diff --git a/base/jenkins/templates/opensearch-1password-token.yaml b/base/jenkins/templates/opensearch-1password-token.yaml new file mode 100644 index 0000000..4b1df68 --- /dev/null +++ b/base/jenkins/templates/opensearch-1password-token.yaml @@ -0,0 +1,15 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: opensearch-1password-sa-token + namespace: {{ template "jenkins.namespace" . }} +spec: + secretStoreRef: + kind: SecretStore + name: onepassword-releng + target: + creationPolicy: Owner + data: + - secretKey: token + remoteRef: + key: "Opensearch 1Password Service Account token/credential" diff --git a/production/values.yaml b/production/values.yaml index 204c0eb..59ab9cf 100644 --- a/production/values.yaml +++ b/production/values.yaml @@ -398,18 +398,18 @@ jenkins: - name: SAML_LOGOUT_URL value: "https://sso.linuxfoundation.org/samlp/BLgSYAt8E0oXf5EJSWxeuAnUP2JZUg46/logout" - # 1Password Service Account Token (ESO-managed) + # LF Releng 1Password Service Account Token - name: ONEPASSWORD_SA_TOKEN valueFrom: secretKeyRef: name: onepassword-sa-token key: token - # 1Password CLI Service Account Token (required by 1Password CLI) - - name: OP_SERVICE_ACCOUNT_TOKEN + # Opensearch 1Password Service Account Token (ESO-managed from 1Password) + - name: OPENSEARCH_ONEPASSWORD_SA_TOKEN valueFrom: secretKeyRef: - name: onepassword-sa-token + name: opensearch-onepassword-sa-token key: token # EC2 SSH Private Key (ESO-managed from 1Password)