blob: 5e8c1482a8e4087c80a06afba4506e40300e4ab9 (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 | # Make a user key:
# mkdir -p ~/.config/sops/age && age-keygen -o ~/.config/sops/age/keys.txt && chmod 00600 ~/.config/sops/age/keys.txt
# Read key if not present in file:
# age-keygen -y ~/.config/sops/age/keys.txt
# Make host key:
# ssh-to-age -i /etc/ssh/ssh_host_ed25519_key.pub
# Add secrets:
# sops file.yaml
# Rekey file.yaml contents after changes to .sops.yaml:
# sops updatekeys file.yaml
keys:
  - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de
  - &caladan age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3
  - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r
  - &fangorn age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d
  - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh
  - &kaitain age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl
  - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
  - &richese age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9
creation_rules:
  - path_regex: ^home/nipsy/secrets/arrakis.yaml$
    key_groups:
    - age:
      - *nipsy
  - path_regex: ^home/nipsy/secrets/caladan.yaml$
    key_groups:
    - age:
      - *nipsy
  - path_regex: ^home/nipsy/secrets/ginaz.yaml$
    key_groups:
    - age:
      - *nipsy
  - path_regex: ^hosts/secrets/arrakis.yaml$
    key_groups:
    - age:
      - *arrakis
      - *nipsy
  - path_regex: ^hosts/secrets/caladan.yaml$
    key_groups:
    - age:
      - *caladan
      - *nipsy
  - path_regex: ^hosts/secrets/darkstar.yaml$
    key_groups:
    - age:
      - *darkstar
      - *nipsy
  - path_regex: ^hosts/secrets/fangorn.yaml$
    key_groups:
    - age:
      - *fangorn
      - *nipsy
  - path_regex: ^hosts/secrets/ginaz.yaml$
    key_groups:
    - age:
      - *ginaz
      - *nipsy
  - path_regex: ^hosts/secrets/kaitain.yaml$
    key_groups:
    - age:
      - *kaitain
      - *nipsy
  - path_regex: ^hosts/secrets/richese.yaml$
    key_groups:
    - age:
      - *nipsy
      - *richese
 |