Skip to content

EAI-1141 update openbao script #543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
woojae-siloai wants to merge 32 commits into
base: main
Choose a base branch
from
Open

EAI-1141 update openbao script #543

woojae-siloai wants to merge 32 commits into from

Conversation

@woojae-siloai
Copy link
Contributor

@woojae-siloai woojae-siloai commented Jan 27, 2026
edited
Loading

This PR enhances the way managing Openbao secrets.

Problem
Previous OpenBao initialization had limitations:

  • Hardcoded secret generation in bootstrap scripts
  • Secrets only added automatically during first cluster-forge deployment
  • Manual secret management with no ongoing automation
  • Tight coupling between initialization and configuration
  • No GitOps integration for secret definitions

Solution
Current branch resolves limitations through:

  • Decoupling: Separated bootstrap initialization from ongoing secret management
  • Automation: Added CronJob-based secret management running every 5 minutes
  • GitOps Integration: Secret definitions now under sources/openbao-config/ so ArgoCD can watch and manage configuration changes
  • Declarative Approach: Replaced hardcoded scripts with configurable SECRET_PATH|TYPE|VALUE|BYTES format

Changes
Implementation Changes:

  • Converted sources/openbao-config/ to proper Helm chart structure
  • Added openbao-secret-definitions.yaml with declarative secret format
  • Created openbao-secret-manager-cronjob.yaml for automated management
  • Added unified manage-secrets.sh script replacing hardcoded generation
  • Added openbao-secret-manager-scripts ConfigMap with idempotent logic (checks if secret exists first, only creates if missing)
  • Updated bootstrap process for multi-stage secret deployment

Documentation Changes

  • Updated secrets-management-architecture.md to reflect automated system
  • Added secret-management-user-guide.md for practical operations
  • Added openbao-config-helm-chart.md for technical reference

woojae-siloai and others added 30 commits January 21, 2026 17:36
@woojae-siloai
first commit for updating openbao secret
a4cad23
@woojae-siloai
fix:updating init-openbao for openbao secret
6f8358a
@woojae-siloai
fix:updating init-openbao for openbao secret
07d5c2b
@woojae-siloai
fest: add imagePullPolicy for cluster-tool image
c6351e1
@woojae-siloai
test: check secret-manager to create a new secret in openbao
11c27a1
@woojae-siloai
fix: Fix ConfigMap conflicts by separating init and ongoing secret ma…
bc69db8 
…nagement
@woojae-siloai
test: edit openbao-secret-definitions.yaml
dec0c79
@woojae-siloai
fix: invalid namespaces field in ClusterRole RBAC rules
0956294
@woojae-siloai
fix: add checksum annotation to force CronJob pod recreation on Confi…
65cf228 
…gMap updates
@woojae-siloai
test: edit openbao-secret-definitions.yaml
25dad52
@woojae-siloai @github-actions
Update version to v1.7.2 [actions skip]
8395e5d
@woojae-siloai @github-actions
Update version to Test-openbao-secret-update [actions skip]
c23b7a9
@woojae-siloai
test: edit openbao-secret-definitions.yaml
7e8626d
@woojae-siloai @github-actions
Update version to Test-openbao-secret-update-2 [actions skip]
0d192d8
@woojae-siloai @github-actions
Update version to Test-openbao-secret-update-3 [actions skip]
4c56c62
@silogenplatform @github-actions
Update version to wj-test-eai-1141 [actions skip]
9a2a4a1
@woojae-siloai
test: edit openbao-secret-definitions.yaml
b41a4c1
@woojae-siloai @github-actions
Update version to wj-teat-eau-1141-3rd [actions skip]
fb8e290
@woojae-siloai
test: edit openbao-secret-definitions.yaml
ff3388b
@woojae-siloai
fix: rollback openbao-secret-definitions.yaml
6362b20
@woojae-siloai
fix: rollback root folder values
a5fa923
@woojae-siloai
refactor: eliminate duplication between generate-secrets.sh and manag…
996d4a1 
…e-secrets.sh
@woojae-siloai @github-actions
Update version to wj-test-eau-1141-refac-1 [actions skip]
8f48d3f
@woojae-siloai @github-actions
Update version to wj-test-eau-1141-refac-0 [actions skip]
1c4ddf4
@woojae-siloai @github-actions
Update version to wj-eau-1151-refac-package-1 [actions skip]
b7de6dc
@woojae-siloai @github-actions
Update version to wj-eau-1141-refac-package-1 [actions skip]
cb62967
@woojae-siloai
test: update openbao-secret-definitions.yaml
00ac4a9
@woojae-siloai
fix: rollback targetRevision
db33349
@woojae-siloai
docs: complete secret management documentation overhaul. Update archi…
0f46c8f 
…tecture docs for automated CronJob-based system. Add user guide with practical workflow and troubleshooting
@woojae-siloai
refactor: move openbao-config to versioned folder structure
c021de7
@woojae-siloai woojae-siloai marked this pull request as ready for review January 27, 2026 12:23
@woojae-siloai woojae-siloai requested a review from a team as a code owner January 27, 2026 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@woojae-siloai @silogenplatform