Skip to content
Snippets Groups Projects
Verified Commit 7f767952 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(openshift-ingress): Switch to api token for Cloudflare 

This patch replaces the existing apiKey, which has full account access
with an API token that is restricted to a single domain. This should
help to reduce the blast radius in case something goes south.
parent dcd8e91c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
clusters/okd4/openshift-ingress/credentials.yaml
+ 3
3
View file @ 7f767952
...@@ -5,15 +5,15 @@ metadata: ...@@ -5,15 +5,15 @@ metadata:
namespace: openshift-ingress namespace: openshift-ingress
type: Opaque type: Opaque
data: data:
token: ENC[AES256_GCM,data:suSZx5FJ+TDoAHB2wlnWqKs+sE9JCcLiK/GrFSiXqXMCukKJmorIT7QELgnHCx+s8bItVw==,iv:YZCEccpslvdhGMmI72Yi73NXc70vIe/GudcVD/EPZLU=,tag:Up0vdlaQ5aL2JIX4upur/A==,type:str] token: ENC[AES256_GCM,data:WegdVaHNQhN2VWfzc6LuSVJ/JCqAYMD/kycEedrZxNIOLkhFc/E+WCi50mx5Sv6A0UqVo7f2LbY=,iv:q/QWZouLRrdP4UjbGVthvymbeG8Pfg6nczESNYzBK6U=,tag:poUE1TSwmnp4onvVF4zAuA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2021-08-13T23:42:10Z" lastmodified: "2021-08-14T23:59:48Z"
mac: ENC[AES256_GCM,data:HhZESbkZWNL/VJJJeODJ/ij/sjq3sKSmcYFZ+gPpIiatJDk5dTOFjNWrpusYKzE/eB8ZSNIvjnLBtqoMl9qdLaYQ1QZy6lfoRSNa4kU/Fum+BGvZo6JLYKjj4rVolGLKThStUeq5NTG7MG6nG1IDzDo5n+Q+SyjJe2k+pkEDifg=,iv:mTLruprmTzKmpyScfMSLu5POLRfFuPfbDAn4MqCflAk=,tag:0NCryO9SZrSXASqGxZC5pA==,type:str] mac: ENC[AES256_GCM,data:YhmKLWEDhmdLZdr1WYHAobkYVfo8q/do8tN83bYLQmcnchHeSjPdiHJ1FU7KvFI/E2hXGPPNjtExIpeSOcJ3K7WDM1Qi8r6FeCroySBNkolq63u5/TI4umiWKDUBXEvv6H9MIfy7+zIzJ/fl1bKze9P1IggHlWC9vhL+uGnwyVc=,iv:85JnGYtz5yIpZpxJCa0vV5l7XMsDE66cwg4aaU0Retw=,tag:h68lmun+hHb4Hdb3/v4afw==,type:str]
pgp: pgp:
- created_at: "2021-08-13T23:42:09Z" - created_at: "2021-08-13T23:42:09Z"
enc: | enc: |
......
clusters/okd4/openshift-ingress/issuer.yaml
+ 3
3
View file @ 7f767952
...@@ -13,7 +13,7 @@ spec: ...@@ -13,7 +13,7 @@ spec:
solvers: solvers:
- dns01: - dns01:
cloudflare: cloudflare:
apiKeySecretRef: apiTokenSecretRef:
key: token key: token
name: cloudflare-token name: cloudflare-token
email: ENC[AES256_GCM,data:QReTFOsJN+Jl/xyzQ6VJM19RXEYhS1bRuzCQTdq5dj1VksTiL/qhWM4=,iv:GceeVKhraaRk3ouDqvZqGA1CYInjDvuOtjuE6QvLbTI=,tag:QuCITSfHEaSAPAiA22zXPA==,type:str] email: ENC[AES256_GCM,data:QReTFOsJN+Jl/xyzQ6VJM19RXEYhS1bRuzCQTdq5dj1VksTiL/qhWM4=,iv:GceeVKhraaRk3ouDqvZqGA1CYInjDvuOtjuE6QvLbTI=,tag:QuCITSfHEaSAPAiA22zXPA==,type:str]
...@@ -26,8 +26,8 @@ sops: ...@@ -26,8 +26,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2021-08-13T23:58:48Z" lastmodified: "2021-08-15T00:00:02Z"
mac: ENC[AES256_GCM,data:OhKb2zKxLJDWOpW6R00D5FMordx1zkyqQuf7qHMEFqC0i4ouxjYVQXJaoPjUeKD0DvMPIlo8pQdpJ9ZDemv08uj0ATn6SbgeMyx6PGFE7HPEd1XroOY6ClMEoK9m7au7lYO0m7JXCvBR56XDFXwUIFldA1oy5hV9mXNXtfgNeHI=,iv:z1NKmCEJfLROvq4UokswFrNVZD9J9iRPaixxso49DkU=,tag:ZOvvkmftqQvWIvq9SeOS3A==,type:str] mac: ENC[AES256_GCM,data:TS5R/P/hrsJtcAKAPjeWuxMVYK6RKKsbEnbU8bGY7uB/BdDWzXrZrLLeeuAzQEruuaxmde2KJWDYyVx68sj7Nwm6pM3ceg232Stupan/1piylpool8VZKvkcnZZAv6rddc+ZjTSnFEDDKH5NRTTiOEccYM8NcPmE4LXfI4OltL0=,iv:pMJ9k+NT/cjDlMOyszNSKpmGTzz046UcFjavZA87vMs=,tag:u76roSIaOTuQHweLRK4t/A==,type:str]
pgp: pgp:
- created_at: "2021-08-13T23:58:48Z" - created_at: "2021-08-13T23:58:48Z"
enc: | enc: |
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment