nix/.sops.yaml

keys:
  # after updating this, you will need to `sops updatekeys secrets.file` for any files that need the new key(s)
  - &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
  - &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7 # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
creation_rules:
  - path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
    key_groups:
    - age:
      - *daniel
  - path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
    key_groups:
    - age:
      - *daniel
      - *sshd-at-beefcake
Initial commit 2023-09-04 11:40:30 -05:00			`keys:`
Beefcake is alive 2024-09-04 09:19:47 -05:00			# after updating this, you will need to `sops updatekeys secrets.file` for any files that need the new key(s)
Initial commit 2023-09-04 11:40:30 -05:00			`- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key \| rg '# pub'`
Beefcake is alive 2024-09-04 09:19:47 -05:00			`- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7 # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub \| ssh-to-age'"`
Initial commit 2023-09-04 11:40:30 -05:00			`creation_rules:`
			`- path_regex: secrets/[^/]+\.(ya?ml\|json\|env\|ini)$`
			`key_groups:`
			`- age:`
			`- *daniel`
			`- path_regex: secrets/beefcake/[^/]+\.(ya?ml\|json\|env\|ini)$`
			`key_groups:`
			`- age:`
			`- *daniel`
			`- *sshd-at-beefcake`