Files
pikasTech-unidesk/config/secrets-distribution.yaml
2026-06-29 16:32:14 +00:00

136 lines
3.5 KiB
YAML

version: 1
kind: unidesk-secret-distribution
metadata:
id: platform-infra-runtime-secrets
owner: unidesk
relatedIssues:
- 297
- 300
- 313
- 2256
sources:
root: /root/unidesk/.state/secrets
files:
- sourceRef: platform-db/langbot-db.env
type: env
requiredKeys:
- LANGBOT_DB_USER
- LANGBOT_DB_PASSWORD
- LANGBOT_DB_NAME
createIfMissing:
enabled: false
- sourceRef: platform-db/n8n-db.env
type: env
requiredKeys:
- N8N_DB_USER
- N8N_DB_PASSWORD
- N8N_DB_NAME
createIfMissing:
enabled: false
- sourceRef: platform-infra/langbot.env
type: env
requiredKeys:
- DATABASE_URL
- LANGBOT_JWT_SECRET
- LANGBOT_API_KEY
createIfMissing:
enabled: true
randomHex:
LANGBOT_JWT_SECRET: 32
randomBase64Url:
LANGBOT_API_KEY:
bytes: 32
prefix: lbk_
- sourceRef: platform-infra/n8n.env
type: env
requiredKeys:
- DATABASE_URL
- N8N_ENCRYPTION_KEY
createIfMissing:
enabled: true
randomBase64Url:
N8N_ENCRYPTION_KEY:
bytes: 32
prefix: ""
- sourceRef: platform-infra/wechat-archive.env
type: env
requiredKeys:
- UNIDESK_WECHAT_ARCHIVE_TOKEN
createIfMissing:
enabled: true
randomBase64Url:
UNIDESK_WECHAT_ARCHIVE_TOKEN:
bytes: 32
prefix: uwa_
- sourceRef: hwlab/jd01-v03-opencode.env
type: env
requiredKeys:
- OPENCODE_SERVER_USERNAME
- OPENCODE_SERVER_PASSWORD
createIfMissing:
enabled: true
values:
OPENCODE_SERVER_USERNAME: opencode
randomBase64Url:
OPENCODE_SERVER_PASSWORD:
bytes: 32
prefix: oc_
targets:
- id: platform-infra-g14
route: G14:k3s
namespace: platform-infra
scope: platform-infra
enabled: true
- id: hwlab-jd01-v03
route: JD01:k3s
namespace: hwlab-v03
scope: hwlab
enabled: true
kubernetesSecrets:
- name: hwlab-jd01-v03-opencode-server-auth
targetId: hwlab-jd01-v03
secretName: hwlab-v03-opencode-server-auth
type: Opaque
data:
- sourceRef: hwlab/jd01-v03-opencode.env
sourceKey: OPENCODE_SERVER_USERNAME
targetKey: username
- sourceRef: hwlab/jd01-v03-opencode.env
sourceKey: OPENCODE_SERVER_PASSWORD
targetKey: password
- name: langbot-runtime
targetId: platform-infra-g14
secretName: langbot-secrets
type: Opaque
data:
- sourceRef: platform-db/langbot-db.env
sourceKey: LANGBOT_DB_PASSWORD
targetKey: DATABASE_PASSWORD
- sourceRef: platform-infra/langbot.env
sourceKey: LANGBOT_JWT_SECRET
targetKey: SYSTEM_JWT_SECRET
- sourceRef: platform-infra/langbot.env
sourceKey: LANGBOT_API_KEY
targetKey: LANGBOT_API_KEY
- sourceRef: platform-infra/langbot.env
sourceKey: DATABASE_URL
targetKey: DATABASE_URL
- name: n8n-runtime
targetId: platform-infra-g14
secretName: n8n-secrets
type: Opaque
data:
- sourceRef: platform-db/n8n-db.env
sourceKey: N8N_DB_PASSWORD
targetKey: DB_POSTGRESDB_PASSWORD
- sourceRef: platform-infra/n8n.env
sourceKey: N8N_ENCRYPTION_KEY
targetKey: N8N_ENCRYPTION_KEY
- sourceRef: platform-infra/n8n.env
sourceKey: DATABASE_URL
targetKey: DATABASE_URL