jenkins: Add credentials to sign, publish RPMs

The *jenkins-repohost* Secret contains an SSH private key Jenkins jobs
can use to publish RPM packages to the Yum repo host on
*files.pyrocufflink.blue*.

The *rpm-gpg-key* and *rpm-gpg-key-passphrase* Secrets contain the GnuPG
private key and its encryption passphrase, respectively, that can be
used to sign RPM packages.  This key is trusted by managed nodes on the
Pyrocufflink network.

jenkins/secrets.yaml

@@ -11,3 +11,65 @@ spec:
       name: imagepull-gitea
       namespace: jenkins-jobs
     type: kubernetes.io/dockerconfigjson
+
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: jenkins-repohost
+  namespace: jenkins
+spec:
+  encryptedData:
+    passphrase: AgCaCrfVKsHun82pG1I4XhdFMh941w/S21wPZV+/Y9S3jAckX7TGLHoRJtUH3BEbHIgnJpUHzx7mtdUsCRIEWW2Ls1rPcdui6dOSSaT6kUYgpQJ05IISQBiTOyIOQvKbdHIQFoShIFkFtk/Lx+Nvo+dDfqFMydvBL3vXNYDvCoOKMx4+9KKH5V/SGbxyHeKno1Wo9b69s9Rv/OCgWlFN848dsbj8CgOSEVpYeDHWsDp8jO2AxnEtuAus7bsuNgPHJOPB6R07AZ/YkvU2M09XOmqtS8qGYfrxP5o9NV5TrtcuNQFhR/nxJ/P0yO+tUApm233/4LJmC9RSKCB7bT3fogtzF1MdE4aGYmcveMXCOatnp4oKXtDTujQ6iQ+0slnh6YP5lCgsc1DS9ZQpIiF3wOslFV7o0r9PyEqq8Ob/6vw2mzJqnFNOkmjz0OdB1Em3a/OcFk1EUrq1TwTTC4uinQDSQh2Wr9jH2smF7UgZdpCigj+/noKF5LInsr4NmY/4TG01hahpPTRIQYNvkP7bMKWVoBaeb5dDnrH1+sWRL7giV3zFDu3qTMCOHiNvxAKcpm7j8h2cM8cSCzwp2GtrI6swoeSCPkDxTxW41vW81ElYC408dGon9idrcOVerkyCppO3tvJlfkdDihhbLOThCd4fBQ6iBRtPqiI2FdNm3X9azAVjGHmkrDBkhndVWHdPnwBj8wLU1a2LdQ6xte4iH8L+prOPRj4Eu/Sf5sNXSiV8ug==
+    privateKey: AgCsHeAKeVUBFW8DdAvDz+1jUMcILqBsdaUZsqQIWnHfoTydZinOvUHOBc4X9JljNo9dfQAXgT+vfyjk7Hcv8eOx+HdcGb2OhhVR4gaeknpSRSTt3WIp/L6bRDnAOO50L0XyZ4aDq2Rp4OI6hyIp0aVJMWyzvknrXD/kkYyUuSSlTCHSbcRex/xUdP5jFPXEE7HeobnAHNac3xLjOpNu/3UxWlNR2tgBAsi/iThcym9fxjx7VoZX51gMO0awcZ5xNtaHmeYaHheLOwmlsPUgv44zWCXMK+dhvbCSZbwk6fiNNAGkresZbG3yFk+8IPKCGjiijEiaElUgby3rgzNlqgwGE/9HoWSbzTtj8CsHdGpPrvPqID+ZGO1ZeABih1TGZYRD5fYxjHoEf8ff1Ye8pif2GktlYwePqzu0U2WQhiRRL/FamiSzFnFr/1uvqHivlD8ugZgo6bBgryORtKytqH9wxGRumsZHR0uFcrLiOqt9GC34wQyYfx5AbQOhcl/UGsFiGrXepq4qNv3oxVHnx5hy17xzc8okrIPOPucotIr/AQQ6kHyQUxVESlVz+Yewvc59