initial commit
This commit is contained in:
commit
4014d5e658
GPG key ID:
BECE5684D3C4005D
30 changed files with 911 additions and 0 deletions
22
.sops.yaml
Normal file
22
.sops.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
# The .sops.yaml basically explains who can decrypt the secrets.yaml file which
|
||||
# contains all the goodies. The age encrypted values below are pubkeys in an
|
||||
# age keypair. You will still need to put the appropriate private key on the
|
||||
# system to decrypt the secrets. Ideally you're using the ssh keys already
|
||||
# setup on the server to convert to an age key that way you don't have to
|
||||
# bootstrap at all.
|
||||
keys:
|
||||
# make sure to run `sops updatekeys secrets.yaml` after changing the keys
|
||||
- &users:
|
||||
- &dev age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c
|
||||
- &hosts:
|
||||
- &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
|
||||
- &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
|
||||
# - &blobercraft
|
||||
creation_rules:
|
||||
- path_regex: secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *dev
|
||||
- *dev-vm
|
||||
- *crayon
|
||||
# - *blobercraft
|
||||
Loading…
Add table
Add a link
Reference in a new issue