feat: adds encryption key for kubernetes secrets

config.tf

@@ -97,4 +97,14 @@ variable "github_repositories" {
         "storage-hideyoshi.com",
         "infra-hideyoshi.com",
     ]  
+}
+
+variable "gpg_private_key_encryption" {
+    type = string
+    sensitive = true    
+}
+
+variable "gpg_public_key_encryption" {
+    type = string
+    sensitive = true    
 }

github/config.tf

@@ -14,4 +14,9 @@ variable "github_repositories" {
 variable "cluster_kubeconfig" {
     type = string
     sensitive = true  
+}
+
+variable "gpg_public_key_encryption" {
+    type = string
+    sensitive = true  
 }

github/github.tf

@@ -18,4 +18,11 @@ resource "github_actions_organization_secret" "cluster_kubeconfig" {
   selected_repository_ids = [for repo in data.github_repository.repos : repo.repo_id]
   secret_name = "PORTFOLIO_KUBECONFIG"
   plaintext_value = chomp(var.cluster_kubeconfig)
+}
+
+resource "github_actions_organization_secret" "gpg_public_key" {
+  visibility = "selected"
+  selected_repository_ids = [for repo in data.github_repository.repos : repo.repo_id]
+  secret_name = "PORTFOLIO_GPG_PUBLIC_KEY"
+  plaintext_value = chomp(var.gpg_public_key_encryption)
 }

main.tf

@@ -101,10 +101,16 @@ module "github" {
   github_owner = var.github_owner
   github_repositories = var.github_repositories
   cluster_kubeconfig = module.kubernetes.cluster_kubeconfig
+  gpg_public_key_encryption = var.gpg_public_key_encryption
 }
 
 
 output "cluster_kubeconfig" {
   value = module.kubernetes.cluster_kubeconfig
   sensitive = true  
+}
+
+output "gpg_private_key_encryption" {
+  value = var.gpg_private_key_encryption
+  sensitive = true  
 }