security: remove secrets from git, gitignore k8s secret files
Build and Deploy / build-and-push (push) Successful in 35s
Build and Deploy / build-and-push (push) Successful in 35s
Secrets committed in prior commits (matomo-secret.yaml, secret-analytics-auth.yaml) have been scrubbed from history via filter-branch — rotate those credentials immediately. Going forward: - deploy/*-secret.yaml is gitignored; apply manually with kubectl - deploy/matomo-secret.yaml.example shows the required shape - ArgoCD ignoreDifferences on matomo-secret prevents it pruning a manually-applied secret - Remove matomo-secret.yaml from kustomization.yaml so ArgoCD never manages it again Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
funman300
@@ -12,6 +12,14 @@ spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: solitaire
|
||||
# Secrets are applied manually and must not be pruned by ArgoCD.
|
||||
ignoreDifferences:
|
||||
- group: ""
|
||||
kind: Secret
|
||||
name: matomo-secret
|
||||
namespace: solitaire
|
||||
jsonPointers:
|
||||
- /data
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
|
||||
Reference in New Issue
Block a user