forgejo_admin/pal-e-platform
1
0
Fork 1
Code Issues 33 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: add secrets.auto.tfvars.example and audit secrets_registry #235

Merged
forgejo_admin merged 1 commit from 232-tfvars-example into main 2026-03-28 20:02:00 +00:00
Conversation 1 Commits 1 Files changed 2 +41
forgejo_admin commented 2026-03-28 19:55:21 +00:00
Owner
Copy link

Summary

Adds a committed example tfvars file listing all 17 secret variables with CHANGEME placeholders. Adds audit date to secrets_registry.sls confirming no actual secrets are present.

Changes

  • terraform/secrets.auto.tfvars.example — new file with all secret variables from Makefile TF_SECRET_VARS, grouped by service, with validation hints (min lengths, exact lengths)
  • salt/pillar/secrets_registry.sls — added "Audited 2026-03-28" comment confirming no secret values present

Test Plan

  • Verify .gitignore line 8 has !*.tfvars.example (already present)
  • Verify tofu plan -lock=false does not auto-load the .example file
  • Verify all 17 TF_SECRET_VARS from Makefile are represented in the example file
  • Verify secrets_registry.sls audit comment is present

Related

  • Forgejo issue: #232

🤖 Generated with Claude Code

## Summary Adds a committed example tfvars file listing all 17 secret variables with CHANGEME placeholders. Adds audit date to secrets_registry.sls confirming no actual secrets are present. ## Changes - `terraform/secrets.auto.tfvars.example` — new file with all secret variables from Makefile TF_SECRET_VARS, grouped by service, with validation hints (min lengths, exact lengths) - `salt/pillar/secrets_registry.sls` — added "Audited 2026-03-28" comment confirming no secret values present ## Test Plan - [ ] Verify `.gitignore` line 8 has `!*.tfvars.example` (already present) - [ ] Verify `tofu plan -lock=false` does not auto-load the `.example` file - [ ] Verify all 17 TF_SECRET_VARS from Makefile are represented in the example file - [ ] Verify secrets_registry.sls audit comment is present ## Related - Forgejo issue: #232 🤖 Generated with [Claude Code](https://claude.com/claude-code)
fix: Keycloak theme QA nits — palette, border, rem units, cache docs
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
ci/woodpecker/pull_request_closed/woodpecker Pipeline was successful
Details
db365db04e 
Address 4 polish items from PR #130 QA review:
- Replace off-palette #1a1a1a hover with #262626 (--color-gray-800)
- Remove redundant border-color that made all sides red (intent: top only)
- Convert 29px magic number to 1.8125rem
- Document dev-only cache flags with TODO(production)

Closes #131

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: add secrets.auto.tfvars.example and audit secrets_registry
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
8b36b59a28 
Provides placeholder tfvars file showing all required secret variables.
Confirms secrets_registry.sls contains no actual secret values (audited).

Closes #232

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin force-pushed 232-tfvars-example from 8b36b59a28
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
to f44ef490e2
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
ci/woodpecker/pull_request_closed/woodpecker Pipeline was successful
Details
2026-03-28 19:56:14 +00:00 Compare
forgejo_admin commented 2026-03-28 19:57:15 +00:00
Author
Owner
Copy link

QA Review

VERDICT: APPROVED

Checks performed

  • .gitignore line 8 has !*.tfvars.example — confirmed
  • All 17 TF_SECRET_VARS from Makefile present in example file — exact match, no missing, no extra
  • .example suffix prevents tofu auto-load — *.auto.tfvars is what tofu reads, .example is inert
  • secrets_registry.sls audit comment present on line 4
  • No actual secret values in either file — only CHANGEME placeholders
  • Validation hints (min lengths, exact lengths) match variables.tf constraints
  • Branch rebased cleanly onto main — single commit, no stale changes from other branches

Notes

  • Initial push included a stale keycloak commit from the source branch. Rebased to isolate only the tfvars work. PR diff now contains exactly 2 files, 41 additions.
  • Variable grouping by service (Tailscale, Grafana, Forgejo, Woodpecker, Harbor, MinIO, Keycloak, pal-e-docs, Telegram) matches the logical sections in variables.tf.
## QA Review **VERDICT: APPROVED** ### Checks performed - [x] `.gitignore` line 8 has `!*.tfvars.example` — confirmed - [x] All 17 `TF_SECRET_VARS` from Makefile present in example file — exact match, no missing, no extra - [x] `.example` suffix prevents tofu auto-load — `*.auto.tfvars` is what tofu reads, `.example` is inert - [x] `secrets_registry.sls` audit comment present on line 4 - [x] No actual secret values in either file — only `CHANGEME` placeholders - [x] Validation hints (min lengths, exact lengths) match `variables.tf` constraints - [x] Branch rebased cleanly onto main — single commit, no stale changes from other branches ### Notes - Initial push included a stale keycloak commit from the source branch. Rebased to isolate only the tfvars work. PR diff now contains exactly 2 files, 41 additions. - Variable grouping by service (Tailscale, Grafana, Forgejo, Woodpecker, Harbor, MinIO, Keycloak, pal-e-docs, Telegram) matches the logical sections in `variables.tf`.
forgejo_admin deleted branch 232-tfvars-example 2026-03-28 20:02:00 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform!235
No description provided.