- https://github.com/FiloSottile/age install age
- Run :
➜ age-keygen -o ~/.age/lab-secret
Public key: age10pdd2hhv475y6ahketz5anexu26rhcead06xvgmmy79e5pj7p4ds3mvaaf
- Save the public key content in
~/.age/lab-secret-public
- Generate OAUTH from tailscale
- Get the Client ID and the Client Secret, and build the following file :
# Tailscale authentication
oauth:
clientId: <OAauth client ID>
clientSecret: <OAuth client secret>
- Save it as
secret_values.yaml
. Add this file in your.gitignore
. - Encrypt with :
sops --encrypt --age (cat ~/.age/lab-secret-public) secret_values.yaml > secret_values.enc.yaml
Helmfile
We’re using helmfile to install tailscale operator :
repositories:
- name: tailscale
url: https://pkgs.tailscale.com/helmcharts
releases:
- name: tailscale-operator
namespace: tailscale
createNamespace: true
chart: tailscale/tailscale-operator
secrets:
- tailscale/secrets.enc.yaml
export your age key for sops :
export SOPS_AGE_KEY_FILE=/Users/my-user/.age/lab-secret