From e42d415bca82f5002e4b54c4fd9562858677d301 Mon Sep 17 00:00:00 2001
From: ATM Platform <platform@athleticmap.local>
Date: Tue, 16 Jun 2026 15:05:33 +0000
Subject: [PATCH] sec(piloto): secrets via SealedSecrets (GitOps)

---
 tenants/piloto/05-sealed-db-credentials.yaml | 15 +++++++++++++++
 tenants/piloto/06-sealed-keycloak-admin.yaml | 15 +++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 tenants/piloto/05-sealed-db-credentials.yaml
 create mode 100644 tenants/piloto/06-sealed-keycloak-admin.yaml

diff --git a/tenants/piloto/05-sealed-db-credentials.yaml b/tenants/piloto/05-sealed-db-credentials.yaml
new file mode 100644
index 0000000..76f1f68
--- /dev/null
+++ b/tenants/piloto/05-sealed-db-credentials.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: db-credentials
+  namespace: piloto-prod
+spec:
+  encryptedData:
+    password: AgBAkBVD8vxWgD76C6KLt5zlV5VVn51j265WQZp1S2jYV2B+DH3w5eYu91Fb6QygGDZtb9/bxC9CqkujjNc2Y2bXfCml83nUe9BQA+sGQd+AMvHMlnglLYQx0ssmtddojs27PKRrqow0AI96UwrJVqQ1saOqduRMgOPih4Zn2AOaUvtmOCV6YOIo14lMIci6XSgKU0Cy0g289Dbkzx9StxGjG9NuWTVmp2FDsfSsIM0rARYgpwJ7O/QJph4uYnbdHWi3Q+sx82L34GHvJfBmdWtn52//E/jnakfw2qfW0/WgTA9n51iIKllZUrI2z1wZdNfI6FnZTk0J23PNZh4Wzz4KkuOcvPvXxi1nr591EySoxKIhmgyNHfqn+xxcpiOc70oxqHHT7uMKw6LH+ONZiMdbHJzPzWZ6dwa+0HQ+X8/bF8XXHxtA3M/5aGgqXQILcuJPtHJSImS9PJHAluot2bzrM/NI/Ewff3X/Erw/o44uNuWxa6WozkFA+/IWJkFJSUQAy98+EQ1UieJozKrjSNbr0aESf+Qop6tKa4A1xTvoMWRoYn5m4NtFjtJVOXrLgzF5UI6uekeJsOkiliZeJ5+NNpOvBiKdbFvBtcgJhzbDWNMhXKYGAMAeWLi7XlSj/4uW6nG11vbqtJ0oIGRUjE84CYaLyNJShKa0oMa7sALV7P/zl07WWwE4Eg4Cv0JVvD1GT7WbNhtQxSmtKox5A56zz/HZwDN97bggqLtG4Y5Dtw==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: db-credentials
+      namespace: piloto-prod
diff --git a/tenants/piloto/06-sealed-keycloak-admin.yaml b/tenants/piloto/06-sealed-keycloak-admin.yaml
new file mode 100644
index 0000000..0d91cf8
--- /dev/null
+++ b/tenants/piloto/06-sealed-keycloak-admin.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: keycloak-admin
+  namespace: piloto-prod
+spec:
+  encryptedData:
+    password: AgA045T1oH+C7MEkinmNlUkVyoFAIcPuTY6hOG8LVyNFc09ijec/30qztludrLex6SPf24cmF4iYnr2Nt2Ese0WLgbjvilucvDcWQj+E0T+t6sKqEWyMt/bWeG72vhIGqnZ8Ffm96YYUOaz9NEkNN+YDEqOiZ1J7wuQjq6zklY8dN/AENxjIMxQaQLEhHjliPM5FHl94UCiFJBDNtSYQ+vd8miaaUFwZvJEhxLftJEVQwwOz4nJ5zBeeTWps9fiWrHWZmRx19DH2KLRb47dMFvyt5RdqXScAeQXU8Mc7HQbMuzp1bloMMSTMmTaL002quaDaDeMiwlbwALgNppzZxrT3BXRxUTynfMA6Pjhv6996j9tQnesqa+iSgBgB6s3qL/nBxdjyNxM3CrJMp2ZdhhGUI5pcSov/Ve1xgZMGQGw/+jLPUcq96R6/anFoQv7LlU//7TFqs5fQQF9Fv+wFSHhhvfzlT2dMgXcdMrjP63dirO2pS26nNI4DJaHqAS4TrlrP+ChxWlyaPSlFY4z2MSG3mN++ThYtyu4RajIU9311Dl2MjG/tRKFqKpUjW82i//mMgjJoDgqyi0PwpNi7XhvkZbnaxIB+D8DCc2tsOlSv6UEODkcVBtyPuYmmXiLWblqlr21V5SB3FLM3WonEgkKv74Rmvq7+5B4Ty9jj9U3rfYq31rb+eG7LwsmpsmqncVngErhoVnzGYIq2pkrDVl4tun2m4g==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: keycloak-admin
+      namespace: piloto-prod