diff --git a/cmd/flux/create_secret_oci.go b/cmd/flux/create_secret_oci.go index decd680c..8adc184c 100644 --- a/cmd/flux/create_secret_oci.go +++ b/cmd/flux/create_secret_oci.go @@ -30,13 +30,17 @@ import ( var createSecretOCICmd = &cobra.Command{ Use: "oci [name]", - Short: "Create or update a Kubernetes secret for docker authentication", + Short: "Create or update a Kubernetes secret for OCI Registry authentication", Long: `The create secret oci command generates a Kubernetes secret with `, - Example: ` # Create a secret for a OCI repository using basic authentication + Example: ` # Create an OCI authentication secret on disk and encrypt it with Mozilla SOPS flux create secret oci podinfo-auth \ - --url=ghcr.io/stefanprodan/charts \ + --url=ghcr.io \ --username=username \ - --password=password + --password=password \ + --export > repo-auth.yaml + + sops --encrypt --encrypted-regex '^(data|stringData)$' \ + --in-place repo-auth.yaml `, RunE: createSecretOCICmdRun, } diff --git a/pkg/manifestgen/sourcesecret/sourcesecret.go b/pkg/manifestgen/sourcesecret/sourcesecret.go index 2ea33227..cbca1c73 100644 --- a/pkg/manifestgen/sourcesecret/sourcesecret.go +++ b/pkg/manifestgen/sourcesecret/sourcesecret.go @@ -38,12 +38,18 @@ import ( const defaultSSHPort = 22 -type DockerConfigJson struct { +// DockerConfigJSON represents a local docker auth config file +// for pulling images. +type DockerConfigJSON struct { Auths DockerConfig `json:"auths"` } +// DockerConfig represents the config file used by the docker CLI. +// This config that represents the credentials that should be used +// when pulling images from specific image repositories. type DockerConfig map[string]DockerConfigEntry +// DockerConfigEntry holds the user information that grant the access to docker registry type DockerConfigEntry struct { Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` @@ -221,7 +227,7 @@ func resourceToString(data []byte) string { func generateDockerConfigJson(url, username, password string) ([]byte, error) { cred := fmt.Sprintf("%s:%s", username, password) auth := base64.StdEncoding.EncodeToString([]byte(cred)) - cfg := DockerConfigJson{ + cfg := DockerConfigJSON{ Auths: map[string]DockerConfigEntry{ url: { Username: username,