init by ai
This commit is contained in:
34
secrets/.sops.yaml
Normal file
34
secrets/.sops.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
# SOPS configuration for secrets management
|
||||
# https://github.com/mozilla/sops
|
||||
|
||||
keys:
|
||||
- &users |
|
||||
- -----BEGIN AGE PUBLIC KEY-----
|
||||
Your-Age-Public-Key-Here
|
||||
-----END AGE PUBLIC KEY-----
|
||||
|
||||
# SSH key-based decryption (recommended for machines)
|
||||
- &machines |
|
||||
- -----BEGIN AGE PUBLIC KEY-----
|
||||
Laptop-Host-Key-Public-Key-Here
|
||||
-----END AGE PUBLIC KEY-----
|
||||
|
||||
creation_rules:
|
||||
# Production secrets
|
||||
- path_regex: ^secrets\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *users
|
||||
- *machines
|
||||
|
||||
# For first-time setup:
|
||||
# 1. Generate your age keypair:
|
||||
# age-keygen -o -f ~/.config/sops/age/keys.txt
|
||||
#
|
||||
# 2. Extract your public key:
|
||||
# age-keygen -y ~/.config/sops/age/keys.txt
|
||||
#
|
||||
# 3. Replace "Your-Age-Public-Key-Here" with the output
|
||||
#
|
||||
# 4. For machine-specific keys, use SSH:
|
||||
# ssh-keyscan hostname | ssh-to-age -private-key-file ~/.config/sops/age/keys.txt
|
||||
Reference in New Issue
Block a user