bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso: recheck mas encryption bytes

Browse Source
This commit is contained in:
Brad Stein 2026-01-08 03:44:54 -03:00
parent 8d1284412f
commit d3c3db612d
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -8,7 +8,7 @@ metadata:
apiVersion: batch/v1
kind: Job
metadata:
name: mas-secrets-ensure-11
name: mas-secrets-ensure-12
namespace: sso
spec:
backoffLimit: 0
@ -89,11 +89,10 @@ spec:
args:
- |
set -euo pipefail
current=""
if kubectl -n comms get secret mas-secrets-runtime >/dev/null 2>&1; then
current="$(kubectl -n comms get secret mas-secrets-runtime -o jsonpath='{.data.encryption}' | base64 -d 2>/dev/null || true)"
current_len="$(printf '%s' "${current}" | wc -c | tr -d ' ')"
if [ "${current_len}" = "64" ] && printf '%s' "${current}" | grep -Eq '^[0-9a-fA-F]{64}$'; then
kubectl -n comms get secret mas-secrets-runtime -o jsonpath='{.data.encryption}' | base64 -d 2>/dev/null > /tmp/encryption.current || true
current_len="$(wc -c < /tmp/encryption.current | tr -d ' ')"
if [ "${current_len}" = "64" ] && grep -Eq '^[0-9a-fA-F]{64}$' /tmp/encryption.current; then
exit 0
fi
fi