security: remove secrets from git, gitignore k8s secret files · 6905f26b56 - Ferrous-Solitaire

security: remove secrets from git, gitignore k8s secret files

Build and Deploy / build-and-push (push) Successful in 35s

Details

Secrets committed in prior commits (matomo-secret.yaml,
secret-analytics-auth.yaml) have been scrubbed from history via
filter-branch — rotate those credentials immediately.

Going forward:
- deploy/*-secret.yaml is gitignored; apply manually with kubectl
- deploy/matomo-secret.yaml.example shows the required shape
- ArgoCD ignoreDifferences on matomo-secret prevents it pruning a
  manually-applied secret
- Remove matomo-secret.yaml from kustomization.yaml so ArgoCD never
  manages it again

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

funman300

2026-05-13 21:36:46 -07:00

parent 1b7c4d92aa

commit 6905f26b56

4 changed files with 35 additions and 1 deletions

									
										deploy/kustomization.yaml
									
		-1
	
												View File
												
				@@ -11,7 +11,6 @@ resources:

				- mariadb-deployment.yaml

				- mariadb-service.yaml

				- matomo-pvc.yaml

				- matomo-secret.yaml

				- matomo-deployment.yaml

				- matomo-service.yaml

				- ingress-analytics.yaml

security: remove secrets from git, gitignore k8s secret files Build and Deploy / build-and-push (push) Successful in 35s Details

security: remove secrets from git, gitignore k8s secret files

Build and Deploy / build-and-push (push) Successful in 35s

Details