From 3525122d7cc0eb097b1a49235f1e21880c0c0711 Mon Sep 17 00:00:00 2001 From: kB01 Date: Fri, 6 Sep 2024 17:31:57 +0200 Subject: [PATCH] Changed Sops structure, added Sops Key --- .sops.yaml | 10 ++++++++ systems/x86_64-linux/yerukall/.sops.yaml | 7 ------ systems/x86_64-linux/yerukall/default.nix | 1 + .../yerukall/secrets/secrets.yaml | 25 +++++++++++++------ 4 files changed, 28 insertions(+), 15 deletions(-) create mode 100644 .sops.yaml delete mode 100644 systems/x86_64-linux/yerukall/.sops.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..ad11aa8 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,10 @@ +keys: + - &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 + - &kbwork_yerukall2 age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu +creation_rules: + - path_regex: systems/x86_64-linux/yerukall/secrets/secrets.yaml$ + key_groups: + - pgp: + - *kbwork_yerukall + age: + - *kbwork_yerukall2 diff --git a/systems/x86_64-linux/yerukall/.sops.yaml b/systems/x86_64-linux/yerukall/.sops.yaml deleted file mode 100644 index a416887..0000000 --- a/systems/x86_64-linux/yerukall/.sops.yaml +++ /dev/null @@ -1,7 +0,0 @@ -keys: - - &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 -creation_rules: - - path_regex: secrets/secrets.yaml$ - key_groups: - - pgp: - - *kbwork_yerukall diff --git a/systems/x86_64-linux/yerukall/default.nix b/systems/x86_64-linux/yerukall/default.nix index c6a1026..a897d5a 100644 --- a/systems/x86_64-linux/yerukall/default.nix +++ b/systems/x86_64-linux/yerukall/default.nix @@ -28,6 +28,7 @@ in { # Configure Secret Management sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; + sops.age.keyFile = "/home/user/.config/sops/age/keys.txt"; sops.secrets.example-key = {}; sops.secrets."myservice/my_subdir/my_secret" = {}; diff --git a/systems/x86_64-linux/yerukall/secrets/secrets.yaml b/systems/x86_64-linux/yerukall/secrets/secrets.yaml index 0b01499..51d591a 100644 --- a/systems/x86_64-linux/yerukall/secrets/secrets.yaml +++ b/systems/x86_64-linux/yerukall/secrets/secrets.yaml @@ -10,20 +10,29 @@ sops: gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] + age: + - recipient: age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZFJJUXVNVHJ2eGFUUEUr + T09TNUs1TXhJcForZlpLMTQxSFZiVktwOG13Cm1XbkRvYWs4TWxobi9zamRyc0U5 + RFJsaFhlYzM0WUN1a2dBM24yUVAyUGMKLS0tIC92dGF6UlExWG1sd2JGREtPb2R3 + V21VMmZwSE9RcnRIWW5qVUVjUytDNk0Kfsx4yHMU37LnShUQuTSqB05RZNc1e+tB + I/sCep5KH02W4IBUONXVKbHE5Fp3nl0RVMBE+oQQojOCdEERebBplA== + -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-06T14:49:25Z" mac: ENC[AES256_GCM,data:741EU6IW91+D6O22q/fC2QGC7PU/qxSkdML4KBbYohS2tOx9dl7miyooNnSw2nEjE4yd4qxU+OU8ZNxST/dlnOaGa5otYfwByq0FQ7PLa4pSzVSTMvDBHf55JHOL9zbWuWoiPu2WEa+sQ6bU7Rte/4EtXhJBvHhgys0hc0kHIyQ=,iv:QNpw1v8m+AUqdhYq1LdJSUSDeVN9PM/qyEqibyVxCa4=,tag:tysIywxYhCv51eVBQE3NaQ==,type:str] pgp: - - created_at: "2024-09-06T14:48:54Z" + - created_at: "2024-09-06T15:25:51Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4Dg0be+qgFJlcSAQdACh1dzZqJkACHuha/IvFEhJ5bZvRZ2Gpu/m5VsEUf4xAw - B/rjke8hE/MjsPsrbZ6n6GYSO0yMJUceSn5nPKSIdeAVZUjwoBxOm7WTBdu8xRoN - 1GgBCQIQPkVvuuTknldWZoAnh38jNMfeYKwNXSmn7QPf62IAt9saeZbKnTfKML0x - C3xiraVnYScz24DvYMyVYNkOOFyJiXIwKCeu5AAR0hrH6keVYSw+1cnZiO/gZVJS - zVjZOdtPDTTa3A== - =tCbr + hF4Dg0be+qgFJlcSAQdAtgr7NQCBh2lFuJVelU3zgaV9bvwKzEA9VPYOq1/53lkw + AJXNN1tW/RIMLJYlotfmd4vKd7JXJL7yVNgxFNfepFnDxcc58aFkefYFLSR3Owe7 + 1GgBCQIQkCcQDT/8Pkd9hM7D6ZNDi8tl1sGukChIZ0De7nQ3jun2LwFPtYYVw97J + iSeMyas8Z+BkkL0eYyzdRPlYBnzDNwGLteRMkjWCHeNESaeUjP06Bz+v7rMFn9DS + 7O8SqYeKKm4YkA== + =/tp5 -----END PGP MESSAGE----- fp: CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 unencrypted_suffix: _unencrypted