Security: Remove exposed Collabora password from docs, rotate credential
Security fixes: - Remove hardcoded Collabora password from COLLABORA_SETUP.md - Replace with placeholder and password generation instructions - Rotate exposed Collabora password in test.sops.yaml - New password: NX3NEpOMogUOcADjB0B2y1QGuRTSeDUn (SOPS encrypted) The old password was exposed in documentation and needs to be rotated on the test server. Future deployments will use the new password from the encrypted secrets file. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Pieter
parent
c7eeaad6df
commit
282e248605
2 changed files with 33 additions and 28 deletions
|
|
@ -13,7 +13,12 @@ sops secrets/clients/test.sops.yaml
|
||||||
Then add this line:
|
Then add this line:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
collabora_admin_password: 7ju5h70L47xJMCoADgKiZIhSak4cwq0B
|
collabora_admin_password: <generate-strong-password-here>
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace `<generate-strong-password-here>` with a strong password generated using:
|
||||||
|
```bash
|
||||||
|
openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
|
||||||
```
|
```
|
||||||
|
|
||||||
Save and exit. SOPS will automatically re-encrypt the file.
|
Save and exit. SOPS will automatically re-encrypt the file.
|
||||||
|
|
|
||||||
|
|
@ -1,35 +1,35 @@
|
||||||
#ENC[AES256_GCM,data:Q/lwFVpvUfeCy/Twc7nl6wEP5lBBmyJbGg==,iv:EubkKfxpGJCyA0uCdNNIBySH/v+Tscm1bc4QgnUTgOo=,tag:xoM+wlOeXwGxoDOJLXqGgQ==,type:comment]
|
#ENC[AES256_GCM,data:fxhCWwDUr5EYw+nAVvL/x0H9/ucDwMOGFg==,iv:junDUUMdayNcNKl6uZNvlTTQtq9Qb4usiXvS0lYgBWY=,tag:sgd3N0R9UsATkSFDY3U8tw==,type:comment]
|
||||||
#ENC[AES256_GCM,data:ZQksQwwtue7VMvBQfRNqZ514FA==,iv:HQVgRUsr/5AOiUExT7iiJHrJu/+7d2l57z6/igU4+wY=,tag:7QXlOcq0WHAB6hFs+QTNCA==,type:comment]
|
#ENC[AES256_GCM,data:hcSTpiyfYyZiWj5nIyM+ZVeZEg==,iv:IxFr2Fcn4uZJxhHx5H/RWGI/qNF2pTX6qNxo7dDnrSg=,tag:Dbk/tpmhWeOQpEu+7g/+1Q==,type:comment]
|
||||||
client_name: ENC[AES256_GCM,data:/BZHmg==,iv:7IeV5Bzd6qehSKJ6iSj/pIHGslnlN0gGeUqkh/beeFQ=,tag:Ofp66KO31ZxISJFk7txA2g==,type:str]
|
client_name: ENC[AES256_GCM,data:ZlO5Tg==,iv:0qU3rqQzfBd5gqnVqECW/5HsYlf7fMYB3hCxqShmVbw=,tag:DzBhLpBPSXmrgKcS2rMB7g==,type:str]
|
||||||
client_domain: ENC[AES256_GCM,data:WN2B4DLb6XC2LJcEeEDyVg==,iv:gndlLsWmeYr4/ZEljIiyPgimWXevAqT4Q1wzqzDBcQY=,tag:OxSsvoENyySHUblcZ5ausA==,type:str]
|
client_domain: ENC[AES256_GCM,data:ss7S4v5dshscOhSofzFWDQ==,iv:CsA+WGJjMfrka/0NhkiOb8S4l7LxmpyX4D4RudmVKaY=,tag:VUnQ2THSqP3dsREDX7nibQ==,type:str]
|
||||||
#ENC[AES256_GCM,data:NDw1kEUxoZEQCD9gVfgf,iv:kUrwP1Dh5MDYKAAo10HFvfmVePg9uK6I9YoiYois0yk=,tag:1eaWPq/oY/+pBEvmSud8Hw==,type:comment]
|
#ENC[AES256_GCM,data:nyoZwpLgHh1c0K9bjB4F,iv:0mNTGknTy4lX3OC0QuBS517VSQW2BNfHmIHV+gZUBbs=,tag:iAW6rpwI6jcZIA+pT8ioLg==,type:comment]
|
||||||
zitadel_domain: ENC[AES256_GCM,data:hUxZDJsH5JkxvavBQoF/TcbuInr1qYtY,iv:goM1upJHZwTzONxbsRN84215kVVG1xJ6rlj70uxx6SI=,tag:P7DP/hLoQxg5R39RTVTNPA==,type:str]
|
zitadel_domain: ENC[AES256_GCM,data:ftxxjcaPYXG/ZvNxEjwSBxK+zpCsVBhA,iv:mCA93Qbn8OnyaZNVBxkDWAEwyxnM33fM9xf5TXmYifQ=,tag:Wb1OLdwi+pcMv3ic2eZS0A==,type:str]
|
||||||
#ENC[AES256_GCM,data:gYi2rwO342Skgc3rw3qdnA==,iv:wmxhtS7P8w+axjrditt9ScU5tkNAemzjRcMeNGE+T/4=,tag:oT6IlVD4ToSxcjo5DRc3qg==,type:comment]
|
#ENC[AES256_GCM,data:qWUq73IYbHXkE1ce8yNXXw==,iv:4CoJpkQ+NRNVJexDg7rm5xlU7EDI3gDHYmvVAYl14wk=,tag:yvw55ouDZMCzJq8y7qyz7A==,type:comment]
|
||||||
zitadel_db_password: ENC[AES256_GCM,data:lAoTeeUjECcnrxHlc00RNsN3cvNumwOVEe9brYTeDa4=,iv:BKlYFA+33acfO2D6I6oFgo6nm58xfdXNQl3pFLufEj4=,tag:/Ep8jCJX+U4/2B1dFbQ4Ug==,type:str]
|
zitadel_db_password: ENC[AES256_GCM,data:YMsK52Xneg6NeEBVvd3t4zp2dn9dPWd6TKMZC7mSPCc=,iv:Ux4jA1ojRnNhDJzAYpydtVhSaccQ5Afw4AuFI2s9HkU=,tag:t1hPDbS2KsbS8I92Ai+9YA==,type:str]
|
||||||
zitadel_admin_password: ENC[AES256_GCM,data:dYA8bDob6lhQ5IOqlLoAic+1d9UNVQ==,iv:wQeFeIKvpL4wE2MTX66TxZCnDz7Dv17pCfPds672tXk=,tag:tPq1wZ9QTndZt+RJJyNnNA==,type:str]
|
zitadel_admin_password: ENC[AES256_GCM,data:F8eA/DKng+piFvsjDcAQ7xPM5VN1rw==,iv:/6PId6O4ftpKHX3CfmX/dMZ+7KehoyfEnKhuU0XHeq0=,tag:xEsWAYNGSY6NWA5v9ubxGw==,type:str]
|
||||||
zitadel_masterkey: ENC[AES256_GCM,data:7MVT2DYa2s+7pu/4Lm8/OpKgSSINCR4TIZpO1LP83TE=,iv:dMi30pF1kMkMETk6onwpkayOl9rSf0BrOpdiq5MlNKg=,tag:/VNcnA7VLDZrivjeqddaqw==,type:str]
|
zitadel_masterkey: ENC[AES256_GCM,data:8j/TfElTNn4uT8BXA7tp7pSsqh/5MO5D2xmc5eTcwDY=,iv:klzqQ0ByWDybUQxZJLt2zR/wSILi9PlcbjkDBm93epU=,tag:VPfZ9W4Hpe4o8b0Gf8KDTw==,type:str]
|
||||||
#ENC[AES256_GCM,data:kFHCHc0KIjOP1EAfOUpVwrpH,iv:jCGrBXZFjuSwCqwUcXDZDq6OWabVovu7iWotzBVHdlE=,tag:tG1ys487AJ2pVo2urBbWCA==,type:comment]
|
#ENC[AES256_GCM,data:3EkIPZ5DRcIdlaPVxb8tMe7f,iv:TtdB2gYgmXksIp7JFmMIjXxgqg8B8E3nGdSPzl6T5NQ=,tag:wdHRZL1Cf7jP08Xcyrw6tQ==,type:comment]
|
||||||
nextcloud_db_password: ENC[AES256_GCM,data:v1ayX7Ne+z3nd0pipZMrfwMbrtRh4Ngx/PAtUvHD+0g=,iv:0fFfBgn1WsAnsVJdXNP3+c6UOQLNTMrjsMjHKfNq0BQ=,tag:g0Kw16J7e0I+6fKOXphkug==,type:str]
|
nextcloud_db_password: ENC[AES256_GCM,data:9LGHQ1cxgCwEn4477xuC13zy74tC3acKQShXCfQIus0=,iv:E6Lw9iR+QGzFKOiYEnXOyM3KPe/Zj/eyR67tE+ymyUI=,tag:q2IdpWCDYRMoO1S0XUmYrg==,type:str]
|
||||||
nextcloud_admin_password: ENC[AES256_GCM,data:fyWDQ3758/WMQ0+DXJCOFHp1,iv:99ESBFw2araULr5Hv1YQh0N7pCosW3Dykc3/Zmoqsmg=,tag:hHi2GVmR7OkzHirMBhOqIw==,type:str]
|
nextcloud_admin_password: ENC[AES256_GCM,data:aZ73IIqVH96LXZ80O7jI/Eh2,iv:C/6jiRLj94Fv4J9p3/D2+Yqmgg+0WLUYO4wz0V88yWM=,tag:oOM2NxeZnRBdinSp2ZhoNQ==,type:str]
|
||||||
#ENC[AES256_GCM,data:bAhTUt5rTkJZPIZOBR3RZHjR5ZiCpfEoYA==,iv:OExqVSgygSz6mT2j2XgClfWvGAtvsErn7xdPapgBbQM=,tag:rMNOMX251kPthXdfVcBUSQ==,type:comment]
|
#ENC[AES256_GCM,data:PZuMRsvBARDlm/ey6yj1JlI41Q8ALvrpmA==,iv:8Ty/lTFWNcFm/HzpuVhAjPNRpvHvE6clYgq80vD79T4=,tag:d6XKL3cis9tAEyAFR+0vaQ==,type:comment]
|
||||||
collabora_admin_password: ENC[AES256_GCM,data:rXziO/BtEO+KiIbjL4Uf6tXGn49UpPeZUZmU82M6xlE=,iv:7InVwwGhQMNnxqEKOTOyrCpEd3EKTp2hhtHvMbeFhX0=,tag:8RbMGiLzmbAgtRX+koZwPQ==,type:str]
|
collabora_admin_password: ENC[AES256_GCM,data:hWzcxRSwXw+X4O5rBoJ1pOA+yFQAwsk0VFzHKgwQoIM=,iv:vzL/Jtg/k3v+Na5HlFeCLWk9MknTY6qKmeVB2jBZoII=,tag:kRvj0zyOLSzd+YO5jRctHg==,type:str]
|
||||||
#ENC[AES256_GCM,data:Ed+p3wfimk5aNASY8RJyzm5ubz+cTGvgZVYsqaWphnGxaA==,iv:40wig39NTxwrWrY+Ubl2xMoGNqSwRJjIRNKC1Zcwgh8=,tag:PEkGrwmZE4G3YGpP4uPWiA==,type:comment]
|
#ENC[AES256_GCM,data:H6EGdY8D4snkPL0qls71uHBDbPDgvKJneYiy+uyvVazRyg==,iv:TYmoqO+vn8Mri4N+ghgaKAnQi6DB65vBNZBYt59e2iM=,tag:OP3m+FP1092Np606hrj+ow==,type:comment]
|
||||||
restic_repo_password: ENC[AES256_GCM,data:0iWgE7yTYutp/Rrcvw+2gVe0AFXXK5og0dHoreOVSqo=,iv:NGQd52wjQ7NRGmCi/Gc+lYIBsbcnVp66iX0kGMYIlBE=,tag:sCuk9uwo7uL6zXGJHvWWAA==,type:str]
|
restic_repo_password: ENC[AES256_GCM,data:OoT2lrkaz2EXk7BsTJnLUpiGbKoe3ZqsC+PDks8kM0s=,iv:rpViNgtwRyDmh+Ai2CsG5Hyjl+rkIcRBNbb6RCZ64Hs=,tag:ipNiGjoEE9JXZbGWPlBNCQ==,type:str]
|
||||||
#ENC[AES256_GCM,data:HmRr7Fi3uwWAXMtaVP57xnY6kTOe5WYvm+l5Km55LQ6LS5+k5NEe5rKZsGs89d/8zmTUrewGv6vZt+GkgEI7FHlLnw8=,iv:RDveuIjydLzooFMWyevRkb3wYNBz/mghzGY3UlN8sKI=,tag:rX+TE5RZKm2PfDRrkAZtrg==,type:comment]
|
