Skip to content

Commit 4d22f47

Browse files
the-maldridgethe-maldridge
committed
services/nomad/build: Move signing keys to nomad vars
1 parent 8668031 commit 4d22f47

File tree

2 files changed

+4
-20
lines changed

2 files changed

+4
-20
lines changed

services/nomad/build/signing.nomad

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,6 @@ job "reposigner" {
1515
task "legacy-sign" {
1616
driver = "docker"
1717

18-
vault {
19-
policies = ["void-secrets-repomgmt"]
20-
}
21-
2218
config {
2319
image = "ghcr.io/void-linux/xbps-legacy-sign:20230815"
2420
args = [
@@ -37,8 +33,8 @@ job "reposigner" {
3733

3834
template {
3935
data = <<EOF
40-
{{- with secret "secret/repomgmt/signing" -}}
41-
{{.Data.key}}
36+
{{- with nomadVar "nomad/jobs/reposigner" -}}
37+
{{ .key }}
4238
{{- end -}}
4339
EOF
4440
destination = "secrets/id_rsa"
@@ -47,8 +43,8 @@ EOF
4743

4844
template {
4945
data = <<EOF
50-
{{- with secret "secret/repomgmt/signing" -}}
51-
{{.Data.keyphrase}}
46+
{{- with nomadVar "nomad/jobs/reposigner" -}}
47+
{{ .keyphrase }}
5248
{{- end -}}
5349
EOF
5450
destination = "secrets/id_rsa_passphrase"

terraform/hashistack/policy_repomgmt.tf

Lines changed: 0 additions & 12 deletions
This file was deleted.

0 commit comments

Comments
 (0)