chore: rotate keys

timdeschryver · timdeschryver · commit f610f7d19f73 · 2025-10-07T13:41:46.000+02:00
diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml
@@ -39,14 +39,14 @@ jobs:
       - name: Install pnpm
         uses: pnpm/action-setup@v4
         with:
-          package_json_file: './package.json'
+          package_json_file: "./package.json"
 
       - name: Use Node.js
         uses: actions/setup-node@v5
         with:
           node-version-file: .node-version
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: "pnpm"
+          cache-dependency-path: "**/pnpm-lock.yaml"
 
       - name: Install pnpm dependencies
         run: pnpm install --frozen-lockfile
@@ -65,6 +65,13 @@ jobs:
         env:
           SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
 
+      - run: |
+          pnpm prettier . --write
+
+      - uses: autofix-ci/action@v1
+        with:
+          commit-message: "Apply Prettier format"
+
       - name: Format check
         run: pnpm prettier --check .
 
@@ -77,11 +84,11 @@ jobs:
       - name: ReportGenerator
         uses: danielpalme/ReportGenerator-GitHub-Action@v5.4.16
         with:
-          reports: '**/coverage.xml'
-          targetdir: 'coveragereport'
-          reporttypes: 'HtmlInline;Cobertura;MarkdownSummaryGithub'
-          tag: '${{ github.run_number }}_${{ github.run_id }}'
-          customSettings: 'minimumCoverageThresholds:lineCoverage=70'
+          reports: "**/coverage.xml"
+          targetdir: "coveragereport"
+          reporttypes: "HtmlInline;Cobertura;MarkdownSummaryGithub"
+          tag: "${{ github.run_number }}_${{ github.run_id }}"
+          customSettings: "minimumCoverageThresholds:lineCoverage=70"
 
       - name: Upload .NET coverage report artifact
         uses: actions/upload-artifact@v4
@@ -147,13 +154,13 @@ jobs:
       - name: Install pnpm
         uses: pnpm/action-setup@v4
         with:
-          package_json_file: './package.json'
+          package_json_file: "./package.json"
       - name: Use Node.js
         uses: actions/setup-node@v5
         with:
           node-version-file: .node-version
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: "pnpm"
+          cache-dependency-path: "**/pnpm-lock.yaml"
 
       - name: Log in with Azure (Federated Credentials)
         run: |
diff --git a/.gitignore b/.gitignore
@@ -43,7 +43,6 @@ Thumbs.db
 # SOPS encryption keys
 .age-key.txt
 *.age-key
-Sandbox.AppHost/appsettings.json
 *.decrypted.json
 
 # Azurite (Azure Storage Emulator)
diff --git a/.sops.yaml b/.sops.yaml
@@ -4,4 +4,4 @@ creation_rules:
     azure_keyvault: >-
       https://keyvault-ydv765mduoiws.vault.azure.net/keys/sops-key/78115f33e44a4e04a1e38cdb77044d04
     age: >-
-      age12l4esl03pawr8kexm5n5d3zgzwkt4gxclhrk4av975fskt9p9ycsl7g7qg
+      age1zxw4360l6a6fu6p9pxtes5jgn2xtsxema9zzauh2uy37pjkhf9vq0xuq98
diff --git a/README.md b/README.md
@@ -87,6 +87,7 @@ The project uses [SOPS (Secrets Operations)](https://github.com/getsops/sops) to
 ### SOPS Quick Start
 
 ```powershell
+$env:SOPS_AGE_KEY_FILE = "./config/sops/age/keys.txt"
 sops --decrypt "config/appsettings.encrypted.json" > "Sandbox.AppHost/appsettings.json"
 sops --encrypt "Sandbox.AppHost/appsettings.json" > "config/appsettings.encrypted.json"
 ```
diff --git a/Sandbox.AppHost/appsettings.json b/Sandbox.AppHost/appsettings.json
@@ -0,0 +1,16 @@
+{
+	"Logging": {
+		"LogLevel": {
+			"Default": "Information",
+			"Microsoft.AspNetCore": "Warning",
+			"Aspire.Hosting.Dcp": "Warning"
+		}
+	},
+	"Parameters": {
+		"KeycloakAdminUsername": "admin",
+		"KeycloakAdminPassword": "admin",
+		"OpenIDConnectSettingsClientSecret": "supersecret",
+		"MinioUser": "minioadmin",
+		"MinioPassword": "minioadmin"
+	}
+}
diff --git a/Sandbox.Modules.CustomerManagement.IntegrationTests/Sandbox.Modules.CustomerManagement.IntegrationTests.csproj b/Sandbox.Modules.CustomerManagement.IntegrationTests/Sandbox.Modules.CustomerManagement.IntegrationTests.csproj
@@ -20,7 +20,7 @@
             Include="..\Sandbox.Modules.CustomerManagement\Sandbox.Modules.CustomerManagement.csproj" />
     </ItemGroup>
 