jrsQ2UrkC1BeGXyrK178wB3BHjYQXvkOXdQvnLQMLgKhlMRbAK/iQxld5vYCTHO32Vxt+OnqABUxUuobLmog/C8PpwgDUQTq8DH3Gg0gaLY2gDyKNcOC7ewI8TAsBQNWchH0vnkLawAzFZKziPkgvL9+AXYQk1QdLZaKz0SO9tkRZuk763OLBbiLt+mUBgcEFc45ujADMVx+enGOg1lP7l4+ELAGMDGk/n2x/Wznz5FyzeGMss6wqFa0EFKpqBwBKcpdtzBzd3ziMtWEiJwpYPJCJlbKZzH4ACa8itZSRWpRsp0wijTOD/zPGg54P4FnDhPzMkhX0Pb3aumAhCR64IabOwn/jWdYqQXwH6wISi8c0ER54zTWneeR8zn5C0vxkdx6Tc6LmUzGO1E22iyzBjU9MfCQ1ubYV8ikZ1GaKij8eJmXNdT6m32CIvf8VAZPtz8faqDJc1NIRfHEW/sSkB8Ko3vN7PiKMLfpvB3dZ5/3SwFa63PxOkaEAWy/XeT6Ikj7iiaoM7gFwXuSzRH3/e0VEMQJ5GCUC0xkVRSGrf+7fROL63t0Ngo8Nv9jqBzFYSWOvJ/WILrVEISUY+wvDI9FqLcuTk6nC1GY+90Y8HQw4fH4V2YejK6vZ73FHLnDBCH/PcVjVAQS5YSiKKo9agIZR2RBSYDIEA9i0Z0eUKW+iWS050ixpYaLujtIufPJHi/gcY43qWzmn7533HZqYb6frhsk+I/1PTA1/um94w==
+    username: AgBTltlUZCiUhCibw5JiPrZJrzqwkvuJy3VIIYdgtTlUHDQOv+j0Dbiik2C9wL3jnzyHTlyNGzmyMJETxRaL1nn9f1HDz0P0KT3X+cvxaGbEhp82goODpVNhX5UEdDeghKmZjmKlU1asOQzBe7gswB28+ot7wQkSAWe0UWRQE0p9V4hC2g7wTogkkn9ffqkAxMBdBXTgAPdiLnQI61ExX+PLFK2jUxgF7wR5tba6ljAPSpNuYLVjryI574KYi2I6QzTImZi4tNwi8Hd+fRjapAOJMMf34pbRhj922iuHFGewXkJbNxE626mhTeaszbwB+4/Vzn4xN4cfcpw26ujDFEGlWAxzioF5ncS5wEWkdRCdkxPdmdt77rxiPAaBtwitFR8CcH+uH7jnAm9shOAsGbQ2d7YzcDu7WzInNE4dxgU85Hpz67V7b/tNozgcr9+bpjcil4+3Eancs8W6NABocECEwzE38hpi8p6zdHSXUmpD2j6akh88bxAkFPGHsKNYfVbYRDxCT2Pba+zKZ99vdtd7cgkUZiNNMH6RWUQQGqW2d69xAL4tL+qjmCurT3EdZFqQ8HBCCpSuWv/xP3OYhwrcOIPvQSFymjm009IITv2q96YXxpYa9FVaaQxkbI0Gge2NHbf1TeQGDIm7Tfq6TgkSlY6BoyVi1I6rpfwpmY1U1NA6um7LwdbbuqbRj+aMqP2tfpH9M3/Q
+  template:
+    metadata:
+      name: jenkins-repohost
+      namespace: jenkins
+      labels:
+        jenkins.io/credentials-type: basicSSHUserPrivateKey
+      annotations:
+        jenkins.io/credentials-description: SSH key for RPM repository publishing
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: rpm-gpg-key
+  namespace: jenkins
+spec:
+  encryptedData:
