Skip to content

Commit

Permalink
Make SSH switch envvar name more explicit (#97)
Browse files Browse the repository at this point in the history
* Make SSH switch envvar name more explicit

* Update server and app flag/envvar doc
  • Loading branch information
george-angel authored Sep 16, 2024
1 parent 759a0c6 commit e1d8b58
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 12 deletions.
23 changes: 13 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ spec:
Set following envvar:

```
- name: GIT_SSH_SECRET_ENABLED
- name: GIT_SSH_CUSTOM_KEY_ENABLED
value: true
```

Expand Down Expand Up @@ -256,21 +256,24 @@ subjects:
```

### Plugin Configuration
#### decrypt

| app arguments/ENVs | default | example / explanation |
#### Server config
| flag | default | example / explanation |
|-|-|-|
| --allowed-namespaces-secret-annotation | argocd.voodoobox.plugin.io/allowed-namespaces | when shared secret is used this value is the annotation key to look for in secret to get comma-separated list of all the namespaces that are allowed to use it |
| --global-git-ssh-key-file | | The path to git ssh key file which will be used as global ssh key to fetch kustomize base from private repo for all application |
| --global-git-ssh-known-hosts-file | | The path to git known hosts file which will be used as with global ssh key to fetch kustomize base from private repo for all application |
| --app-strongbox-secret-name | argocd-voodoobox-strongbox-keyring | the value should be the name of a secret resource containing strongbox keyring used to encrypt app secrets. name will be same across all applications |
| --app-git-ssh-secret-name | argocd-voodoobox-git-ssh | the value should be the name of a secret resource containing ssh keys used for fetching remote kustomize bases from private repositories. name will be same across all applications |

#### Application config - set in Application plugin env section

| envvar | default | example / explanation |
|-|-|-|
| ARGOCD_APP_NAME | set by argocd | name of application |
| ARGOCD_APP_NAMESPACE | set by argocd | application's destination namespace |
| STRONGBOX_KEYRING_ENABLED¹ | false | Enable Strongbox for decryption |
| STRONGBOX_KEYRING_KEY¹ | .strongbox_keyring | the name of the secret data key which contains a valid strongbox keyring file |
| STRONGBOX_SECRET_NAMESPACE¹ | | the name of a namespace where secret resource containing strongbox keyring is located, defaults to current |
| GIT_SSH_SECRET_ENABLED¹ | false | Enable Git SSH building using custom (non global) key |
| GIT_SSH_SECRET_NAMESPACE¹ | | the value should be the name of a namespace where secret resource containing ssh keys are located, defaults to current |

¹ These ENVs should be added to argocd application plugin env sections
| STRONGBOX_KEYRING_ENABLED | false | Enable Strongbox for decryption |
| STRONGBOX_KEYRING_KEY | .strongbox_keyring | the name of the secret data key which contains a valid strongbox keyring file |
| STRONGBOX_SECRET_NAMESPACE | | the name of a namespace where secret resource containing strongbox keyring is located, defaults to current |
| GIT_SSH_CUSTOM_KEY_ENABLED | false | Enable Git SSH building using custom (non global) key |
| GIT_SSH_SECRET_NAMESPACE | | the value should be the name of a namespace where secret resource containing ssh keys are located, defaults to current |
4 changes: 2 additions & 2 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ encrypt app secrets. name will be same across all applications`,
// SSH secrets flags
&cli.BoolFlag{
Name: "app-git-ssh-enabled",
EnvVars: []string{argocdAppEnvPrefix + "GIT_SSH_SECRET_ENABLED"},
Usage: `set 'GIT_SSH_SECRET_ENABLED' in argocd application as plugin
EnvVars: []string{argocdAppEnvPrefix + "GIT_SSH_CUSTOM_KEY_ENABLED"},
Usage: `set 'GIT_SSH_CUSTOM_KEY_ENABLED' in ArgoCD application as plugin
ENV. If set to "true" will use default values to lookup the
Git SSH secret and use it.`,
},
Expand Down

0 comments on commit e1d8b58

Please sign in to comment.