From a544860a62ace51f1d643db30fa93fc6e37cb810 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 22 Nov 2025 10:09:17 -0600
Subject: [PATCH] jenkins: Add Generic Webhook trigger token secret

To restrict access to the Generic Webhook trigger operation, we can use
a pre-shared secret token, which must be included in requests.
---
 jenkins/secrets.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/jenkins/secrets.yaml b/jenkins/secrets.yaml
index 78c0969..c3ec476 100644
--- a/jenkins/secrets.yaml
+++ b/jenkins/secrets.yaml
@@ -93,3 +93,21 @@ spec:
         jenkins.io/credentials-type: secretFile
     data:
       filename: signing_key.pem
+
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: webhook-trigger
+  namespace: jenkins
+spec:
+  encryptedData:
+    text: AgA6vfZFOXBx/5bBP1K3GyOq3XQVIVMQ7j48jgJdwm5c4dEKl1HJgoNFiE2NWiX+ALx4ebmGj5FovCajkJ2YIzqNbI+wZeEoH1gIO0WmQcVlEg0zparSTkll/D+eguoPB6YtSr2T+g30FZFnzWQWMetxydWHX/pqx7e/6L3M+50IYfjQ8Vcx/QGe9KAiMHapEdxAEmoxdrrtsKlGo5Bh4JNoFWYf9ZcvTrYmrUtR+PYfZcxTulP0Cn6q3yNG4DC19WK0OXI1lmuZ36aUYJJrvu+rT+SB6JntMMmCLiBkcbhjxA2fTuNcYoAAXqwZjrFjXRBxuww75Wm/v+BqxGkkaJrZdhIv/maqZggLb1sHE9HyulSQ536R8f0FEt0FXX0hn1VuckWLZvDEOpcude8EEJ7DE+/Qya6fdx7ZLtKCefViTj/R8xDPoicbmgToJaZ1qnH3QFkzPXtHhzFFM4rks+i1Nz14A5kg2APiw1QQsOTp/wp2S2LXnU3gR/LQa1uEpM82KrKQfJ4TATp1oip2wemwm+burgv1DGoRBYNYM6huaS6g5u76/Vo0PTrQAEe8uIus9RnZhZ4Wp5NtLUlGM0B5oL2O4ySeBGjpM5w1UGswqjFBcP6MNQPuJEBsKhbqSUR/E1pgH9pm065XJo8SWpWqiYdNsY+s2fhb9SMiQxFStAF0Mm8lvN3hnXdfGjoyufJMcKtodLzC5sPwJHNJLkod2qIA+OY+c/gHplCPhcvPOg==
+  template:
+    metadata:
+      name: webhook-trigger
+      namespace: jenkins
+      annotations:
+        jenkins.io/credentials-description: Generic Webhook Trigger token
+      labels:
+        jenkins.io/credentials-type: secretText