eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Update secret templates to use consolidated 1Password item

Browse source 
Use single "TeslaMate" item with db_password and api_enc_key fields
instead of separate items.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-01-22 19:18:27 -08:00
commit 5f731b677f
4 changed files with 4 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

7
argocd/manifests/databases/secret-teslamate.yaml.tpl
View file

@ -1,10 +1,5 @@
# Template for TeslaMate database user password
# Apply with: op inject -i argocd/manifests/databases/secret-teslamate.yaml.tpl | kubectl apply -f -
#
# Create the 1Password item first:
# - Name: "TeslaMate DB Password"
# - Vault: blumeops
# - Field: "password" with a secure generated password
apiVersion: v1
kind: Secret
metadata:
@ -13,4 +8,4 @@ metadata:
type: kubernetes.io/basic-auth
stringData:
username: teslamate
password: {{ op://blumeops/TeslaMate DB Password/password }}
password: {{ op://blumeops/TeslaMate/db_password }}

2
argocd/manifests/grafana-config/secret-teslamate-datasource.yaml.tpl
View file

@ -10,4 +10,4 @@ metadata:
namespace: monitoring
type: Opaque
stringData:
TESLAMATE_DB_PASSWORD: {{ op://blumeops/TeslaMate DB Password/password }}
TESLAMATE_DB_PASSWORD: {{ op://blumeops/TeslaMate/db_password }}

5
argocd/manifests/teslamate/secret-db.yaml.tpl
View file

@ -1,8 +1,5 @@
# TeslaMate database connection secret
#
# The teslamate user password must be stored in 1Password (blumeops vault)
# as "TeslaMate DB Password" with a field "password"
#
# Apply with: op inject -i argocd/manifests/teslamate/secret-db.yaml.tpl | kubectl apply -f -
apiVersion: v1
kind: Secret
@ -11,4 +8,4 @@ metadata:
namespace: teslamate
type: Opaque
stringData:
url: "ecto://teslamate:{{ op://blumeops/TeslaMate DB Password/password }}@blumeops-pg-rw.databases.svc.cluster.local:5432/teslamate"
url: "ecto://teslamate:{{ op://blumeops/TeslaMate/db_password }}@blumeops-pg-rw.databases.svc.cluster.local:5432/teslamate"

5
argocd/manifests/teslamate/secret-encryption-key.yaml.tpl
View file

@ -1,9 +1,6 @@
# TeslaMate encryption key secret
# This key encrypts Tesla API tokens at rest in the database
#
# Generate the key with: openssl rand -base64 32
# Store it in 1Password (blumeops vault) as "TeslaMate Encryption Key"
#
# Apply with: op inject -i argocd/manifests/teslamate/secret-encryption-key.yaml.tpl | kubectl apply -f -
apiVersion: v1
kind: Secret
@ -12,4 +9,4 @@ metadata:
namespace: teslamate
type: Opaque
stringData:
key: {{ op://blumeops/TeslaMate Encryption Key/key }}
key: {{ op://blumeops/TeslaMate/api_enc_key }}