+    data: AgCnFS2OOuwNy99alS+ylNL0Wa4+/Zmhaj2K360uRz9Q/BWeHt/Lk5HVY9K2aQIqhTcXVAjJLNigcgVBCihzktxUV7bmbCxPhWKElsMp/QlPnvb//dbQgMAbiBXLQ43YE8p5OoGBSJCrQCEJ+BiRLHrNDf/Q1H9A68LvWYFwuG0F9kPM8I+ElCRiqg8gpk71/lEPIxQqZyQojrUbb2FsfsIJy8yu4vEaV0mEXdAln6advqR5na9EUH76trPF5PKmtuRZ4MKl7hhDSbCEE4eL6Yf+xrFcvIn4uS+fdjJZIf5VJnaauU3ED1kzY159OogbAXK10AD/03eyXPl3rp/Z8Q3FmifuOxucKmu5mkDwENey+x4qUgdpdKsXAHYw5Q6+8LA/z1pWHNfeAy6jU4c4s+V7dltvGKUS0ePjfGl6cxwZlLak6/MpoymufWwz5nmsP/kVHxecfCbBcB8ze+8TFmgidwm7IWiC2j0uuLOLr5yVhkK6fFchqKpXXfa6kxKyoNH6iM9h9ZZEiWyGK3D86/cyNwARI5aUskAg5Pf6q8DV2oo+Okh+72gEmOere7D/otUukg0NBIC2uh3iq7k/ZH7bq0gxzLK1ZML7dxGEShFoFryUIFN/B4zfbtgSoHWC0Bb0R+nguIojhtuaoLYLBFNtRyGKk39Fe/eG8yZEQgjNm9J8IeQ2ZpC21E5NCyOsD713JfSM25L3W76mp7hrM0l+HIsRzL/5PbNkjEfdye5wCyJRRe6r/mdH2Wsqire0HnlJIh0wLJzmjBVa7aB0DT1z3ocFHlhNTB+Glrs2ziAnT8JuFpaLSSfw6P87VaYtiS2pCC93/xgztYiYDutkxEYYPtN4MXhXFrJqemNNrJiGztsX0SdAmbRecEKrPC4UonNfA5QuCd8TeSY9Z908rg5LW/MaO8l0IIIt4lU9t9MVSdMVcQvKYg8FjMI5kl58BX/A2ve1PpK5oql1Fr+irM9lxVJIXF8sdbvLQLlC6BFujNl2qzmZQXYexpw/xEDZ0RemASMYBKR0EiOat9FN/dnEYK4bLZfmfZ0neaazSrhdlk54ng4DEcHItzmUcdqYCjfKxJ49grtIdoDeJK19KB95+cDgC67ByCPG4HppYmdfs1ZCBb1YrNgXFIv9NpqtRx0bHR/3qW93VxfnnyVqoK5sFRhixjqDEslsSFWE2aHgT3WkmIB7cl6576EZlySZPKqeCNQujTPnBDtJEaPoueJaaZjXYPBOv43nftaNGSUCVMwb/0nSQ6uqyTxUY1Xm8MqbsheMev3YdnIE7uZirhjH0OIJLaWruzsApx5zLXwEdAediashkHx3Vq3/0K3hv4vIgBYFgCQtJdaDE9w0JYOHcdKuWBtbu8+ZovdhSZ/ER1ui9QM=
+    filename: AgBv/bk6KU7L6f1EDSlUZ6cx3xhwSMW0JFCaVIliCAzVYQG9GuzAR60POJ4+ODKxrPU1IRoBnlgCBCcN8MErmn3JF1VsdgCU9LBKpMVRnP6cwuNL+AGZJu/V15J6+IcBUtYvBw2Xf14Z0IEs6iKxzJqJP5zs1f0/ItHZ0+efSSVFhQTf6+wGoo4c0EnNJZiRj7cDm/uLr0uFLOV3FjtPLZ57t1a2XpX5q5cR1akNZfiSsfkWODtbhhM66D5iw1OzgZgXYpSGPs+hjGO1qeAyFiPthmwPZzh5PKAc9ftAlxCNrfQz1vCuqtR4HvRiNMwLnsGNibY2ntJWJ2fztY42NnT1gosY8Au6gf4dL6wwGDFVmRT/Mj8x2BfctPZ1YlRjqIPJJN46abMytRxyUp72fFrkkGEgh6Dbywpyt8KKFA2H6+3jG4n3/DmSd5s9b+Q4niMw8B7RxC1vloT6snbNDEvnUnWEXahbhKDWiiCieyf0JxOAN4irtMlGuAC43UtREfgfI1/tLXtNyBsMvJeicdVDYAlknhPFPsSAZA1cOW4lVzhLaJxnvU29fV20tXZYO1sNU2/SvMpQiFT5V7bLXMkoaEiRKPLuz8VUjpgsqPjPQDGWmM5GHx2qGiIclcGpxI3/oX0X+1KD/rYAHwh6F/Pb8cQbn8Mu6qqzXZ30kZrWi3Vh9DC6mKkZevZOJ+PobdG0sZEYnyuIaTQ5IA==
+  template:
+    metadata:
+      annotations:
+        jenkins.io/credentials-description: GnuPG key for signing internal RPM packages
