secrets

Andreas Mautsch · Andreas Mautsch · commit f5a13cfe2a53 · 2025-07-07T10:52:59.000+02:00
diff --git a/terraform/data/secrets.tf b/terraform/data/secrets.tf
@@ -20,7 +20,7 @@ resource "random_password" "oidc_session_secret" {
 
 variable "namespaces" {
   type    = list(string)
-  default = ["data", "core", "event", "invoice"]
+  default = ["data", "core", "event", "invoice", "example"]
 }
 
 resource "kubernetes_secret" "postgresql_secret" {
diff --git a/terraform/tenant-prov/core.tf b/terraform/tenant-prov/core.tf
@@ -14,23 +14,6 @@ resource "helm_release" "core-provisioning" {
     name  = "ingress.hosts"
     value = var.hostname
   }
-
-
-  # secrets
-  set {
-    name  = "messageBroker.password"
-    value = "supersecret"
-  }
-
-  set_sensitive {
-    name  = "database.password"
-    value = data.kubernetes_secret.postgresql_secret.data["password"]
-  }
-
-  set_sensitive {
-    name  = "s3.password"
-    value = data.kubernetes_secret.s3_secret.data["password"]
-  }
   
 }
 
diff --git a/terraform/tenant-prov/person-service.tf b/terraform/tenant-prov/person-service.tf
@@ -20,23 +20,11 @@ resource "helm_release" "person-service-provisioning" {
     value = local.oidc_enabled
   }
 
-
-  set_sensitive {
-    name = "oidc.session.secret"
-    value = random_password.oidc_session_secret.result
-  }
-
-  set_sensitive {
-    name  = "database.password"
-    value = data.kubernetes_secret.postgresql_secret.data["password"]
-  }
-
   set {
     name = "postgresql.host"
     value = "postgresql.data"
   }
 
-
 }
 
 
diff --git a/terraform/tenant-prov/secrets.tf b/terraform/tenant-prov/secrets.tf
diff --git a/xargocd/tenant-prov/core.tf b/xargocd/tenant-prov/core.tf
@@ -33,18 +33,7 @@ resource "kubernetes_manifest" "core-provisioning" {
               value = local.oidc_enabled
             },
 
-            {
-              name  = "oidc.session.secret"
-              value = random_password.oidc_session_secret.result
-            },
-            {
-              name  = "database.password"
-              value = data.kubernetes_secret.postgresql_secret.data["password"]
-            },
-            {
-              name  = "s3.password"
-              value = data.kubernetes_secret.s3_secret.data["password"]
-            },
+    
             {
               name  = "messageBroker.password"
               value = "supersecret"
diff --git a/xargocd/tenant-prov/person-service.tf b/xargocd/tenant-prov/person-service.tf
@@ -28,16 +28,7 @@ resource "kubernetes_manifest" "person-service-provisioning" {
             {
               name  = "oidc.enabled"
               value = local.oidc_enabled
-            },
-            {
-              name  = "oidc.session.secret"
-              value = random_password.oidc_session_secret.result
-            },
-            {
-              name  = "database.password"
-              value = data.kubernetes_secret.postgresql_secret.data["password"]
-            },
-            
+            }
 
             {
               name = "postgresql.host"
diff --git a/xargocd/tenant-prov/secrets.tf b/xargocd/tenant-prov/secrets.tf

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ resource "random_password" "oidc_session_secret" {`
`20`	`20`
`21`	`21`	`variable "namespaces" {`
`22`	`22`	`type = list(string)`
`23`		`- default = ["data", "core", "event", "invoice"]`
	`23`	`+ default = ["data", "core", "event", "invoice", "example"]`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`resource "kubernetes_secret" "postgresql_secret" {`