diff --git a/config.tf b/config.tf index 43beb7e..0727ff5 100644 --- a/config.tf +++ b/config.tf @@ -97,4 +97,14 @@ variable "github_repositories" { "storage-hideyoshi.com", "infra-hideyoshi.com", ] +} + +variable "gpg_private_key_encryption" { + type = string + sensitive = true +} + +variable "gpg_public_key_encryption" { + type = string + sensitive = true } \ No newline at end of file diff --git a/github/config.tf b/github/config.tf index cba3f0d..f537630 100644 --- a/github/config.tf +++ b/github/config.tf @@ -14,4 +14,9 @@ variable "github_repositories" { variable "cluster_kubeconfig" { type = string sensitive = true +} + +variable "gpg_private_key_encryption" { + type = string + sensitive = true } \ No newline at end of file diff --git a/github/github.tf b/github/github.tf index ccb8867..b86412b 100644 --- a/github/github.tf +++ b/github/github.tf @@ -18,4 +18,11 @@ resource "github_actions_organization_secret" "cluster_kubeconfig" { selected_repository_ids = [for repo in data.github_repository.repos : repo.repo_id] secret_name = "PORTFOLIO_KUBECONFIG" plaintext_value = chomp(var.cluster_kubeconfig) +} + +resource "github_actions_organization_secret" "gpg_public_key" { + visibility = "selected" + selected_repository_ids = [for repo in data.github_repository.repos : repo.repo_id] + secret_name = "PORTFOLIO_GPG_PRIVATE_KEY" + plaintext_value = chomp(var.gpg_private_key_encryption) } \ No newline at end of file diff --git a/main.tf b/main.tf index 7c10689..97951b5 100644 --- a/main.tf +++ b/main.tf @@ -101,10 +101,16 @@ module "github" { github_owner = var.github_owner github_repositories = var.github_repositories cluster_kubeconfig = module.kubernetes.cluster_kubeconfig + gpg_private_key_encryption = var.gpg_private_key_encryption } output "cluster_kubeconfig" { value = module.kubernetes.cluster_kubeconfig sensitive = true +} + +output "gpg_public_key_encryption" { + value = var.gpg_public_key_encryption + sensitive = true } \ No newline at end of file