35 lines
898 B
YAML
35 lines
898 B
YAML
# SOPS configuration for secrets management
|
|
# https://github.com/mozilla/sops
|
|
|
|
keys:
|
|
- &users |
|
|
- -----BEGIN AGE PUBLIC KEY-----
|
|
Your-Age-Public-Key-Here
|
|
-----END AGE PUBLIC KEY-----
|
|
|
|
# SSH key-based decryption (recommended for machines)
|
|
- &machines |
|
|
- -----BEGIN AGE PUBLIC KEY-----
|
|
Laptop-Host-Key-Public-Key-Here
|
|
-----END AGE PUBLIC KEY-----
|
|
|
|
creation_rules:
|
|
# Production secrets
|
|
- path_regex: ^secrets\.yaml$
|
|
key_groups:
|
|
- age:
|
|
- *users
|
|
- *machines
|
|
|
|
# For first-time setup:
|
|
# 1. Generate your age keypair:
|
|
# age-keygen -o -f ~/.config/sops/age/keys.txt
|
|
#
|
|
# 2. Extract your public key:
|
|
# age-keygen -y ~/.config/sops/age/keys.txt
|
|
#
|
|
# 3. Replace "Your-Age-Public-Key-Here" with the output
|
|
#
|
|
# 4. For machine-specific keys, use SSH:
|
|
# ssh-keyscan hostname | ssh-to-age -private-key-file ~/.config/sops/age/keys.txt
|