forked from wimpysworld/nix-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.sops.yaml
33 lines (29 loc) · 1.11 KB
/
.sops.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Make a user key
# mkdir -p ~/.config/sops/age
# age-keygen -o ~/.config/sops/age/keys.txt
# chmod 600 ~/.config/sops/age/keys.txt
# Display the user public key:
# age-keygen -y ~/.config/sops/age/keys.txt
# Make a host public key:
# ssh-to-age -i /etc/ssh/ssh_host_ed25519_key.pub
# Add secrets
# sops secrets/secrets.yaml
# Rekey secrets.yaml after editing recipients in .sops.yaml:
# sops updatekeys secrets/secrets.yaml
keys:
- &user_martin age1xfpzwdsz06243ndj39x4yr2qs4u3ja777r3xautdtm59j54wa3kssualcn
- &user_backup age1v5c455hd0shs745dhd3gl7kzw6zaqflnyl4v96pq56j96xyvvc5sgse0za
- &host_phasma age15fmple5gj3u8ljt7xjxpn0frdw2psla37y9u9tskf2dncfl88fyqnv6lll
- &host_sidious age1wv5n63qt2jvlrap064j84sjvhpge0utaz36n7pm28aypx7qtagxs22qhqz
- &host_tanis age1kscrpd0rx7ud06y635rsdc6h2ehyuwakhs65w442wa70qc0ct5ps0t0h5j
- &host_vader age1xs0vlxts7dfa770kea0nyagq0j95nennmx79qml4ddfg6np2qefs9gah9e
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *user_martin
- *user_backup
- *host_phasma
- *host_sidious
- *host_tanis
- *host_vader