41 lines
1.4 KiB
YAML
41 lines
1.4 KiB
YAML
keys:
|
|
# list any public keys here
|
|
|
|
# pass age-key | rg '# pub'
|
|
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
|
|
|
|
# per-host keys can be derived from a target host's ssh keys like so:
|
|
# ssh host "nix shell nixpkgs#ssh-to-age -c $SHELL -c 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
|
|
- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7
|
|
- &sshd-at-router age1zd7c3g5d20shdftq8ghqm0r92488dg4pdp4gulur7ex3zx2yq35ssxawpn
|
|
- &sshd-at-dragon age12x49p3mwf27r9gdkfmfqu7lr6gwcwznlhcvcgmv8dz3gac2mkdgsp36y9p
|
|
- &ssh-foxtrot age1njnet9ltjuxasqv3ckn67r5natke6xgd8wlx8psf64pyc4duvurqhedw80
|
|
|
|
# after updating this file, you may need to update the keys for any associated files like so:
|
|
# sops updatekeys secrets.file
|
|
|
|
creation_rules:
|
|
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *daniel
|
|
- path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *daniel
|
|
- *sshd-at-beefcake
|
|
- path_regex: secrets/router/[^/]+\.(ya?ml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *daniel
|
|
- *sshd-at-router
|
|
- path_regex: secrets/dragon/[^/]+\.(ya?ml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *daniel
|
|
- *sshd-at-dragon
|
|
- path_regex: secrets/foxtrot/[^/]+\.(ya?ml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *daniel
|
|
- *ssh-foxtrot
|