Merge pull request #68 from HideyoshiSolutions/develop

develop - feat: adds encryption key for kubernetes secrets

config.tf

@@ -98,3 +98,13 @@ variable "github_repositories" {
         "infra-hideyoshi.com",
     ]  
 }
+
+variable "gpg_private_key_encryption" {
+    type = string
+    sensitive = true    
+}
+
+variable "gpg_public_key_encryption" {
+    type = string
+    sensitive = true    
+}

github/config.tf

@@ -15,3 +15,8 @@ variable "cluster_kubeconfig" {
     type = string
     sensitive = true  
 }
+
+variable "gpg_private_key_encryption" {
+    type = string
+    sensitive = true  
+}

github/github.tf

@@ -19,3 +19,10 @@ resource "github_actions_organization_secret" "cluster_kubeconfig" {
   secret_name = "PORTFOLIO_KUBECONFIG"
   plaintext_value = chomp(var.cluster_kubeconfig)
 }
+
+resource "github_actions_organization_secret" "gpg_public_key" {
+  visibility = "selected"
+  selected_repository_ids = [for repo in data.github_repository.repos : repo.repo_id]
+  secret_name = "PORTFOLIO_GPG_PRIVATE_KEY"
+  plaintext_value = chomp(var.gpg_private_key_encryption)
+}

main.tf

@@ -101,6 +101,7 @@ module "github" {
   github_owner = var.github_owner
   github_repositories = var.github_repositories
   cluster_kubeconfig = module.kubernetes.cluster_kubeconfig
+  gpg_private_key_encryption = var.gpg_private_key_encryption
 }
 
 
@@ -108,3 +109,8 @@ output "cluster_kubeconfig" {
   value = module.kubernetes.cluster_kubeconfig
   sensitive = true  
 }
+
+output "gpg_public_key_encryption" {
+  value = var.gpg_public_key_encryption
+  sensitive = true  
+}