kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
kitestacks-homelab/apps
History
kenpat dbcf51993d ops: add HashiCorp Vault for secrets management 
Replaces .env files across all KiteStacks apps. Vault runs as a Docker
container bound to 127.0.0.1:8200 with file storage backend.

- apps/vault/: compose file + vault.hcl config (TLS disabled, localhost only)
- scripts/vault-env.sh: fetches secret from Vault KV and injects as env
  vars before running docker compose (drops the .env pattern entirely)
- scripts/vault-init.sh: one-time init — GPG-encrypts unseal keys to
  ~/.vault-keys.gpg, creates kitestacks policy + limited app token
- scripts/vault-unseal.sh: post-restart unseal via GPG-decrypted key
- docs/vault-setup.md: full setup guide including secret migration steps

Usage: vault-env.sh kitestacks/authentik -- docker compose up -d

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19 03:01:12 -05:00
..
authentik security: complete IP, port, and password redaction across all docs 2026-06-11 16:16:23 -05:00
authentik-ldap phase 8: forgejo sync config, authentik-ldap SSO service, runbook update 2026-06-15 08:54:08 -05:00
bookstack chore: stop tracking runtime database and container data 2026-06-10 04:09:06 -05:00
cloudflared chore: clean up cloudflared token handling and add pending files 2026-06-19 00:34:48 -05:00
forgejo phase 8: forgejo sync config, authentik-ldap SSO service, runbook update 2026-06-15 08:54:08 -05:00
grafana Automated update: 2026-06-08 09:10:38 2026-06-08 09:10:38 -05:00
homepage-archived-2026-06-07 config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00
kavita fix: downgrade kustomize apiVersion to v1beta1 2026-06-15 13:04:59 -05:00
kite-ai config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00
kitestacks-portal chore: clean up cloudflared token handling and add pending files 2026-06-19 00:34:48 -05:00
kitestacks-portal-test Automated update: 2026-06-08 23:48:23 2026-06-08 23:48:23 -05:00
linkding config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00
openproject Automated update: 2026-06-08 19:22:54 2026-06-08 19:22:54 -05:00
prometheus config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00
shaarli config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00
vault ops: add HashiCorp Vault for secrets management 2026-06-19 03:01:12 -05:00
zammad config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00
homepage-backup-pre-cyberpunk-2026-06-07-0152.tar.gz config: sync docker configs 2026-06-08T03:59:55Z 2026-06-07 22:59:55 -05:00