# Make a user key: # mkdir -p ~/.config/sops/age && age-keygen -o ~/.config/sops/age/keys.txt && chmod 00600 ~/.config/sops/age/keys.txt # Read key if not present in file: # age-keygen -y ~/.config/sops/age/keys.txt # Make host key: # ssh-to-age -i /etc/ssh/ssh_host_ed25519_key.pub # Add secrets: # sops file.yaml # Rekey file.yaml contents after changes to .sops.yaml: # sops updatekeys file.yaml keys: - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va creation_rules: - path_regex: ^home/nipsy/secrets/ginaz.yaml$ key_groups: - age: - *nipsy - path_regex: ^hosts/secrets/darkstar.yaml$ key_groups: - age: - *darkstar - *nipsy - path_regex: ^hosts/secrets/ginaz.yaml$ key_groups: - age: - *ginaz - *nipsy