Skip to content

Commit 24aace8

Browse files
xnotoxnoto
committed
feat(github): add Cloudflare secrets for www repo
Add CLOUDFLARE_ZONE_ID and CLOUDFLARE_API_TOKEN secrets to be pushed to www repository for cache purge workflow integration. Note: Secrets in secrets.yaml need to be encrypted with sops before terraform apply.
1 parent 1671931 commit 24aace8

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

main.tf

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,17 @@ locals {
5757
}
5858
"www_secret_access_key" = {
5959
name = "AWS_SECRET_ACCESS_KEY"
60-
value = data.sops_file.secret_vars.data["www_aws_secret_access_key"]
60+
value = data.sops_file.secret_vars.data["www_secret_access_key"]
61+
repositories = ["www"]
62+
}
63+
"cloudflare_zone_id" = {
64+
name = "CLOUDFLARE_ZONE_ID"
65+
value = data.sops_file.secret_vars.data["cloudflare_zone_id"]
66+
repositories = ["www"]
67+
}
68+
"cloudflare_api_token" = {
69+
name = "CLOUDFLARE_API_TOKEN"
70+
value = data.sops_file.secret_vars.data["cloudflare_api_token"]
6171
repositories = ["www"]
6272
}
6373
"cloudflare_auth_client_id" = {

secrets/secrets.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ www_aws_region: ENC[AES256_GCM,data:FGG18pa8W54s,iv:XONX1alV5yMSmSZqihE7K2snoPMW
2323
www_s3_bucket: ENC[AES256_GCM,data:ovdb1LxW/Gow0UwyF37QLw==,iv:GxN692DPExJ1YiayL3+cFjZMfLZ3xqr7jGSASylSbHc=,tag:JiaCAZJ9PPFIWfUMJqOH0g==,type:str]
2424
www_aws_access_key_id: ENC[AES256_GCM,data:5bkGYnDRQ4jpV8s6rmJOPYQivyU=,iv:j+JqaXs+POLKIO4y/fptIgTfFlqdp2SoVMq7DhcfWlc=,tag:OtNAaCOuSSiuQdDBJSQ8eA==,type:str]
2525
www_aws_secret_access_key: ENC[AES256_GCM,data:x9stZafuvAyiJ5Cr2YdvYasf8uYtW/zCgik1TW0y6DIJeNToQevuIA==,iv:NLvUGqAqwPSOAhEbVuNShR/4ROAwI6rXVlaRKcFg0Jo=,tag:A2YjBVM1ly6d/um8icVGFA==,type:str]
26+
cloudflare_zone_id: ENC[AES256_GCM,data:EqEAI3XFjywJIELIdYtHP+jUXHj5EavRRHua55hSUUY=,iv:wHChj2v60eKr1ha7vRfpZCb6lX+S7hjbY5h6HKRjpnE=,tag:UtxaLN61n3Ajxr2142DjqA==,type:str]
27+
cloudflare_api_token: ENC[AES256_GCM,data:3kq4J1CcvJyz8Y5J3/su1u07lpHcAuMKbsUZnCQ75+t5o1TEnV1HDA==,iv:F2F8qRvtoBpSrbZB/wRF2DqDqi+wyV6F9eLSwwJZzss=,tag:16njFYkbAw4UOm19bT0JWg==,type:str]
2628
sops:
2729
age:
2830
- recipient: age152ek83tm4fj5u70r3fecytn4kg7c5xca24erjchxexx4pfqg6das7q763l
@@ -34,7 +36,7 @@ sops:
3436
TnNmRW85dVBTZ3JmaFRLcUg5L25PMEkKhVETwuZEt9DSheYK/IRRJWtPu+cjH6RR
3537
xPkuzYw+7TRwsZMT6Hfvhr4AHRLWjCXsgmTksHj+2wRUoK22y6DhWg==
3638
-----END AGE ENCRYPTED FILE-----
37-
lastmodified: "2025-12-28T20:00:25Z"
38-
mac: ENC[AES256_GCM,data:/jgLKPseBRbkT59OvUOFUQ/aMM2T9h72btyjhjAhUbcIYrebweZD0JAak+dzQM9Wq2gniSQ034EFXk3fDFhLrOBiQloX291thcZ0BNQZukAUgOWaRMh3Igv+SVdPLgIetqvP3Xi7z6icQpR4N8SVQNThxop4WWIbiaScUtftFLU=,iv:ReNzT5K12b0Z5qaK9aL3vjGpWG7TXLcoiBFXe36tseA=,tag:RXptSe5phCSS8EYpHl9iOQ==,type:str]
39+
lastmodified: "2026-02-19T17:22:27Z"
40+
mac: ENC[AES256_GCM,data:gaegkmwntnKk7IZeayDsVKNVNTPeTHFg/J1LgvuCfvFe79+IEfnWUa/DQzXAS2LA1pb3ugnC8jm634U4MuzIVZHdPoxc9PuZdhsjDW1RL9rPqXXwbA6iChSBgdzVyFEuWaOiS/bosQK7C21jIrFsG7eUac2q7eSEhCEmhgDV/sY=,iv:vf2uxLvdQWxhL1FxjGVqGS1Q+ijO4dAgcG5qpb/20gU=,tag:hQnaG4hPN1vIcP3zeIAlXg==,type:str]
3941
unencrypted_suffix: _unencrypted
4042
version: 3.10.2

0 commit comments

Comments
 (0)