chore(deps): update dependency node to v24.15.0

2026-04-18 12:01:28 +00:00
7 changed files with 29 additions and 133 deletions
--- a/.gitea/workflows/release-image.yaml
+++ b/.gitea/workflows/release-image.yaml
@@ -17,14 +17,14 @@ jobs:
          ref: release
      - name: Set up Node
-        uses: actions/setup-node@v6.4.0
+        uses: actions/setup-node@v6.3.0
        with:
          node-version: 24.15.0
      - name: Set up Bun
        uses: oven-sh/setup-bun@v2.2.0
        with:
-          bun-version: 1.3.13
+          bun-version: 1.3.12
      - name: Install Dependencies
        run: bun install --frozen-lockfile
@@ -112,14 +112,14 @@ jobs:
          token: ${{ secrets.BOT_TOKEN }}
      - name: Set up Node
-        uses: actions/setup-node@v6.4.0
+        uses: actions/setup-node@v6.3.0
        with:
          node-version: 24.15.0
      - name: Set up Bun
        uses: oven-sh/setup-bun@v2.2.0
        with:
-          bun-version: 1.3.13
+          bun-version: 1.3.12
      - name: Install Dependencies
        run: bun install --frozen-lockfile
--- a/.gitea/workflows/test-build.yaml
+++ b/.gitea/workflows/test-build.yaml
@@ -20,14 +20,14 @@ jobs:
        uses: actions/checkout@v6.0.2
      - name: Set up Node
-        uses: actions/setup-node@v6.4.0
+        uses: actions/setup-node@v6.3.0
        with:
          node-version: 24.15.0
      - name: Set up Bun
        uses: oven-sh/setup-bun@v2.2.0
        with:
-          bun-version: 1.3.13
+          bun-version: 1.3.12
      - name: Install Dependencies
        run: bun install --frozen-lockfile
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,29 +1,3 @@
 # [0.27.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.26.0...0.27.0) (2026-04-19)
 ### Bug Fixes
 * **deps:** update dependency astro to v6.1.8 ([4b01ed5](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4b01ed56546d645756d8b8967e3ed37d50d3ad22))
 ### Features
 * add doc for secret store ([58d1631](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/58d16315fb8862f8b04d43414d5c9b848c73aaba))
 * rename to openbao ([07dd129](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/07dd12971da61180827813be6bb4ed532e94f118))
 # [0.26.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.25.0...0.26.0) (2026-04-16)
 ### Bug Fixes
 * **deps:** update astro monorepo ([4a60e31](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4a60e315f87a7a0fb2ed1d0aa0540a15c222baf1))
 * **deps:** update dependency sanitize-html to v2.17.3 ([27c6b11](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/27c6b11ea896736de5d137d2f0204b913ce081d1))
 ### Features
 * add openbao ([b44da87](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/b44da87ac85e1e8a3efd054328b167ae78ba25fc))
 # [0.25.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.24.0...0.25.0) (2026-04-14)
--- a/bun.lock
+++ b/bun.lock
@@ -11,7 +11,7 @@
        "@astrojs/starlight": "0.38.3",
        "@tailwindcss/postcss": "4.2.2",
        "@tailwindcss/vite": "4.2.2",
-        "astro": "6.1.8",
+        "astro": "6.1.7",
        "sanitize-html": "2.17.3",
        "sharp": "0.34.5",
        "starlight-theme-rapide": "0.5.2",
@@ -67,7 +67,7 @@
