Merge "[AIAP] - Use SOPS_IMPORT_PGP for user specific key"

tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml

@@ -40,3 +40,8 @@
   path: "/data/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD"
   value: ""
 
+
+# The following relate to key used for encryption/decryption of secrets
+- op: replace
+  path: "/data/SOPS_IMPORT_PGP"
+  value: ""

tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml

@@ -24,6 +24,7 @@ data:
   AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME: ""
   AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD: ""
   AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD: ""
+  SOPS_IMPORT_PGP: ""
 ---
 
 apiVersion: v1

tools/airship-in-a-pod/runner/assets/entrypoint.sh

@@ -41,13 +41,15 @@ kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/do
 curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf -
 install /tmp/kustomize /usr/local/bin
 
-curl -fsSL -o /sops-key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
-SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
-SOPS_IMPORT_PGP="$(cat /sops-key.asc)"
-export SOPS_IMPORT_PGP
-export SOPS_PGP_FP
-echo 'export SOPS_IMPORT_PGP="$(cat /sops-key.asc)"' >> ~/.bashrc
-echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.bashrc
+SOPS_IMPORT_PGP=$( cat /opt/aiap-secret-volume/SOPS_IMPORT_PGP )
+if [ -z "${SOPS_IMPORT_PGP}"  ];then
+  # set user1 key
+  SOPS_IMPORT_PGP="$(cat ./manifests/.private-keys/exampleU1.key)"
+fi
+
+export SOPS_IMPORT_PGP=${SOPS_IMPORT_PGP}
+
+echo "export SOPS_IMPORT_PGP=${SOPS_IMPORT_PGP}" >> ~/.bashrc
 echo "export KUBECONFIG=$HOME/.airship/kubeconfig" >> ~/.bashrc
 
 install "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin