From 96edd79011ab0bfd262a178075a31c2e1f8bf4de Mon Sep 17 00:00:00 2001 From: Rafael Poyiadzi Date: Wed, 25 Feb 2026 14:32:00 +0000 Subject: [PATCH] Add UPLOAD_SECRET to staging and production secrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Security hardening PR #209 requires UPLOAD_SECRET (≥32 chars) in HTTP mode for HMAC token signing. Missing secret caused staging pod crash on startup. Co-Authored-By: Claude Opus 4.6 --- everyrow-mcp/deploy/chart/secrets.enc.yaml | 13 +++++++------ everyrow-mcp/deploy/chart/secrets.staging.enc.yaml | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/everyrow-mcp/deploy/chart/secrets.enc.yaml b/everyrow-mcp/deploy/chart/secrets.enc.yaml index 60a0f531..3548dc90 100644 --- a/everyrow-mcp/deploy/chart/secrets.enc.yaml +++ b/everyrow-mcp/deploy/chart/secrets.enc.yaml @@ -1,13 +1,14 @@ secrets: data: - SUPABASE_ANON_KEY: ENC[AES256_GCM,data:wSuv0Y71rXeyUtGZmNyPF6HMjtkTbX1CpRAEJCDECFtEVWJJpTPMuKhTm6ZtsA==,iv:iTDC8+WeA7IXM+tQeKOw0JPrITPQMwx7R97avzMRNe0=,tag:9jFbCzNHePPAHq8v9JS+lw==,type:str] - REDIS_PASSWORD: ENC[AES256_GCM,data:lTHLRIRG/xJKQCGQTlP+d20tjzKob6Q=,iv:1vQ8ph/EnjcDbMZ6HrDg4Dw1rf0Wm75cZrwmJX9IjJQ=,tag:jFQhyhwIF+IR6sZdcWoN6w==,type:str] + SUPABASE_ANON_KEY: ENC[AES256_GCM,data:TPBkC9RX/Tn6pei+Cbd7f+EfejFzp7dLXKkytRgAKxr7CNxQJqx9XO1Bi8TVSg==,iv:1Ie5fD3RFvaiq3KMs04UXZXG+oLju+m0p1sTEHYMms8=,tag:owzx4EVq3+1WL9flFPpLLQ==,type:str] + REDIS_PASSWORD: ENC[AES256_GCM,data:GK64VKLfEhey1jjqlbEiXZwP6KF7fI4=,iv:ODGYQmgAiVbRPDbXQGYYSwo3dtIyrjbz681fma3yoeY=,tag:THQ7mS2FPuUhm2VtVmvB9w==,type:str] + UPLOAD_SECRET: ENC[AES256_GCM,data:4M2OaXCgIJg0cSSFOvdttDVuctzk5aCyMu3Fs9XHRwMfCjeT+Q7XQ3PNtw==,iv:z+lrBssnJWRqGJlKHfgeewlWxog3t6OK6HlT/K0/xAk=,tag:tGpLwPPlSzG+c7AM5ljqsQ==,type:str] sops: gcp_kms: - resource_id: projects/varuna-400921/locations/global/keyRings/sops/cryptoKeys/sops-key - created_at: "2026-02-25T11:10:15Z" - enc: CiQA/cVY+5Lxs66yCcCdlLgZSXUhE54B8/LQToEgYZPmxBNOpkcSSQAXYxKUvmDxFf+w9AAcGnJDzTQgWQDfqyqIIJqfNi0a0U+yw9PcBPWUZfB21/Yo7m8DV3kFC7eLo/Fl74gZIbXLFyi37TYWvno= - lastmodified: "2026-02-25T11:10:15Z" - mac: ENC[AES256_GCM,data:kXGp/yKjulYEy1ks4p5T8nzUWUOSHKufVcUqn6QL06W1+Rt3ijLIOPdn0+MZqyulpxfzoMlcoNo2r0Tjk12Bsi7Ly4S8no6ho0ad3Oow1wVYPoAPQsg7MTpt8ls8Yw5tu/y/xWcS8ipuX7a6KQCiBm6TN296GjU2SIKD7H7v1OE=,iv:Yt1C4sR1dNTxNRHdqP/VkVDawzsqcSE1jpWGkuVtVAY=,tag:v+f0QuW/wgzmBB0ny7DmEQ==,type:str] + created_at: "2026-02-25T14:31:36Z" + enc: CiQA/cVY+5/ZUE7wfKz//4CDl0hFXJjShzUEAK+hemrvyQsuDt0SSQAXYxKUO5enAx362VwnW50rYKtIhUsqG/CeuEk+nakFUZFi2Cd9nKk1Pi1HnmU57BATBQU9HxMxZpDGZRHm3bvJ4Z2Hgflk1TA= + lastmodified: "2026-02-25T14:31:36Z" + mac: ENC[AES256_GCM,data:f/p2PcyeIPImu1/e1AKv9cj6i49Oj0pyon1qZo5mljtV99QmQt5dojw/h4o5LBUzIc+Ql9XvPrn63pAUMZisqHDw8uaoh2FOipNMcJ2Mj3wWT5xK5+uOTuZIwR8h7rOmheT8ITOG1ABQjqHCKhW4sP5hp8OvXEkHBDTFZ0qyGNA=,iv:/t7auUGCC3kk0YH57EGerlqF5gIgBgnmesHyubqtTkU=,tag:RapvhmFrrSE97nzyP90oCA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/everyrow-mcp/deploy/chart/secrets.staging.enc.yaml b/everyrow-mcp/deploy/chart/secrets.staging.enc.yaml index a3567372..814f0972 100644 --- a/everyrow-mcp/deploy/chart/secrets.staging.enc.yaml +++ b/everyrow-mcp/deploy/chart/secrets.staging.enc.yaml @@ -1,13 +1,14 @@ secrets: data: - SUPABASE_ANON_KEY: ENC[AES256_GCM,data:91ALSXpACOcExu9kgigc9NQcC+/HMKu1dAOR7rfdpuIpjgvGQp5v4+FxADYlyw==,iv:XTqbbLdKC5iObcSkXL4bvB0RM6asW9N/cPqqLeJKzkQ=,tag:0S6q5tLY7mS7ytg6hbfD/w==,type:str] - REDIS_PASSWORD: ENC[AES256_GCM,data:Sd3POn+j8f9fHE7s38MF+xbROYI3EU8=,iv:fS356TlleVNZlKlKlwowTQqY4tSmJOw/2jO2sq2CMFE=,tag:yA4C4vPZ393yS+aq7Tp+1w==,type:str] + SUPABASE_ANON_KEY: ENC[AES256_GCM,data:skc5BHQSrn/sUGs43qKGBC3Xt7q8SpF7okSjsp1LAWPs6KWX6FrFwc/4ZfHBnw==,iv:aNqfzE3OuBVWacm1GB4j7Ab/HIiLJcKIqKbFqKrwIk4=,tag:2IhTfxKNSYOi4XPxdpanGQ==,type:str] + REDIS_PASSWORD: ENC[AES256_GCM,data:qXRrKGRLQy3B/j3iPjGTmqc9udK4xX4=,iv:SvLuSttu1mQ1CM8XCYffgE6pUkQBqM++dBy/ySuDzi0=,tag:t8o1HpiabzON+12Io/5Zvw==,type:str] + UPLOAD_SECRET: ENC[AES256_GCM,data:s7OYa9BAkolbsHALh6kDrK+YQHKS/L2y4Uc1NhABP3VTdtXcFrxK/Y8vSQ==,iv:cJYFXMYh8DJHt3PtSfTcGwI+skhsDQIAHFjaNNkz6ho=,tag:BmJYZbJXFEi4fdGuL7T5PQ==,type:str] sops: gcp_kms: - resource_id: projects/varuna-400921/locations/global/keyRings/sops/cryptoKeys/sops-key - created_at: "2026-02-25T11:10:15Z" - enc: CiQA/cVY+4bC5CwWKs0EYtD4Vh98YnXRicWWofDqiY3lryn33eESSQAXYxKU8vjWyssAbPeLpZsYxzqsAtP8W1zwxFoyDwm7hyGRJbW2AI6wgwtKKkQ29GCLwRwcaHefFmemPXu21lKyN4O38zJq2Jo= - lastmodified: "2026-02-25T11:10:15Z" - mac: ENC[AES256_GCM,data:pXawt0+3S52U5ruvsmrmflor7Xy7ODt0kKNi3tK+iawctin/5kmJ9jt64mRB623RAt0eKafcwtL18uPxts4iaB0JyM4q5PZKWWRTmeQh9bXNQSv6JEn4rUe+n7lisRtx7sLPoN+EcClHxk5DRlWIn5m44a/mViMMEvA9ChY6QcY=,iv:5n8QgZI3s4tPVvjkSDlWCvbPuclCfe6Gh5yDT3aggY4=,tag:gqjJu0UAQxrUgCQwjLlWDQ==,type:str] + created_at: "2026-02-25T14:31:32Z" + enc: CiQA/cVY+2v4/9iA/DzfRG//njSu64xt5KfZpXt5WexUxtIncL8SSQAXYxKUD6sidzqKOug/k8F20siI1ggi6132n52QW74hE+UqpajwFg3H18MLj6xKrZ0ffBwPqd1dnZs1P/gIL5BqFRD3Cha31Fc= + lastmodified: "2026-02-25T14:31:33Z" + mac: ENC[AES256_GCM,data:QGdFrbvZ0PxUIerAbo5RNslkfLzzEYEWKjQRQX+0+e3Cqq3ZufLIOo11Ewm20XNfwV+Px4U+Ei8bmi8+AnutdvVUYVOK2QBzGrs5UnQPsWIxn3Ku13TjxxCuT7PD1C8Zch8vE4w6JsL7q/gV46GYyl+IPqhXPMte7xzzYqGbJ1M=,iv:vqdbvO/t4juqdN2qox4M7mTajYOY5ox1rep88qlVPPc=,tag:JSe/gnEaXkuOIRBVKdMRXg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0