colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

docs: show more clearly how to update secret keys

Browse Source
This commit is contained in:
Colin
2025-06-02 08:37:17 +00:00
parent d837278324
commit 28ab943be4
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/adding-a-host.md
View File

@@ -25,4 +25,4 @@ to add a host:
- instructions in hosts/common/secrets.nix - instructions in hosts/common/secrets.nix
- run `ssh-to-age` on user/host pubkeys - run `ssh-to-age` on user/host pubkeys
- add age key to .sops.yaml - add age key to .sops.yaml
- update encrypted secrets: `sops updatekeys path/to/secret.yaml` - update encrypted secrets: `find secrets -type f -exec sops updatekeys '{}' ';'`

4
hosts/common/secrets.nix
View File

@@ -14,9 +14,9 @@
# since we specify ssh pubkeys in the nix config, you can just grep for `ssh-ed25519` here and use those instead # since we specify ssh pubkeys in the nix config, you can just grep for `ssh-ed25519` here and use those instead
# #
# for each host you want to decrypt secrets: # for each host you want to decrypt secrets:
# $ cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age # $ cat /etc/ssh/ssh_host_keys/ssh_host_ed25519_key.pub | ssh-to-age
# add the result to .sops.yaml # add the result to .sops.yaml
# $ sops updatekeys secrets/example.yaml # $ find secrets -type f -exec sops updatekeys '{}' ';'
# #
# to create a new secret: # to create a new secret:
# $ sops secrets/example.yaml # $ sops secrets/example.yaml