Erich Blume fbf230b414 Move Mikado cards to topic subdirectory, not plans/

Mikado cards are discovered through failed attempts, not designed
upfront — they don't belong in plans/. Cards now live where they
topically belong (how-to/authentik/ for this chain). Updated
agent-change-process to document this convention.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-20 09:53:07 -08:00

1.3 KiB

Raw Blame History

title

status

modified

Create Authentik Secrets

Create the 1Password item that the ExternalSecret references for Authentik configuration.

Context

Discovered while attempting deploy-authentik: the ExternalSecret references 1Password item "Authentik (blumeops)" which doesn't exist. Without it, the authentik-config Kubernetes secret won't be created and pods can't start.

What to Do

Generate a random secret key for Authentik (AUTHENTIK_SECRET_KEY)
Create 1Password item "Authentik (blumeops)" in vault blumeops with fields:
- secret-key: random 50+ character string
- postgresql-host: Tailscale-accessible postgres hostname
- postgresql-port: 5432
- postgresql-name: authentik
- postgresql-user: authentik
- postgresql-password: the password from provision-authentik-database
Verify the ExternalSecret can resolve on ringtail's cluster

Notes

This partially depends on provision-authentik-database for the postgres password, but the 1Password item structure and secret key can be created independently.

deploy-authentik — Parent goal
provision-authentik-database — Source of database credentials

1.3 KiB Raw Blame History

Create Authentik Secrets

Context

What to Do

Notes

Related

1.3 KiB

Raw Blame History