# The secrets below are encrypted using keys stored in Cloud KMS and
# templated in by kontemplate when deploying.
#
# Not all of the values are actually secret (see the matching)
---
apiVersion: v1
kind: Secret
metadata:
  name: nixery-secrets
  namespace: kube-public
type: Opaque
data:
  gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }}
  gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }}
  id_nixery: {{ printf "%s\n" (passLookup "nixery-ssh-private") | b64enc }}
  id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }}
  known_hosts: {{ insertFile "known_hosts" | b64enc }}
  ssh_config: {{ insertFile "ssh_config" | b64enc }}