    "@astrojs/starlight": ["@astrojs/starlight@0.38.3", "", { "dependencies": { "@astrojs/markdown-remark": "^7.0.0", "@astrojs/mdx": "^5.0.0", "@astrojs/sitemap": "^3.7.1", "@pagefind/default-ui": "^1.3.0", "@types/hast": "^3.0.4", "@types/js-yaml": "^4.0.9", "@types/mdast": "^4.0.4", "astro-expressive-code": "^0.41.6", "bcp-47": "^2.1.0", "hast-util-from-html": "^2.0.1", "hast-util-select": "^6.0.2", "hast-util-to-string": "^3.0.0", "hastscript": "^9.0.0", "i18next": "^23.11.5", "js-yaml": "^4.1.0", "klona": "^2.0.6", "magic-string": "^0.30.17", "mdast-util-directive": "^3.0.0", "mdast-util-to-markdown": "^2.1.0", "mdast-util-to-string": "^4.0.0", "pagefind": "^1.3.0", "rehype": "^13.0.1", "rehype-format": "^5.0.0", "remark-directive": "^3.0.0", "ultrahtml": "^1.6.0", "unified": "^11.0.5", "unist-util-visit": "^5.0.0", "vfile": "^6.0.2" }, "peerDependencies": { "astro": "^6.0.0" } }, "sha512-kDlJPlUDdQFWYmyFM2yUPo66yws7v067AEK+/rQjjoVyqehL3DabuOJuy6UJFFTFyGbHxYcBms/ITEgdW7tphw=="],
-    "@astrojs/telemetry": ["@astrojs/telemetry@3.3.1", "", { "dependencies": { "ci-info": "^4.4.0", "dlv": "^1.1.3", "dset": "^3.1.4", "is-docker": "^4.0.0", "is-wsl": "^3.1.1", "which-pm-runs": "^1.1.0" } }, "sha512-7fcIxXS9J4ls5tr8b3ww9rbAIz2+HrhNJYZdkAhhB4za/I5IZ/60g+Bs8q7zwG0tOIZfNB4JWhVJ1Qkl/OrNCw=="],
+    "@astrojs/telemetry": ["@astrojs/telemetry@3.3.0", "", { "dependencies": { "ci-info": "4.4.0", "debug": "4.4.3", "dlv": "1.1.3", "dset": "3.1.4", "is-docker": "3.0.0", "is-wsl": "3.1.1", "which-pm-runs": "1.1.0" } }, "sha512-UFBgfeldP06qu6khs/yY+q1cDAaArM2/7AEIqQ9Cuvf7B1hNLq0xDrZkct+QoIGyjq56y8IaE2I3CTvG99mlhQ=="],
    "@babel/code-frame": ["@babel/code-frame@7.29.0", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.28.5", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw=="],
@@ -519,7 +519,7 @@
    "astring": ["astring@1.9.0", "", { "bin": { "astring": "bin/astring" } }, "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg=="],
-    "astro": ["astro@6.1.8", "", { "dependencies": { "@astrojs/compiler": "^3.0.1", "@astrojs/internal-helpers": "0.8.0", "@astrojs/markdown-remark": "7.1.0", "@astrojs/telemetry": "3.3.1", "@capsizecss/unpack": "^4.0.0", "@clack/prompts": "^1.1.0", "@oslojs/encoding": "^1.1.0", "@rollup/pluginutils": "^5.3.0", "aria-query": "^5.3.2", "axobject-query": "^4.1.0", "ci-info": "^4.4.0", "clsx": "^2.1.1", "common-ancestor-path": "^2.0.0", "cookie": "^1.1.1", "devalue": "^5.6.3", "diff": "^8.0.3", "dset": "^3.1.4", "es-module-lexer": "^2.0.0", "esbuild": "^0.27.3", "flattie": "^1.1.1", "fontace": "~0.4.1", "github-slugger": "^2.0.0", "html-escaper": "3.0.3", "http-cache-semantics": "^4.2.0", "js-yaml": "^4.1.1", "magic-string": "^0.30.21", "magicast": "^0.5.2", "mrmime": "^2.0.1", "neotraverse": "^0.6.18", "obug": "^2.1.1", "p-limit": "^7.3.0", "p-queue": "^9.1.0", "package-manager-detector": "^1.6.0", "piccolore": "^0.1.3", "picomatch": "^4.0.3", "rehype": "^13.0.2", "semver": "^7.7.4", "shiki": "^4.0.2", "smol-toml": "^1.6.0", "svgo": "^4.0.1", "tinyclip": "^0.1.12", "tinyexec": "^1.0.4", "tinyglobby": "^0.2.15", "tsconfck": "^3.1.6", "ultrahtml": "^1.6.0", "unifont": "~0.7.4", "unist-util-visit": "^5.1.0", "unstorage": "^1.17.4", "vfile": "^6.0.3", "vite": "^7.3.1", "vitefu": "^1.1.2", "xxhash-wasm": "^1.1.0", "yargs-parser": "^22.0.0", "zod": "^4.3.6" }, "optionalDependencies": { "sharp": "^0.34.0" }, "bin": { "astro": "bin/astro.mjs" } }, "sha512-6fT9M12U3fpi13DiPavNKDIoBflASTSxmKTEe+zXhWtlebQuOqfOnIrMWyRmlXp+mgDsojmw+fVFG9LUTzKSog=="],
