keycloak(host): move secrets to SOPS

resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2

@@ -32,11 +32,11 @@ services:
       - keycloak
     environment:
       KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
+      KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KEYCLOAK_ADMIN_PASSWORD']") }}
       KC_DB: postgres
       KC_DB_URL_HOST: db
       KC_DB_USERNAME: keycloak
-      KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
+      KC_DB_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KC_DB_PASSWORD']") }}
       KC_HOSTNAME: https://id.hamburg.ccc.de
       KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
       KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@@ -54,7 +54,7 @@ services:
       - "./database:/var/lib/postgresql/data"
     environment:
       POSTGRES_USER: keycloak
-      POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
+      POSTGRES_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['POSTGRES_PASSWORD']") }}
       POSTGRES_DB: keycloak
 
   id-invite-web:
@@ -76,10 +76,10 @@ services:
       - "IDINVITE_URL=https://invite.hamburg.ccc.de"
       - "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
       - "IDINVITE_VALID_HOURS=50"
-      - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
+      - "IDINVITE_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_TOKEN_SECRET']") }}"
       - "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
       - "IDINVITE_CLIENT_ID=id-invite"
-      - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+      - "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}"
       - "MAIL_FROM=no-reply@hamburg.ccc.de"
       - "BOTTLE_HOST=0.0.0.0"
 
@@ -96,7 +96,7 @@ services:
       - "MAIL_FROM=no-reply@id.hamburg.ccc.de"
       - "SMTP_HOSTNAME=cow.hamburg.ccc.de"
       - "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
-      - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
+      - "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['NO_REPLY_SMTP']") }}"
 
   id-invite-keycloak:
     image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@@ -107,10 +107,10 @@ services:
     environment:
       - "BOTTLE_HOST=0.0.0.0"
       - "IDINVITE_CLIENT_ID=id-invite"
-      - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+      - "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}"
       - "KEYCLOAK_API_URL=http://keycloak:8080"
       - "KEYCLOAK_API_USERNAME=id-invite"
-      - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
+      - "KEYCLOAK_API_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_ADMIN_PASSWORD']") }}"
       - "KEYCLOAK_API_REALM=ccchh"
       - 'KEYCLOAK_GROUPS=["user"]'