2023-07-04 14:43:31 +00:00
keys :
2023-07-05 15:19:22 +00:00
# To generate new admin key, run (requires [age](https://github.com/FiloSottile/age)):
# ```
# mkdir -p ~/.config/sops/age/
# age-keygen -o ~/.config/sops/age/keys.txt
# ```
# Provide the generated key to a pre-existing admin and wait for him to re-encrypt all secrets in this repo with it. After pulling the re-encrypted secrets you can read them with `sops some-file`.
2023-07-04 14:43:31 +00:00
- &joerg age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
2023-07-05 12:30:05 +00:00
- &lassulus age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
2023-07-17 08:56:56 +00:00
- &dave age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl
# Downloaded like this: nix-shell -p ssh-to-age --run 'ssh-keyscan clan.lol | ssh-to-age'
2023-07-05 15:19:22 +00:00
- &web01 age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct
2023-07-04 14:43:31 +00:00
creation_rules :
2023-07-13 16:37:14 +00:00
- path_regex : targets/.*/(terraform.tfstate|secrets.auto.tfvars.sops.json)$
2023-07-04 14:43:31 +00:00
key_groups :
- age :
- *joerg
2023-07-05 12:30:05 +00:00
- *lassulus
2023-07-17 08:56:56 +00:00
- *dave
2023-07-05 15:19:22 +00:00
- path_regex : targets/web01/secrets.yaml$
key_groups :
- age :
- *joerg
- *lassulus
2023-07-17 08:56:56 +00:00
- *dave
2023-07-05 15:19:22 +00:00
- *web01
2023-07-17 08:31:59 +00:00
- path_regex : targets/web01-new/secrets.yaml$
key_groups :
- age :
- *joerg
- *lassulus
- *dave
- *web01
