From 0757a720082fd06bad590ca0d4eabb81540ecc35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 15 May 2022 17:12:19 +0200
Subject: [PATCH] move remaining git-crypt secrets to sops
---
.sops.yaml | 7 ++++
secrets.yaml | 50 ++++++++++++++++++++++++++++
secrets/build01-admin.txt | Bin 117 -> 0 bytes
secrets/build02-admin.txt | Bin 185 -> 0 bytes
secrets/build02-root.txt | Bin 38 -> 0 bytes
secrets/build03-admin.txt | Bin 108 -> 0 bytes
secrets/build04-root.txt | Bin 38 -> 0 bytes
secrets/nix-community-alert-bot.txt | Bin 99 -> 0 bytes
8 files changed, 57 insertions(+)
create mode 100644 secrets.yaml
delete mode 100644 secrets/build01-admin.txt
delete mode 100644 secrets/build02-admin.txt
delete mode 100644 secrets/build02-root.txt
delete mode 100644 secrets/build03-admin.txt
delete mode 100644 secrets/build04-root.txt
delete mode 100644 secrets/nix-community-alert-bot.txt
diff --git a/.sops.yaml b/.sops.yaml
index 142169d..af1b6a1 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,6 +9,13 @@ keys:
# scan new hosts like this:
# $ nix-shell -p ssh-to-age --run 'ssh-keyscan buildXX.nix-community.org | ssh-to-age'
creation_rules:
+ - path_regex: secrets.yaml$
+ key_groups:
+ - age:
+ - *mic92
+ - *ryantm
+ pgp:
+ - *zimbatm
- path_regex: terraform/secrets.yaml$
key_groups:
- age:
diff --git a/secrets.yaml b/secrets.yaml
new file mode 100644
index 0000000..1ba6f91
--- /dev/null
+++ b/secrets.yaml
@@ -0,0 +1,50 @@
+build01-admin: ENC[AES256_GCM,data:tuqlB/ScHwatYEfsJFFVDHnjtx0QR3LVwicYp0KdCiEaXk13brOmERxaXpzHyQJP3TYGMHJXfda7XKG5VCIhKzCgLPbtiVR2egnx+wsbH5SAEzSSD2S8M4CLaOldKyw=,iv:OZbzIvlNKyWr2xfayKfUSShnL1v5URxDsnln6H2Oqfg=,tag:X2/dyVtNzYwC5s1OmrQw8g==,type:str]
+build02-root: ENC[AES256_GCM,data:cNqf/Gw+d6mi5buPZu4+,iv:afT+IPf1HY98QQeBEVEfelEpcxTZHsAmDttEdyfvkWA=,tag:MUjl56D52rsHfpqt4tGcnw==,type:str]
+build02-admin: ENC[AES256_GCM,data:rTVQQnj9yBaiUnib4GAYBsoDZjs8PJ0kb6GLr3iOhhW92s26veybw3ZsdGSEJPdsE0xD9NtaN8DHfMP/bgA1gUX9y2+qcmRfkbT67LFo9fkw4AKSkC5fABtq1EeHQfE3zLMebVO2g9xnQ3w7Y/HFX8rUlYDA7GhYrTgL7FwXNE+/J6rckv9aW0GxKjvFAhqkCbXxDGHebxpIBDbgF1JldmHDFQ==,iv:YXERjZTyNGAlK/9C4i2L/P9p+P9cz46/yk/fda3ryu8=,tag:MuDFM6zg+LSoPkkmK3UFgA==,type:str]