-    <Target Name="GenerateClient" BeforeTargets="BeforeBuild"
+    <Target Name="GenerateClient" AfterTargets="Build"
         Condition="$(Configuration)=='Debug'">
         <Exec
             Command="kiota generate -l CSharp --output ./ApiServiceSDK --namespace-name ApiServiceSDK --class-name ApiClient --openapi ../Sandbox.ApiService/obj/Sandbox.ApiService.json --clean-output"
diff --git a/config/appsettings.encrypted.json b/config/appsettings.encrypted.json
@@ -21,15 +21,15 @@
 				"vault_url": "https://keyvault-ydv765mduoiws.vault.azure.net",
 				"name": "sops-key",
 				"version": "78115f33e44a4e04a1e38cdb77044d04",
-				"created_at": "2025-09-28T18:24:46Z",
-				"enc": "ESWrHJNqSmKVjDw9_iF123h7iBB9iOD-A-gQlxqvWzjVsPpz2SICCwlPwYEKSkSOpBsbHdYWfdtbBg67PsnDGFfZS2a6U_B7QHD4gQLEKVWBVfSvxFx7RZcyLeHf1rKfgQZzlkBNZpf46CVqAVSgJEldAKrRtXslnZTsejW25Bkd5seb-d3PpGwL91YSEplL8XsuweqwpwJN7qtqfaHvQY1iMsbkX1CAVXia4WHBf76s67TuXCpkZMRFpg3UBKv3ezNnakVSlfUkhNxo0dFOSs-RCJSNIgau86FxDGHpqY0ZDsuYSN9-tFp2-hWPvsQkOIT0d-yZXIF62yTK8sn_wA"
+				"created_at": "2025-10-07T09:25:00Z",
+				"enc": "GfqOX3Y7dRS5l-ZIqZO-A5dzpZOGzosgPnm6aUkbH4AA_CbD3cxSdE2XEOcbhEjKWkKAOJvEqB-MadPj3kR9aB6-JdE_S3_FOnKkqGALFCGVo3UXJJ0IcSyASNTgwuu4D7kzEkhxE7GXV7wcTZa0fVd0H_fXgI32c6ysgvA_SCVfTq8eE3BZqeDW3bcAHEuwDaicfnHfJ8IwFI8V-pk4Qejlmuj9UmIVfS68lvfykbxmzn0kyKTuAKfu6bu05nBNfr7W4WYLOu8ain2LMEsdpvnsnBHTTNNWb9Wf_L5sWvbveb9ienBVyMSgA4wiOzwx66mmkfIChLYjSxehAKWLIQ"
 			}
 		],
 		"hc_vault": null,
 		"age": [
 			{
-				"recipient": "age12l4esl03pawr8kexm5n5d3zgzwkt4gxclhrk4av975fskt9p9ycsl7g7qg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMWo4d1BzU1I0SDkvS1I5\nUDNQUElsRW1lUkJZc1BDTGFmOXhYMnBrV1RjCko4WDVITzA3UFBQcEdtSFpCaGN2\naXNFZjhmK21DNTUzZllqRTI5VjR2cVUKLS0tIEI0SVN2d3h3czIzdCtpYzl3RUVC\nZWxqUEt6R1ExTFEzYnB1WXhrYm5wRzAKMXNlmSQfY7puleQi6fyfEfSYtOiyPjaT\n3vOrtSL/MEPsno5XeuaM2Y4fCi48MEkluoBYYi2QFWyGlmF7ms3z2A==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1zxw4360l6a6fu6p9pxtes5jgn2xtsxema9zzauh2uy37pjkhf9vq0xuq98",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dy9pcUNMcS9JMUNINC95\nMkNvTVJpaXpQeUxTYlQ1anJHYWhxR0R5K0NrCndVbkFZb2c3Mk04d3JldWVRR2I1\nc2FaTnZ3dEhWNElLOE1tc3c4TEhmd0EKLS0tIDZsM0VjcFIxRDFyK29RUWMvWEpE\nOG5VTnByKzV0YnUralV6NkRJWDFLbUUKb4mBdCSfsHxusZEAG54PvRO3rQHaTSYf\n5dOKebTSoz9u1TLN6n3hHh2BVrDo4Uz1ZXuyG3kglZzLgV+GjpX+/g==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2025-09-28T18:24:49Z",
diff --git a/config/sops/age/keys.txt b/config/sops/age/keys.txt
@@ -0,0 +1,3 @@
+# created: 2025-10-07T11:18:26+02:00
+# public key: age1zxw4360l6a6fu6p9pxtes5jgn2xtsxema9zzauh2uy37pjkhf9vq0xuq98
+AGE-SECRET-KEY-1TFTLRN8GWUF9WYH0FMHEA4JQXWRSD0HK76DWE3GUYNMR96XXXS0S63D885

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# created: 2025-10-07T11:18:26+02:00`
	`2`	`+# public key: age1zxw4360l6a6fu6p9pxtes5jgn2xtsxema9zzauh2uy37pjkhf9vq0xuq98`
	`3`	`+AGE-SECRET-KEY-1TFTLRN8GWUF9WYH0FMHEA4JQXWRSD0HK76DWE3GUYNMR96XXXS0S63D885`