sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/.sops.yaml

79 lines
1.8 KiB
YAML
Raw Normal View History

migrate to sops-nix
2021-09-25 22:35:51 +02:00
keys:
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
- &zimbatm 260353B993F8CE16752EF48C71BAF6D40C1D63D7
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- &mic92 age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
sops-nix: add ryantm
2021-09-26 16:13:37 -07:00
- &ryantm age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- &build01 age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc
rotate secret for build02
2021-10-24 01:02:16 +02:00
- &build02 age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- &build03 age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq
- &build04 age1vr4suv4lhtt8f59s25eukdfk67j7av72gvj7sk7ux6thusct3utqmn3pmf
# scan new hosts like this:
# $ nix-shell -p ssh-to-age --run 'ssh-keyscan buildXX.nix-community.org | ssh-to-age'
creation_rules:
move remaining git-crypt secrets to sops
2022-05-15 17:12:19 +02:00
- path_regex: secrets.yaml$
key_groups:
- age:
- *mic92
- *ryantm
pgp:
- *zimbatm
move more secrets to sops and closer to terraform
2022-05-15 16:49:04 +02:00
- path_regex: terraform/secrets.yaml$
key_groups:
- age:
- *mic92
- *ryantm
pgp:
- *zimbatm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- path_regex: build01/[^/]+\.yaml$
key_groups:
- age:
- *mic92
sops-nix: add ryantm
2021-09-26 16:13:37 -07:00
- *ryantm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- *build01
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
pgp:
- *zimbatm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- path_regex: build02/[^/]+\.yaml$
key_groups:
- age:
- *mic92
sops-nix: add ryantm
2021-09-26 16:13:37 -07:00
- *ryantm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- *build02
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
pgp:
- *zimbatm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- path_regex: build03/[^/]+\.yaml$
key_groups:
- age:
- *mic92
sops-nix: add ryantm
2021-09-26 16:13:37 -07:00
- *ryantm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- *build03
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
pgp:
- *zimbatm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- path_regex: build04/[^/]+\.yaml$
key_groups:
- age:
- *mic92
sops-nix: add ryantm
2021-09-26 16:13:37 -07:00
- *ryantm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- *build04
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
pgp:
- *zimbatm
hercules: add cachix deploy agent secrets
2021-12-24 07:42:09 +01:00
- path_regex: roles/hercules-ci/.+\.yaml$
key_groups:
- age:
- *mic92
- *ryantm
hercules: also encrypt for build02
2021-12-26 08:58:06 +01:00
- *build02
hercules: add cachix deploy agent secrets
2021-12-24 07:42:09 +01:00
- *build03
- *build04
pgp:
- *zimbatm
add cachix deploy
2021-12-23 20:39:49 +01:00
- path_regex: roles/.+\.yaml$
migrate to sops-nix
2021-09-25 22:35:51 +02:00
key_groups:
- age:
- *mic92
sops-nix: add ryantm
2021-09-26 16:13:37 -07:00
- *ryantm
migrate to sops-nix
2021-09-25 22:35:51 +02:00
- *build01
- *build02
- *build03
- *build04
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
pgp:
- *zimbatm
Reference in a new issue Copy permalink