+build03-admin: ENC[AES256_GCM,data:iyGHkBDqPOPtia4PK6Iabq/1mAvK8JAtozydY0hARyMqaGocyqHb8NwSdEEPb1CQ6aKUzP/D43IvN1POHLpQsdoieUaCsPZ0ACJuoOnJLQOsyZ9PckY=,iv:RzJDG4mfpMLfF7OxdEm+ZLUWcV6NoyrvEama5w6kiKA=,tag:F3dcO0/fpxVLP7FdbpJl/g==,type:str]
+build04-root: ENC[AES256_GCM,data:Qy3xWgN6HCYRxAd/WArd,iv:2OT9i2YFHqiRx8cyPZ6oW/rxWNgqXdzD+Kk4dP1HbrY=,tag:JQ76gLcCau+ozMOZPcifeg==,type:str]
+nix-community-alert-bot: ENC[AES256_GCM,data:Yg69dnfFGXtMTLeyXnMjeIc8+fBmeA4lEYNwSh/ahHdVd/um8oe+CSBDhIqio2sB+GrrpoNAwMf+6rC5fK7q71eAoKcrzjz2nneJdYY=,iv:fbF8t1ySI4qJ+uj33k2N9C/x7bCFdR5OBI/CGhz3zC8=,tag:xcY0Zxtb/w9vRpA56ro8Hw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZElFWTlsQ0E3dklVaSt1
+ a09JOVRYUm5LTHpuR0l5dDN0dCs4UmhZc0FjCjRkaVJLSGd6TlBhNE1XSGo3cWVT
+ aWZvYTFRKzVwd0p0UUZnTzBuT3FoS3cKLS0tIFAwL3ZVTXduSzNjU2R3VC9hc0pN
+ SVVIUnQ4MVpHZkNHOWFvVzk4RXI0ejQKw4NXNuchu16yRHaHsnqcoEoJkDYd5X7u
+ LJu7/LEWPECi0qAhCsJig+P68mxPAc+QsUWMzYdx89F5Pcj4DKI2ww==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1g5U1o3bjZMNGdjWDFO
+ SWR5WHQ5d08rL2U2NFExVDhyMTQvMGUyUm0wClBYZndiMlVDZUVHSnJxd2xvektF
+ dUtzeXNlWjd1OURxUzlySUswSlB3dFUKLS0tIFpBRUpiSEtUaFhQL0N2dm4vbmxO
+ TGM3UllhQzBIWjRqczFMRVZ2V2VsTnMKhLK06AuED/gfAmUZkXKO6lHxIRe1RkFF
+ 95u6iOwl4zyRPNHVQ1H34eIf2+E8VITd+e1kHfLL3eR6vbWzdn7uOQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-05-15T15:10:47Z"
+ mac: ENC[AES256_GCM,data:84k2zEIwtTMrSsSNL/W1S1OpdtOwpvmWGbFrUvHc5X9tv7g0ebT3YlCXv48n3gZVm8Wq+N+Q8E3l2M5mrWPJ/A2RMkxmnTro06q8p6Xm66n0ojAot6CxMKjnCGESmrNCx9B1ngPbwapECjGfW6PQo3ilvIrdX+KitG6WwQTGDJM=,iv:Vg89ScU5wrs/m2Q7RgJULMZ+jeN/UMk6RoN1hHQERNY=,tag:hNnZQju6jmwi7vqys4aeyg==,type:str]
+ pgp:
+ - created_at: "2022-05-15T15:06:45Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQEMA3tEuTsG48KkAQgAkJXXuKOQuiPn32ejkssnDFjm4oxKMX6kE6/1JlQexuGj
+ e2tdcofJzMYEwpi9wgQ1V5uKsITqjl7BJZNFCYWx3xZukRjk2dY4mwxvVUGDjiFh
+ jpWwLAUeLlcwO8S7DUbhQkgpz8lk+XLDpeL+XcGFlwdEIhWzm8pnusjEys8b3dpD
+ Qos6dD82RkenmCj0p+W1OvLu6PJrKYq6fK1sIHaUrIf3U18nQkrxu1X2fNvT23eJ
+ DpO+6KDbaCq1lTtwNK/Eyn/mBYp1dISkBAeE7hk2XVcBVqxeYUPcrtmQRHkneyZM
+ Nb30Z8qCocWSkXYV38p6LZP9YccoPeDG2ggDs8c1ftJeAYUOnLuSHqG362ulgSSu
+ nesbmv88rw7gkEviP5wImmqzgUY/JWdhM/6g1qm94Ylnt56/p5JFdBsckP/V8dzC
+ sIdEDUHiPvTEPCrNBWbqCcXLJv51o/BR8KQycx+89A==
+ =bMCk
+ -----END PGP MESSAGE-----
+ fp: 260353B993F8CE16752EF48C71BAF6D40C1D63D7
+ unencrypted_suffix: _unencrypted
+ version: 3.7.3
diff --git a/secrets/build01-admin.txt b/secrets/build01-admin.txt
deleted file mode 100644
index a5683bba1c5640443236dc5ba60662812adfefab..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 117
zcmV-*0E+(rM@dveQdv+`0B%C1r;Ar4ciT_VlgnRT=;Twfvqh?7m4DLl8Wam(xQX+4
zeAA-X_bVN`c@fw(`{E4_&N^iyuc99nDR}<}{NWZRW@@?0j~j&~XR4w()~n>=HNO?B
X5~KTa>|_WpYU(%U<1?~;#w6vYt0Oso
diff --git a/secrets/build02-admin.txt b/secrets/build02-admin.txt
deleted file mode 100644
index b014a5f72f34aa8fc8f44b001b615ab44666233b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 185
zcmV;q07m}+M@dveQdv+`0K)CrgpZd|wC`K<`sYPu2i6~1Wx!5oo^V?p3_cV1OhQs@
zj@o-f;#&tF(J|ppzzPM<WBJTaJ~j7L+-XmW@$2QtWCn319hP3hW>>Y;qx>2mIUqc`
zfP^P;++F`3XOZ=D3_)v{P}1Grpn79dlj`EaHB!dAEZv;TZ9Z4T#%Dx=u3n&B=}n+!
nJYB_d3|6<Mv`Llapw4S*nhIUqCDFGS2Ucs>eSxT+{7lARBwt%*
diff --git a/secrets/build02-root.txt b/secrets/build02-root.txt
deleted file mode 100644
index 29f30900cc3fc7d94d376a3fde26a51ae1c8a356..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ucmZQ@_Y83kiVO&0*!WE9tX*ASTlSM}d9@FckCjQ>x_=_%jra-gr9uEXj1let
diff --git a/secrets/build03-admin.txt b/secrets/build03-admin.txt
deleted file mode 100644
index 4ac2916a7fbf28a934a70aacb942cc31134eb40c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 108
zcmV-y0F(a!M@dveQdv+`0OFS*@K&+(Ydj~rM5TXwp97KI&!Gw<qseF&FzO5=gKSxP
ze4^&HmXu0#9ej}E5cMo(C&)0OJQO&@xn{Bg&F<DRgFSXECPW?jNz)GMd&#MTM|)ga
Ohi+W(5#VpA{F!GeY%&!9
diff --git a/secrets/build04-root.txt b/secrets/build04-root.txt
deleted file mode 100644
index 706d9a2dae67110e971a8e859c9f2aafea91d2fe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 38
ucmZQ@_Y83kiVO&0U}M*J2y}?ZK6Zh>duvJcu1jJ5s=HiT1X-NU90UO95e?S>
diff --git a/secrets/nix-community-alert-bot.txt b/secrets/nix-community-alert-bot.txt
deleted file mode 100644
index 72b0c1e94c480c9b73834c3a1dd28e9cc632069b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 99
zcmV-p0G$5-M@dveQdv+`0Ee;^{1EB>@)~_TC`Bl}!iek{Zr$`tY+TgmTi!SkrX|Pp
z5pf!8ep^vzSbJTbSit$&y)6pXeHxh+Nmh@OQkVf3@-W(Td)Qi&Onsyg8zmAUXOfTn
FcrKs~EFb^?