+    "astro": ["astro@6.1.7", "", { "dependencies": { "@astrojs/compiler": "^3.0.1", "@astrojs/internal-helpers": "0.8.0", "@astrojs/markdown-remark": "7.1.0", "@astrojs/telemetry": "3.3.0", "@capsizecss/unpack": "^4.0.0", "@clack/prompts": "^1.1.0", "@oslojs/encoding": "^1.1.0", "@rollup/pluginutils": "^5.3.0", "aria-query": "^5.3.2", "axobject-query": "^4.1.0", "ci-info": "^4.4.0", "clsx": "^2.1.1", "common-ancestor-path": "^2.0.0", "cookie": "^1.1.1", "devalue": "^5.6.3", "diff": "^8.0.3", "dset": "^3.1.4", "es-module-lexer": "^2.0.0", "esbuild": "^0.27.3", "flattie": "^1.1.1", "fontace": "~0.4.1", "github-slugger": "^2.0.0", "html-escaper": "3.0.3", "http-cache-semantics": "^4.2.0", "js-yaml": "^4.1.1", "magic-string": "^0.30.21", "magicast": "^0.5.2", "mrmime": "^2.0.1", "neotraverse": "^0.6.18", "obug": "^2.1.1", "p-limit": "^7.3.0", "p-queue": "^9.1.0", "package-manager-detector": "^1.6.0", "piccolore": "^0.1.3", "picomatch": "^4.0.3", "rehype": "^13.0.2", "semver": "^7.7.4", "shiki": "^4.0.2", "smol-toml": "^1.6.0", "svgo": "^4.0.1", "tinyclip": "^0.1.12", "tinyexec": "^1.0.4", "tinyglobby": "^0.2.15", "tsconfck": "^3.1.6", "ultrahtml": "^1.6.0", "unifont": "~0.7.4", "unist-util-visit": "^5.1.0", "unstorage": "^1.17.4", "vfile": "^6.0.3", "vite": "^7.3.1", "vitefu": "^1.1.2", "xxhash-wasm": "^1.1.0", "yargs-parser": "^22.0.0", "zod": "^4.3.6" }, "optionalDependencies": { "sharp": "^0.34.0" }, "bin": { "astro": "bin/astro.mjs" } }, "sha512-pvZysIUV2C2nRv8N7cXAkCLcfDQz/axAxF09SqiTz1B+xnvbhy6KzL2I6J15ZBXk8k0TfMD75dJ151QyQmAqZA=="],
    "astro-eslint-parser": ["astro-eslint-parser@1.3.0", "", { "dependencies": { "@astrojs/compiler": "2.13.1", "@typescript-eslint/scope-manager": "8.56.1", "@typescript-eslint/types": "8.56.1", "astrojs-compiler-sync": "1.1.1", "debug": "4.4.3", "entities": "6.0.1", "eslint-scope": "8.4.0", "eslint-visitor-keys": "4.2.1", "espree": "10.4.0", "fast-glob": "3.3.3", "is-glob": "4.0.3", "semver": "7.7.4" } }, "sha512-aOLc/aDR7lTWAHlytEefwn4Y6qs6uMr69DZvUx2A1AOAZsWhGB/paiRWPtVchh9wzMvLeqr+DkbENhVreVr9AQ=="],
@@ -981,7 +981,7 @@
    "is-decimal": ["is-decimal@2.0.1", "", {}, "sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A=="],
-    "is-docker": ["is-docker@4.0.0", "", { "bin": { "is-docker": "cli.js" } }, "sha512-LHE+wROyG/Y/0ZnbktRCoTix2c1RhgWaZraMZ8o1Q7zCh0VSrICJQO5oqIIISrcSBtrXv0o233w1IYwsWCjTzA=="],
+    "is-docker": ["is-docker@3.0.0", "", { "bin": { "is-docker": "cli.js" } }, "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ=="],
    "is-extglob": ["is-extglob@2.1.1", "", {}, "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ=="],
@@ -1837,8 +1837,6 @@
    "import-fresh/resolve-from": ["resolve-from@4.0.0", "", {}, "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g=="],
    "is-inside-container/is-docker": ["is-docker@3.0.0", "", { "bin": { "is-docker": "cli.js" } }, "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ=="],
    "load-json-file/parse-json": ["parse-json@4.0.0", "", { "dependencies": { "error-ex": "^1.3.1", "json-parse-better-errors": "^1.0.1" } }, "sha512-aOIos8bujGN93/8Ox/jPLh7RwVnPEysynVFE+fQZyg6jKELEHwzgKdLRFHUgXJL6kylijVSBC4BvN9OmsB48Rw=="],
