kb01/aux-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changed Sops structure, added Sops Key

Browse source
This commit is contained in:
Kaybee 2024-09-06 17:31:57 +02:00
parent 31d409edb7
commit 3525122d7c
4 changed files with 28 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.sops.yaml Normal file
View file

@ -0,0 +1,10 @@
keys:
- &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8
- &kbwork_yerukall2 age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu
creation_rules:
- path_regex: systems/x86_64-linux/yerukall/secrets/secrets.yaml$
key_groups:
- pgp:
- *kbwork_yerukall
age:
- *kbwork_yerukall2

7
systems/x86_64-linux/yerukall/.sops.yaml
View file

@ -1,7 +0,0 @@
keys:
- &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- pgp:
- *kbwork_yerukall

1
systems/x86_64-linux/yerukall/default.nix
View file

@ -28,6 +28,7 @@ in {
# Configure Secret Management # Configure Secret Management
sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml"; sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/user/.config/sops/age/keys.txt";
sops.secrets.example-key = {}; sops.secrets.example-key = {};
sops.secrets."myservice/my_subdir/my_secret" = {}; sops.secrets."myservice/my_subdir/my_secret" = {};

25
systems/x86_64-linux/yerukall/secrets/secrets.yaml
View file

@ -10,20 +10,29 @@ sops:
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age:
- recipient: age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZFJJUXVNVHJ2eGFUUEUr
T09TNUs1TXhJcForZlpLMTQxSFZiVktwOG13Cm1XbkRvYWs4TWxobi9zamRyc0U5
RFJsaFhlYzM0WUN1a2dBM24yUVAyUGMKLS0tIC92dGF6UlExWG1sd2JGREtPb2R3
V21VMmZwSE9RcnRIWW5qVUVjUytDNk0Kfsx4yHMU37LnShUQuTSqB05RZNc1e+tB
I/sCep5KH02W4IBUONXVKbHE5Fp3nl0RVMBE+oQQojOCdEERebBplA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-06T14:49:25Z" lastmodified: "2024-09-06T14:49:25Z"
mac: ENC[AES256_GCM,data:741EU6IW91+D6O22q/fC2QGC7PU/qxSkdML4KBbYohS2tOx9dl7miyooNnSw2nEjE4yd4qxU+OU8ZNxST/dlnOaGa5otYfwByq0FQ7PLa4pSzVSTMvDBHf55JHOL9zbWuWoiPu2WEa+sQ6bU7Rte/4EtXhJBvHhgys0hc0kHIyQ=,iv:QNpw1v8m+AUqdhYq1LdJSUSDeVN9PM/qyEqibyVxCa4=,tag:tysIywxYhCv51eVBQE3NaQ==,type:str] mac: ENC[AES256_GCM,data:741EU6IW91+D6O22q/fC2QGC7PU/qxSkdML4KBbYohS2tOx9dl7miyooNnSw2nEjE4yd4qxU+OU8ZNxST/dlnOaGa5otYfwByq0FQ7PLa4pSzVSTMvDBHf55JHOL9zbWuWoiPu2WEa+sQ6bU7Rte/4EtXhJBvHhgys0hc0kHIyQ=,iv:QNpw1v8m+AUqdhYq1LdJSUSDeVN9PM/qyEqibyVxCa4=,tag:tysIywxYhCv51eVBQE3NaQ==,type:str]
pgp: pgp:
- created_at: "2024-09-06T14:48:54Z" - created_at: "2024-09-06T15:25:51Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4Dg0be+qgFJlcSAQdACh1dzZqJkACHuha/IvFEhJ5bZvRZ2Gpu/m5VsEUf4xAw hF4Dg0be+qgFJlcSAQdAtgr7NQCBh2lFuJVelU3zgaV9bvwKzEA9VPYOq1/53lkw
B/rjke8hE/MjsPsrbZ6n6GYSO0yMJUceSn5nPKSIdeAVZUjwoBxOm7WTBdu8xRoN AJXNN1tW/RIMLJYlotfmd4vKd7JXJL7yVNgxFNfepFnDxcc58aFkefYFLSR3Owe7
1GgBCQIQPkVvuuTknldWZoAnh38jNMfeYKwNXSmn7QPf62IAt9saeZbKnTfKML0x 1GgBCQIQkCcQDT/8Pkd9hM7D6ZNDi8tl1sGukChIZ0De7nQ3jun2LwFPtYYVw97J
C3xiraVnYScz24DvYMyVYNkOOFyJiXIwKCeu5AAR0hrH6keVYSw+1cnZiO/gZVJS iSeMyas8Z+BkkL0eYyzdRPlYBnzDNwGLteRMkjWCHeNESaeUjP06Bz+v7rMFn9DS
zVjZOdtPDTTa3A== 7O8SqYeKKm4YkA==
=tCbr =/tp5
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 fp: CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted