22 lines
915 B
YAML
22 lines
915 B
YAML
# The .sops.yaml basically explains who can decrypt the secrets.yaml file which
|
|
# contains all the goodies. The age encrypted values below are pubkeys in an
|
|
# age keypair. You will still need to put the appropriate private key on the
|
|
# system to decrypt the secrets. Ideally you're using the ssh keys already
|
|
# setup on the server to convert to an age key that way you don't have to
|
|
# bootstrap at all.
|
|
keys:
|
|
# make sure to run `sops updatekeys secrets.yaml` after changing the keys
|
|
- &users:
|
|
- &dev age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c
|
|
- &hosts:
|
|
- &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
|
|
- &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
|
|
# new-host marker
|
|
creation_rules:
|
|
- path_regex: secrets.yaml$
|
|
key_groups:
|
|
- age:
|
|
- *dev
|
|
- *dev-vm
|
|
- *crayon
|
|
# new-host ptr marker
|