+      creationTimestamp: null
+      labels:
+        jenkins.io/credentials-type: secretFile
+      name: rpm-gpg-key
+      namespace: jenkins
+    type: Opaque
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: rpm-gpg-key-passphrase
+  namespace: jenkins
+spec:
+  encryptedData:
+    data: AgCcs3UOeJfZZZHH1ss9yltNRJj/nf+NioAXlWFawKzb78eeiR7b6ZDv606L5rj0bzh0/vuumh3nZd1xjOeyV53nW0iyJOULMQR8VyyF0uXQDBQOPkjwpTY/HRcEnydK+2cwOlNk9R2aLK5tEmodEgA1JUKICtN3/PA0HGL/u2w2es95rsJtRF71+smWV7rzdlOA/JD5TgF7B6GcoSL4clEJRK3cEe8JTWMgnlMKvi0ToveOSN34B3NEQXtCyDWWhti2965fN6jZ59SPRKI5ZM7ITB1EKBcn+FTS+eUaVHcy+e5AolADrz3O/fgYT340YXjT8NXWz8otUkeXCKieZstZan2T0z2IFtaVGkbROwzEgirlhO2cJXTWyYipGU+wRhyHAUaTdNxrveOBzozqEq2MBmKLuXjE+ExC7lBnGfQv0KmsFcgNqSRbSdsP5xoQE9bcNHXrtLWTHYWoZZPpw0qv/Qna5WgeZMXJaFoHUxwajTmAI+W8SKbJchUDAZUgDE1i4aECmQtttph7qwiVw5UrUq7wKJMzTd5xG2wge+ber0nOd8j8b4x00jAY0Df6Bx6DnG8Zn2zgRQbulkOh++EO4H58hlJqJBjqBAG16cEyLxvKdgFr5ZFpFLi4Svi5Qhu6h7Tlv0P/ZEFrO4XK4Mbi40jnroB5hQ9vJImCCSOWfKPrFqCMk/M0kD7ZE3NGY+5mtdOH55F3YOBUzbvK0mTRkt5TYzkl+pmdnfQZPAQ0pg==
+    filename: AgCUuVL+pSrN7zBL87FpwDRUHzAhbFxWDOKXd6fVz2mRVS3hLBVgfCJEeBTqiHEWvz6p2lLsjzjd0BxOCgpXMZlRHvPbYutgm/HuMgUjmHh6frXt/sU561Mmr3tigq5gQ6oh7Y4I5k/p4utbn7KMxwo5QVNS5wNnARlGJyzD9ux3JuIyknYdmDGLeDfDNLsQQd+lWehqQF73hak8ONnEGjReDmAYz6S8oPHPa9Jv9zsCFLcd3u9nCSI282P4eKgL8eEUO2pU4/WPllcfBdBEis7I93lACyZIVwuSyuG0pA/Bu255s2V3iwG1JbvkAtK64OBRzFfHQi/m1GmcBawe0GZEEyh+YT752FVCvl/MxpwGlsQYjO+qydt56Wu7lyM0Y4HE5BSDb1wiVqp/BY7X0RZdjq11vysoP8DiF6PFTP93MhWisMbb4o5qLLR4nnPaXWjH5W6qJifEhNs4ji9UbplEugiQKH0llb2DWQFGAVqVCLabpcktMORBgipcz8HfhArql1cZdHhqscrRLaB2sjS9t2XmEJitVwha0mWi/ks5HWRg5TmxMH6at/iqtQcfLcCBlJtDSPnHDkpLZLO+kqALJ7WOSRzQM3cN5cFj2+sQ5Agzqh7ISkzerHbliSJmObFrUR4RPXvIPT0eVq0/i49b4i8MXKHSd74gXUeHySZ3xbzrCHqbhOAU6nCkYgP0CdtBGFZChiTRytiQ
+  template:
+    metadata:
+      annotations:
+        jenkins.io/credentials-description: RPM-GPG private key passphrase
+      creationTimestamp: null
+      labels:
+        jenkins.io/credentials-type: secretFile
+      name: rpm-gpg-key-passphrase
+      namespace: jenkins
+    type: Opaque