    "make-asynchronous/p-event": ["p-event@6.0.1", "", { "dependencies": { "p-timeout": "^6.1.2" } }, "sha512-Q6Bekk5wpzW5qIyUP4gdMEujObYstZl6DMMOSenwBvV0BlE5LkDwkjs5yHbZmdCEq2o4RJx4tE1vwxFVf2FG1w=="],
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "site-documentation",
  "type": "module",
-  "version": "0.27.0",
+  "version": "0.25.0",
  "scripts": {
    "dev": "astro dev",
    "build": "astro build",
@@ -18,7 +18,7 @@
    "@astrojs/starlight": "0.38.3",
    "@tailwindcss/postcss": "4.2.2",
    "@tailwindcss/vite": "4.2.2",
-    "astro": "6.1.8",
+    "astro": "6.1.7",
    "sanitize-html": "2.17.3",
    "sharp": "0.34.5",
    "starlight-theme-rapide": "0.5.2",
--- a/src/content/docs/guides/secret-store-csi.mdx
+++ b/src/content/docs/guides/secret-store-csi.mdx
@@ -1,76 +0,0 @@
 ---
 title: Using Secret Store CSI with OpenBao
 description: Mounting secrets inside pods using Secret Store CSI driver and OpenBao
 hero:
  tagline: Steps followed to mount the secrets
  image:
    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openbao.webp
 ---
 This guide assumes both Secrets Store CSI and OpenBao are installed and working. Also, the Kubernetes auth method is enabled. I wrote a post [here](https://www.alexlebens.dev/blog/openbao-migration/) that detailed my steps to set these up.
 NOTE: A catch I found is that the mount directory should be empty. There are issues when mounting a specific file into a directory that is already populated. For common uses, such as config files, use an env variable to change that path.
 The following will be needed per namespace, with the SecretProviderClass per secret to mount.
 ## Secret Provider Class
 This template is used to create the volume and retrieve the secret from OpenBao. Some notes:
 - The provider is 'openbao' and the address should point to the internal service.
 - The roleName referenced here is created in the next step.
 - secretPath should include the secret store and data if its a v2 kv engine.
 ```yaml
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
  name: web-config-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: web-config-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  provider: openbao
  parameters:
    baoAddress: "http://openbao-internal.openbao:8200"
    roleName: web
    objects: |
      - objectName: config.yaml
        secretPath: secret/data/web/config
        secretKey: config.yaml
 ```
 ## Role
 In the namespace where this secret is getting mounted there should be a ServiceAccount that will be use the role to retrieve the secret. This should also be the one used by the pod. It only needs read access to the secret path and I have created a policy called 'reader' for this.
 Each ServiceAccount will need a role created.
 ```bash
 bao write auth/kubernetes/role/web \
    bound_service_account_names=web \
    bound_service_account_namespaces=web \
    policies=reader \
    ttl=20m
 ```
 ## Mount
 When using the [app-template](https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template) common chart the following is how to mount the secret. This needs to use the custom type to define the spec. secretProviderClass references the above template. Use the advancedMounts to specify the path for the file.
