sops: add moby and lappy pubkeys
This commit is contained in:
parent
1c16348724
commit
0a1c959cb5
|
@ -1,9 +1,13 @@
|
|||
keys:
|
||||
- &user_desko_colin age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
|
||||
- &user_lappy_colin age1ml8kkppftygu2wag57yld98jlrkh4avp54eheq7q0fa2rup843csqjajs6
|
||||
- &user_moby_colin age1lt739n2tq7dmpglvntjr9j2r7426md7rat7x9w930gagtx4jyvnqwts2al
|
||||
- &host_desko age1s0v4fm203ap6mckcz3djw8hx30uqu87xfhfdajpmyf8rfrf5xs5swpz6m6
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *user_desko_colin
|
||||
- *user_lappy_colin
|
||||
- *user_moby_colin
|
||||
- *host_desko
|
||||
|
|
|
@ -35,11 +35,12 @@
|
|||
# for each user you want to decrypt secrets:
|
||||
# $ cat ~/.ssh/id_ed25519.pub | ssh-to-age
|
||||
# add the result to .sops.yaml
|
||||
# since we specify ssh pubkeys in the nix config, you can just grep for `ssh-ed25519` here and use those instead
|
||||
#
|
||||
# for each machine you want to decrypt secrets:
|
||||
# $ cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
# add the result to .sops.yaml
|
||||
# you may need to re-encode all the secrets (even physically deleting and recreating them).
|
||||
# $ sops updatekeys secrets/example.yaml
|
||||
#
|
||||
# to create a new secret:
|
||||
# $ sops secrets/example.yaml
|
||||
|
|
|
@ -17,20 +17,38 @@ sops:
|
|||
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUWdZeHhjQnU0MVpQNTNy
|
||||
WTEyVVVMVlpaL3duWkNnRE55RFltcWo0SzAwCkYra2hMdk9hdGR2dXo0SDVDb0Zy
|
||||
Y3lvblhzSy9aWjQzOE5nR1lvaXg5dVEKLS0tIDhlVERraFgzeVlBbmxPZit5MzAv
|
||||
dEIzelZ0M1Nuektzb1lSWXl1bGVWYVEK1sbgSBu/yjtbgAMUNO/U7vX++zuUoCj5
|
||||
IZqsQ1Jofw4VGukUt+vUloWJ9W+uysRveDbqTX2x2XiRLqJXaKVIZQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZDFoUlNBS3lCTGZXT2FZ
|
||||
U3pjNFVWNDF5d294S1dzS3V6ZzhNRCs1SFVJCjVxQ1BxQlczTy9vOVI1V2JKZjN2
|
||||
c2Exa2ttTHIyc21USzZYN2t1WE1sZGsKLS0tIENXamx6TXBtZElOWTRybURybWky
|
||||
WHNpcmdxR2NmTDdDcUlZbC9sQkJPY0kKb7VCtdYpKmf3FlxOGdIjoCJ9Ip/0F5m1
|
||||
QT9HQcxXq4Olc9Ekd4ah9l4bphAgmH4DKkb4ba7ShJ+U4bw3279Bdw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ml8kkppftygu2wag57yld98jlrkh4avp54eheq7q0fa2rup843csqjajs6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVjd2eUlQMUM4QmExVGhT
|
||||
dnpBNkpnbkdGcU0yTzJhQjNvZ2hXZTdWSm4wCjB1djdMTzZpYkhnTWV4ZmgzanN3
|
||||
cG83RlF1OGZGQlhWQTJUZUwxUlNUWU0KLS0tIGtMeFZjVldjS3VJNVB3bWxnWXNZ
|
||||
cmJHbDFtZTQ5OUZ6SURVNUt6MlU5YkUKe/d1hc7x9/Cru8gse+kBgDmR32ezHv5J
|
||||
j9YDUv5QJwAwgnEVhhTHoYnSpHQtDIeoSzURxhVwK/tgHpCaqFSq2w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lt739n2tq7dmpglvntjr9j2r7426md7rat7x9w930gagtx4jyvnqwts2al
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMThScUw4emh6Q3JGMTJ2
|
||||
NC9aYjlxL1liWmFqZUN0WHJsRXoxdGNIc2tVCjJmbm96NStwUnY5N0lNVEZSZkZI
|
||||
Zk9Wcm1jSit6TUE0QnBHQzBzK2l0OTQKLS0tIEswRGhrSFUwbzNXeXAwYWUzejZT
|
||||
TTlxRjh6QzVETE0yeGZVRFJzNTVMNEEKUNttIPaTCsyGbycDdxbZ8tYtj4fzYgjM
|
||||
hb+BL0VzJpJjxB3077KAH6eryJe0ZlS0N0nrMy8/cKHUcDW52DhDRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s0v4fm203ap6mckcz3djw8hx30uqu87xfhfdajpmyf8rfrf5xs5swpz6m6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNL1NKVjRRbFUzYUZzakw0
|
||||
S1Jhc1Y3dlJ5WWxYcHNUVytDZ25jU1ZIWkdJCkRpY3dwakk4NWw0VWVGYllNQ0x5
|
||||
ZTB1aVh1QlJBdmZld0EzVXVCZkpqZlEKLS0tIG1kcHVwNjhLaVFsVk9vWXpJZmhN
|
||||
RHAyR2poZWkydUpVTEo4NXNvS1RwUE0KDWF9jDZP1cOMxE4iZzhN+eKJakEYK4g8
|
||||
RQX7A5W1chN8Qh7KYPWZiGOL6FfcWUxFt8mfrUPKrxkGnM7zcz9Xrw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZGNKRmx5UHZBYXY2dGJp
|
||||
MmxESVY2MkxmaENLUzlOcFpweDMwRHJUTkdFCkVabW1kbXlIRUxMYWxTVXcrNWw0
|
||||
Z1ZlRFVXUWV5dTV1RkUvUXgvZEpCVEkKLS0tIEdobjZYNXNDVmIwQ0xZR1M5S0Q4
|
||||
dnh3NE9RSGEwZjMvRjRVVXM4V3ZTR0UKJ4Rw+NoTwunpy8ZB1wQvRxs3x/Uq+1sn
|
||||
n0XzsxEViDyA1+xlmOsUmrpdESqSGHLwIuYCWbppI2KhZjnbR2iSUQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-06T23:21:20Z"
|
||||
mac: ENC[AES256_GCM,data:pU5882gcNu2hmINn/xnDriHX8PvrEqepnf8/B+WGYrkd6yqpsVPCivlhGFmPvPaRt/o0AVMuH7Wbwm3+rmOpR1LFfJUtnFcejWVpVNE6BuxuWTdF90EENUStKg3DWV4uspRlQds856GR7pkDblkmAOgWZ7zD3ILS3sF/fLuFLr0=,iv:TCsuetCjhhJc/0K4UQrCD9+zWEVssI6Yx0AQ/+eDSn0=,tag:ZsKZZB5S9bgLIRJBLO/KgQ==,type:str]
|
||||
|
|
Loading…
Reference in New Issue