From 48d3f66855fb57379351fb9a458a95cf28522916 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Tue, 11 Apr 2023 18:37:20 +0200
Subject: manage secrets with sops

not sure if i like this yet, but it seems worth trying it out.
---
 .sops.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .sops.yaml

(limited to '.sops.yaml')

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..c3f890a
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,10 @@
+keys:
+  - &ilex age18wkr3kjalalzrq9l05q32gnlaqr7t6rqqzde307m83rs9fp4xcfsdtj9gt
+  # server's ssh pubkeys as age keys
+  - &flora age1d8hulw7weg6gwxv0cmz969w04d2jkphdx93tm9xs0mqr0ut0t4ls4g4vah
+creation_rules:
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *ilex
+      - *flora
-- 
cgit v1.2.3