 ```yaml
 persistence:
  web-config:
    type: custom
    volumeSpec:
      csi:
        driver: secrets-store.csi.k8s.io
        readOnly: true
        volumeAttributes:
          secretProviderClass: web-config-secret
    advancedMounts:
      main:
        main:
          - path: /config/config.yaml
            readOnly: true
            mountPropagation: None
            subPath: config.yaml
 ```
--- a/src/content/docs/guides/vault-ssh-ca.mdx
+++ b/src/content/docs/guides/vault-ssh-ca.mdx
@@ -1,17 +1,17 @@
 ---
-title: OpenBao SSH Certificate Authority
+title: Vault SSH Certificate Authority
-description: Steps followed to enable using OpenBao as a CA for ssh login
+description: Steps followed to enable using Vault as a CA for ssh login
 hero:
  tagline: Steps followed for the v1.12.0 upgrade process
  image:
-    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openbao.webp
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/hashicorp-vault.webp
 ---
 # Setup
-[Reference OpenBao Documentation](https://openbao.org/docs/secrets/ssh/signed-ssh-certificates/)
+[Reference Vault Documentation](https://developer.hashicorp.com/vault/docs/secrets/ssh/signed-ssh-certificates#host-key-signing)
-I have set the documenation to use my own defaults and configuration. This also assumes a running and active OpenBao instance.
+I have set the documenation to use my own defaults and configuration. This also assumes a running and active Vault instance.
 ## Enable the SSH CA
@@ -19,7 +19,7 @@ I followed the defaults mostly in the docs, reference the above link for details
 Start with enabling the mount.
 ```bash
-bao secrets enable -path=ssh-client-signer ssh
+vault secrets enable -path=ssh-client-signer ssh
 ```
 Generate a key. This will be used only for signing and not for client authentication. Keep it in a secure location, rename the path the key will be written to.
@@ -29,14 +29,14 @@ ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
 Add the above signing key.
 ```bash
-bao write ssh-client-signer/config/ca private_key="..." public_key="..."
+vault write ssh-client-signer/config/ca private_key="..." public_key="..."
 ```
 ## Create Client Role and Key
-Once the above is complete, create a role to use to sign your own client cert. I used my common username and configurations. This can also be done in the OpenBao UI.
+Once the above is complete, create a role to use to sign your own client cert. I used my common username and configurations. This can also be done in the Vault UI.
 ```bash
-bao write ssh-client-signer/roles/alexlebens -<<"EOH"
+vault write ssh-client-signer/roles/alexlebens -<<"EOH"
 {
  "algorithm_signer": "rsa-sha2-256",
  "allow_user_certificates": true,
@@ -61,7 +61,7 @@ ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
 ## Configure SSH to use the Key and Cert
-SSH will defailt to using the cert when using the matching name "id_rsa_host-cert.pub" as shown in the renewal certificate section. Use the principal as signed by OpenBao as the User and set the IdentityFile to the Key as generated above.
+SSH will defailt to using the cert when using the matching name "id_rsa_host-cert.pub" as shown in the renewal certificate section. Use the principal as signed by Vault as the User and set the IdentityFile to the Key as generated above.
 ```
 Host ps08rp
    Hostname 10.232.1.51
@@ -75,7 +75,7 @@ Host ps08rp
 Download the public cert from the endpoint.
 ```bash
-curl -o /etc/ssh/trusted-user-ca-keys.pem https://bao.alexlebens.net/v1/ssh-client-signer/public_key
+curl -o /etc/ssh/trusted-user-ca-keys.pem https://vault.alexlebens.net/v1/ssh-client-signer/public_key
 ```
 Then add that file to the sshd config.
@@ -89,16 +89,16 @@ This step is currently manual as I have few hosts that I need ssh for. The most
 ## Renew Client Certificate
-Sign the client cert, on your machine, with the OpenBao CA.
+Sign the client cert, on your machine, with the Vault CA.
 ```bash
-bao write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub
+vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub
 ```
-I added the following to my .zshrc to make this easier. So now I just run "bao-renew" before I need to ssh.
+I added the following to my .zshrc to make this easier. So now I just run "vault-renew" before I need to ssh.
 ```
-# OpenBao
+# Vault
-export BAO_ADDR="https://bao.alexlebens.net"
+export VAULT_ADDR="https://vault.alexlebens.net"
-alias bao-renew='bao write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub'
+alias vault-renew='vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub'
 ```
 ### View Cert Details