bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity

Use CI variable for stage admin password

Browse Source 
- Remove Secrets Manager config from values-stage.yaml
- Pass STAGE_ADMIN_PASSWORD via --set in deploy_stage
- Consistent with feature branch approach

Single source of truth: STAGE_ADMIN_PASSWORD CI variable is used by
deploy, reset, and integration test jobs.
This commit is contained in:
Mondo Diaz
2026-01-27 20:36:21 +00:00
parent fe07638485
commit aa853b5b32
2 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab-ci.yml
View File

@@ -430,6 +430,7 @@ deploy_stage:
--namespace $NAMESPACE \ --namespace $NAMESPACE \
-f $VALUES_FILE \ -f $VALUES_FILE \
--set image.tag=git.linux-amd64-$CI_COMMIT_SHA \ --set image.tag=git.linux-amd64-$CI_COMMIT_SHA \
--set orchard.auth.adminPassword=$STAGE_ADMIN_PASSWORD \
--wait \ --wait \
--atomic \ --atomic \
--timeout 10m --timeout 10m

7
helm/orchard/values-stage.yaml
View File

@@ -96,11 +96,8 @@ orchard:
port: 8080 port: 8080
# Authentication settings # Authentication settings
auth: # Admin password is set via CI variable (STAGE_ADMIN_PASSWORD) passed as --set flag
# Admin password from AWS Secrets Manager # This keeps the password out of version control
secretsManager:
enabled: true
secretArn: "arn:aws-us-gov:secretsmanager:us-gov-west-1:052673043337:secret:orchard-stage-creds-SMqvQx"
# Database configuration - uses AWS Secrets Manager via CSI driver # Database configuration - uses AWS Secrets Manager via CSI driver
database: database: