Refactor secrets handling

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-07 15:17:30 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-13 00:00:55 +0200
commit: 282c67a117b7d349b30a96972b050d630f906dec (patch)
tree: 6686bdc126d5c0bd548cd6286a41be5c8cfdc01f /nixops/.sops.yaml
parent: 97f5a24bc8839328571b23eb5f910de206ddbe1f (diff)
download: Nix-282c67a117b7d349b30a96972b050d630f906dec.tar.gz
Nix-282c67a117b7d349b30a96972b050d630f906dec.tar.zst
Nix-282c67a117b7d349b30a96972b050d630f906dec.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/nixops/.sops.yaml b/nixops/.sops.yaml
new file mode 100644
index 0000000..04826a2
--- /dev/null
+++ b/nixops/.sops.yaml
@@ -0,0 +1,19 @@
+keys:
+  - &Immae F82806FDA1BF5B9A1B3014E7C9FCED6CA6B79454
+  # obtained with: ssh-keyscan eldiron | nix-shell -p ssh-to-age --run ssh-to-age
+  - &eldiron age1dxr5lhvtnjssfaqpnf6qx80h8gfwkxg3tdf35m6n9wljmk7wadfs3kmahj
+  - &monitoring-1 age1dn4lzhgxusqrpjjnzm7w8ml39ptf326htuzmpqdqs2gg3wq7cqzqxuvx8k
+  - &backup-2 age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr
+  - &dilion age1x49n6qa0arkdpq8530s7umgm0gqkq90exv4jep97q30rfnzknpaqate06a
+  - &quatresaisons age1yz8u6xvh2fltvyp96ep8crce3qx4tuceyhun6pwddfe0uvcrkarscxl7e7
+creation_rules:
+  - path_regex: vars.yml
+    key_groups:
+      - pgp:
+        - *Immae
+        age:
+        - *eldiron
+        - *monitoring-1
+        - *backup-2
+        - *dilion
+        - *quatresaisons
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-07 15:17:30 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-13 00:00:55 +0200
commit	282c67a117b7d349b30a96972b050d630f906dec (patch)
tree	6686bdc126d5c0bd548cd6286a41be5c8cfdc01f /nixops/.sops.yaml
parent	97f5a24bc8839328571b23eb5f910de206ddbe1f (diff)
download	Nix-282c67a117b7d349b30a96972b050d630f906dec.tar.gz Nix-282c67a117b7d349b30a96972b050d630f906dec.tar.zst Nix-282c67a117b7d349b30a96972b050d630f906dec.zip

diff --git a/nixops/.sops.yaml b/nixops/.sops.yaml new file mode 100644 index 0000000..04826a2 --- /dev/null +++ b/nixops/.sops.yaml
@@ -0,0 +1,19 @@
	1	keys:
	2	- &Immae F82806FDA1BF5B9A1B3014E7C9FCED6CA6B79454
	3	# obtained with: ssh-keyscan eldiron \| nix-shell -p ssh-to-age --run ssh-to-age
	4	- &eldiron age1dxr5lhvtnjssfaqpnf6qx80h8gfwkxg3tdf35m6n9wljmk7wadfs3kmahj
	5	- &monitoring-1 age1dn4lzhgxusqrpjjnzm7w8ml39ptf326htuzmpqdqs2gg3wq7cqzqxuvx8k
	6	- &backup-2 age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr
	7	- &dilion age1x49n6qa0arkdpq8530s7umgm0gqkq90exv4jep97q30rfnzknpaqate06a
	8	- &quatresaisons age1yz8u6xvh2fltvyp96ep8crce3qx4tuceyhun6pwddfe0uvcrkarscxl7e7
	9	creation_rules:
	10	- path_regex: vars.yml
	11	key_groups:
	12	- pgp:
	13	- *Immae
	14	age:
	15	- *eldiron
	16	- *monitoring-1
	17	- *backup-2
	18	- *dilion
	19	- *quatresaisons