#ENC[AES256_GCM,data:W31o3A0cq6hRY1ZKNBiC2KOdJOgst9jyALRNIWO8Dxmv0yaACdTWhwbNiK2WfYC++64rCSPxEwZ6Eit80VKyHLTAqjc=,iv:JPnMUXXbUYjNsz+Zig23j7LGOdiPPDigJUAA9YByP9w=,tag:BCfqqhAevngLYYIB3Ww8YA==,type:comment]
|
||||||
#ENC[AES256_GCM,data:1mUo/CRABlbhnxNdh90wB+wxij50vo7cI5YH9wU=,iv:gDEaqcp8WTYyMg8orJv4bmyCDvp9N7PVmCJ2l60FN3Q=,tag:k5w7ozwpBkn+h1izH+aoLw==,type:comment]
|
#ENC[AES256_GCM,data:t4OT5lJ7WbN0iuGRybhhT4cnFC6oHguKrUF9Pu8=,iv:TvIwFbwq9qVhMRAzKIm/m83lh4Cy0NzKxSV2UU+wOus=,tag:I8aywh+O3qDxlh/0o4DNKg==,type:comment]
|
||||||
#ENC[AES256_GCM,data:M0JfwHFJjO+ATbMbmTQZXRDwFniitZzGxT1AoVJRprbC,iv:ROCde6FpjcpWN24h8t/LTtewq79Aj1I+TCFg4cgYMNw=,tag:jViSz2fkui1Fkqf8mIttOQ==,type:comment]
|
#ENC[AES256_GCM,data:gk+cv5mp0Q6Ddl/0ktTSXmO7ASTpXxclsGxYwCp/z6NL,iv:2XzWvk69TeNwYCgFLSaYGPIxKXytiqIFTRk+1BDsyXQ=,tag:lB/q8hNEhoDUrV9ryhWkcg==,type:comment]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlSStxVFdTTjBzSEcvMDlx
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WDYxbVorQ0tkditJeUpU
|
||||||
azRmeXR3SmRkbUthWGlRMEJ2S1plV2tocHd3CjRPZlhQSjd0Tk9ZUkFxL2VsTlBR
|
dGlWSFVNU1hDK0pFcVJJN3o5eEZKMFErc0N3CnQxM0xFdmlRemJOOUczOGFLYlZD
|
||||||
SlVzbnhhZ09OKy9Ma1hOSmx3TjhHRDgKLS0tIEwxQ2tobGMwOFIzSGtEbks2ekk1
|
NWhEWVZGei8zQ2tZL3RKSnFkS3ZaWGsKLS0tIDdVd3NES1A4TjJId0c1WnZnQVJS
|
||||||
VXU5QXpETm53Y2h4eWJWR21GSUZ4UDgKjQLyBMw+Bngyw81/L42HZE8OwC0f32QR
|
Wm14RGp2c2VlTmRZWUZkeFZCQVBFREkKKNnLI8C8KSZKu4bSFAOXbqpr3DtLTscD
|
||||||
/rA/hasFyz+tnX5cbxzgajSswzuhZXLLfZb9s0g0MzGo71SZ53gXPw==
|
0i6jil/AlzEatD17Y3YxB021jDoMVECgCHmVfei1PM1O18gINglcHQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2026-01-06T09:45:43Z"
|
lastmodified: "2026-01-06T09:53:24Z"
|
||||||
mac: ENC[AES256_GCM,data:5hbnT8BUc0zOPnTCEudbXKAEgaoaj6TX464HM7bwmkfQ9Wm9Xp5F4YahEw4ZDNsBQ8/IYUhAbtne7JhRdzhxb9RaXZqnyv0D5Hvpx77OOVvVWogmGG+Sf6oL84KQW/3EYArXND9LRzaHLd6lUlyEKfmySWeQNxHhW1M0yxEm0nU=,iv:tdO17Gwn5r9D4lG51Tww2lHla24gT1nUerXa2yHLSG8=,tag:AKf50aaT/14m5pj6bI8eCg==,type:str]
|
mac: ENC[AES256_GCM,data:nvR6b3yUgmL3Kl6iUP2/DvRdL6V5mW5Rne87+cXaP3w7uFn9fKrMnLon/HsT/A4CZZuLEXhQy4GW56m2QfbaFg/M3CWRdGOBBJtlJZ0P/1mDyisTkgLxAemH1UuRo+cCY7WOZLA2Rqp8+ozUMwN+lciCOwvMB9T8tZXE5WCh5g8=,iv:Vgu+ajEldRRVyAYXqGq1x5fMcPgFBteMOCNFX1HeePE=,tag:81dJoCtMM0Tzk4mmzcOxbw==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.11.0
|
version: 3.11.0
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue