErc2QyODNObW00V04ranNQa2g3MDNpeXp1NDV3TkpiUQpmdTBiSGlCTmlGNkt4Q1N4OWtyQTF1Ym1Ba2RCemYrcDN3QVJBUUFCaVFJOEJCZ0JDQUFtRmlFRUtHZVIrMlpJClU1ZDEyekc0L0xtTUtqN0c5Z0VGQWwxdnJ4UUNHd3dGQ1FIaE00QUFDZ2tRL0xtTUtqN0c5Z0ZHK3hBQWhjRzYKUWtSOXYrc245YTZodzdRdkRmeUFXMGFhMmRVSE1jeHpsdG5RazdtVVBMV0dHV0dGcDdmNnM3Z1dQamZhUFIvegpTTG8wSFo1NjVMdUZ5d0F1VXp3UEE3ZkpNbzNrYWhQTXRMTVpxbHF2ZjlhTTA5d1B6ZnZIbDArT05WUVFLTldnCmZac1hjRkNYaFB3S2xsV3hGb012ZWdPNSsxUGZjbE1qRFZDVW40aThzQVVGT2xTVVpqczFiemdhTVJpd3Z3SEQKaXE3WEo0Z0pBdy9TdWpCc1NXVkhFaUpOWkZLNXN2UVgwelFBNzlQZnlrOUtiZkNQTXRwSU14MDNOb1VONy9ncgp6VUVpOWRaS2MxNWhnZGlyWWZTUTRNNjdKMkFnOGpla2xHWmpsRlpWeU9JMFl1SzhHYm5TckZwTzc5aWtOS1dpCnN2MFJQQ0pnd2hlWGVDQTVFK0lVamsxK2czV2hZclY2UkpSMG16MkZWaFJpeTdEbW9IcWNpUVNNNWZoRWlrVkMKTHM1S2ROSmFlbWVPWkJkMXhPaS84UmQ2ZXdqdjVaelAxejVjSW9pV09KOFoyN0RCSlpsbk9yOTUvSnJGTkhGZwplemQwRVFvUDhRdGl3SC9oOURsMDFMUGIyZWpWRWJNd0hBbEFmWkp5Z2RReXlFbzhmSDYyRFErTjU4K1hzL1FTCmpTbC9wcjJoRVd4WlpLOE1FaUZQWklRZk9lS0IrMGl6SDd0VnJqL3BCYmk5NEhpSXJqVU5rY3JWQXZvTkNiOU8KaDdrV0YzVFJJQ3NKOUFZT0ZrQzlualkvTXdDVFYxUW5aRUtXTDBzU0JEQVR1RkljN0htZ0RjZytsUmRVNVhSaQovTVhqeEw2UWRYYjdIeVhuN09FZHFsUU9iV2RmS0FJKy9na2U0UEtKQWp3RUdBRUlBQ1lDR3d3V0lRUW9aNUg3ClpraFRsM1hiTWJqOHVZd3FQc2IyQVFVQ1gwcFhtQVVKQTd2Yi9nQUtDUkQ4dVl3cVBzYjJBVElKRUFDTEsvWHgKVm5UKzFwM3N0d1ZDSU1TMTJxSzl3SmYzYUpzVmNUTnIwNlIvMXl4SXl2aVRMSUlnek85N1Bvb3RyRmdxR1g0SwpRZytlWVhhMGVaVlpNZEgwVFY5MEJHOWRrK2FjaGx1L3N4SEZVbkVUY0s0aStMVDlRUnJUdkFIb1JqMmhCZUV1CnJKVnJmYVFDZy9QZUx6eituR2IxMXZZWFByL1crY20zdUtQTUgyKzFOWldObjdyUzNpd3V4MlJYNGN3ajJFSGEKRCs1Z2N0Zytac05iZC9HRGRUa2QyWmttSEU3MlpNT1k4NHBGKzdVWkRoL200UmMvQlJmS0hTcDU3eTRiQkJnOQpoalQxVWNGd2RzaUdGUGN3Wm92UkIwY1k1YnhZQVRnNmVCclIwN1JGUnpQN3JpbnVrWFpHR0E1cTF2N0JSZi9VCm9JL1hDYzNUS3dobWc4Sm16SGlMeDBSS3JmRXhtTVhubXpScUhHTXd2QTVEakVITHZYd2VqOXA3Ym80ejUxcTcKYXB1VDh3dERWdkRuVDJWdmpxQWNkcDB5dFVoZjM0ay9ITWxoeXpDbSs3Y2ZreHFra3IyV3JiMURHWEtCcGhTYgpxOStrMGVVQ3dGTjVLc09ENWNuVFVNa2xMM0w3ZGkwaU0zQ0t2WE9BbDFmQlY0NlhxdkkyUnFzRTVOS0MyRmVrCkpjbWRmVnVwZlgyUlYvMVdHcmRSUncwZkVrckF2cDgzYlNVOHJUU1NXWGhqejJJU3FHaU1jdlJBTnk0MzlwTkYKY3c5Z3dTVjVYMnRyaGh3QjNtaXFPc2FNekNJcmsvYitaQXllMlRVWGd4QUZHQ3VORzlhdktzT1I5N2VqbDRhYQpBODVvQ0JxQ1Nqamg0c0xNSzdDcGFGN0o0SXo2QVFhUFVmYWpJZz09Cj14ZnhJCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K
+kind: Secret
+metadata:
+  name: pgp-public-keys
+  namespace: flux-system
+type: Opaque
--- a/clusters/okd4/flux-system/kustomization.yaml
+++ b/clusters/okd4/flux-system/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Kustomization
 resources:
 - gotk-components.yaml
 - gotk-sync.yaml
+- gpg-keys.yaml