Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity
Files
193b1aa28b7b249ec00fbac3e59d4fd74a060a9f
launchpad/cluster-resources/SETUP-MCP10X-SSH.md
Danijel Simeunovic 193b1aa28b credentials
2026-03-10 10:59:36 +01:00

2.2 KiB
Raw Blame History

Setup SSH Deploy Key for mcp10x Repository

1. Add Public Key to GitHub

Add this SSH public key as a Deploy Key to the private repository:

Repository: https://github.com/fortedigital/10x

Public Key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0xw8XnpnrIUeRbAzqMUSWXtR+5JoSaXDP/NwzZlEj3 argocd-mcp10x

Steps:

  1. Go to: https://github.com/fortedigital/10x/settings/keys
  2. Click "Add deploy key"
  3. Title: ArgoCD - mcp10x
  4. Key: Paste the public key above
  5. Important: Leave "Allow write access" unchecked (read-only)
  6. Click "Add key"

2. Seal the Secret (if using Sealed Secrets)

If you want to store the secret encrypted in Git (recommended), seal it:

# Install kubeseal if not already installed
# For Windows: choco install kubeseal
# For Linux/Mac: brew install kubeseal

# Seal the secret
kubeseal --format=yaml \
  < cluster-resources/mcp10x-repo-credentials.yaml \
  > cluster-resources/mcp10x-repo-credentials-sealed.yaml

# Remove the plaintext secret
rm cluster-resources/mcp10x-repo-credentials.yaml

# Commit the sealed secret
git add cluster-resources/mcp10x-repo-credentials-sealed.yaml

3. Apply the Configuration (if NOT using Sealed Secrets)

If you're not using sealed secrets, you can apply the plain secret directly:

kubectl apply -f cluster-resources/mcp10x-repo-credentials.yaml

Note: Don't commit the plaintext secret to Git!

4. Update and Sync the Application

The apps/mcp10x.yaml has been updated to use SSH URL. ArgoCD will automatically:

  • Detect the repository credentials
  • Use the SSH key to authenticate
  • Clone the private repository

5. Verify

Check that ArgoCD can access the repository:

# Check if the secret exists
kubectl get secret mcp10x-repo-creds -n argocd

# Check ArgoCD application status
kubectl get application mcp10x -n argocd

# Check application details
kubectl describe application mcp10x -n argocd

Security Notes

  • SSH key is scoped to single repository
  • Read-only access (no write permission)
  • Independent of user accounts
  • Can be rotated without admin approval
  • ⚠️ Never commit plaintext secrets to Git - use Sealed Secrets or external secret management
Reference in New Issue View Git Blame Copy Permalink