eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/zk/external-secrets-log.md
Erich Blume 4ccb7b9a26 Fix wiki-links to use filename-based resolution (#90) 
## Summary
- Quartz's "shortest" path mode resolves wiki-links by **filename**, not frontmatter title
- Previous PR used title-based links like `[[Grafana Alloy]]` which looked for non-existent `Grafana-Alloy.md`
- Now using filename-based links like `[[alloy|Grafana Alloy]]` which correctly resolve

## Changes
- Rename zk duplicate files with `-log` suffix (e.g., `argocd.md` → `argocd-log.md`)
- Rename `reference/storage/postgresql.md` to `postgresql-storage.md`
- Convert all 175 wiki-links from `[[Title]]` to `[[filename|Title]]` format
- Rename `doc-card-titles` task to `doc-filenames` (checks filename uniqueness, not titles)
- Update pre-commit hook for renamed task

## Deployment and Testing
- [x] Pre-commit hooks pass
- [x] `mise run doc-filenames` shows no duplicate filenames
- [ ] Verify wiki-links work correctly in Quartz build

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/90
2026-02-03 15:30:42 -08:00

1.9 KiB
Raw Blame History

id aliases tags
external-secrets-log
eso
external-secrets-operator
blumeops

External Secrets Operator

External Secrets Operator (ESO) syncs secrets from 1Password to Kubernetes Secrets via 1Password Connect.

Architecture

1Password Cloud
      |
      v
1Password Connect (namespace: 1password)
      |
      v
External Secrets Operator (namespace: external-secrets)
      |
      v
Native Kubernetes Secrets

Usage

ClusterSecretStore onepassword-blumeops provides access to the blumeops vault. See argocd/manifests/devpi/external-secret.yaml for a simple example.

Important: 1Password Connect doesn't support the ?ssh-format=openssh query parameter. SSH keys must be stored as Secure Notes with the OpenSSH-formatted key (see argocd-forge-ssh-key item).

# Check all ExternalSecrets
kubectl --context=minikube-indri get externalsecret -A

# Find 1Password field names
op item get <item> --vault blumeops --format json | jq '.fields[] | .label'

Bootstrap (One-Time Setup)

If reinstalling from scratch:

  1. Create Connect server credentials:

    op connect server create blumeops --vaults blumeops
op connect token create blumeops --server <server-id> --vault blumeops

  2. Store in 1Password item "1Password Connect":

    • credentials-file: raw JSON
    • credentials-base64: base64-encoded JSON
    • token: access token

  3. Apply bootstrap secret:

    kubectl --context=minikube-indri create namespace 1password
op inject -i argocd/manifests/1password-connect/secret-credentials.yaml.tpl | \
  kubectl --context=minikube-indri apply -f -

  4. Sync apps in order:

    • argocd app sync 1password-connect
    • argocd app sync external-secrets-crds
    • argocd app sync external-secrets
    • argocd app sync external-secrets-config

Related