apt-get install pip
sudo pip install --upgrade sops

gpg --batch --full-generate-key <<EOF
> %no-protection
> Key-Type: 1
> Key-Length: 4096
> Subkey-Type: 1
> Subkey-Length: 4096
> Expire-Date: 0
> Name-Email: [email protected]
> Name-Real: sops
> EOF

# Buat cek key yang udah dibuat
gpg --list-keys
gpg --list-secret-keys

export KEY_FP=<gpg-secret-key>

# Buat secret di kubernetesnya
gpg --export-secret-keys --armor "${KEY_FP}" | kubectl create secret generic --namespace flux-system --from-file=sops.asc=/dev/stdin sops-gpg

Ini pokoknya harus di repository directory flux-system

gpg --export --armor "${KEY_FP}" > clusters/kube-playground/flux-system/.sops.pub.asc

Ke root repo directory:

git add .
git commit -m "feat: add sops"

Buat tim member biar bisa nge encrypt juga, perlu import public key nya dlu:

gpg --import ./clusters/kube-playground/.sops.pub.asc

Ini buat default rule buat nge decrypt secret:

cat <<EOF > ./clusters/kube-playground/.sops.yaml
creation_rules:
  - path_regex: .*.yaml
    encrypted_regex: ^(data|stringData)$
    pgp: ${KEY_FP}
EOF