From b9a5d97bf892bd046afb670e4d362b0e1386f184 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Jun 2023 23:35:56 +0200 Subject: [PATCH] sops: add keys for tsp,x --- .sops.yaml | 10 ++++++++- secrets/common.yaml | 54 ++++++++++++++++++++++++++------------------- 2 files changed, 40 insertions(+), 24 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index fac0243..5c0069b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,17 +1,25 @@ keys: - &makefu F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029 - &x_host age1hqe5hs2jz2fk5zvw346ajhwlagkheunacahpu42uruxu0nlnwy7qn9q5k6 + - &tsp_host age1p7jqdpahxtf7j70kmzy7vg6za7wg63u6sq7ywuw6qkw0qek395nq5kyzae creation_rules: - path_regex: secrets/common.yaml$ key_groups: - pgp: - *makefu age: + - *tsp_host - *x_host # host secrets - - path_regex: 1systems/x/[^/]+\.yaml$ + - path_regex: secrets/x.yaml$ key_groups: - pgp: - *makefu age: - *x_host + - path_regex: secrets/tsp.yaml$ + key_groups: + - pgp: + - *makefu + age: + - *tsp_host diff --git a/secrets/common.yaml b/secrets/common.yaml index 2cf56af..87a9695 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -1,43 +1,51 @@ passwd: makefu: ENC[AES256_GCM,data:ngurdwDduc4Jzye8XDRI8ZcYJci8SSYlHOlTadc6S44q55AAJ2M8x1XpKZ6u+a0FIOKcZx3zFWvYJdLvl+xl6Z4IAwYWXpormMo5d8ob/9BRzubRA6PBIPpWqDZB2RPdyHeRU+QAqBdL8A==,iv:ENLFCeREvsGmTqEmWMQp5ThJEQlFH7cSREHTtyHE93k=,tag:Nibavv3V2mki6LNHNsNzxQ==,type:str] root: ENC[AES256_GCM,data:/WqrvgFe2Fa6RZ2ZkcykevFOfh+GEy89ZfS+n4eLJI5lhDEyt5d5M/kx0bRsWboD33jM+aYYREKFmP3nYXCZw6U1WaLUMVYgf91onmF0sNRVdEpuhCQiLFI8gM0SVfToWg/p3qeULcQ5gA==,iv:ZNsTYISSm9Z6aCaTYGi69D7ArKpBmL1MLryb1hbcmzU=,tag:PdAJGuV8Azm/k92P1uvJQQ==,type:str] - a: ENC[AES256_GCM,data:jw==,iv:C5nssiDSWWhF3lJMr/4R6b+rYpZLIrYtJ2BEjUyyUTc=,tag:HW/Tqad/tumfD4fTY9jqeA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: + - recipient: age1p7jqdpahxtf7j70kmzy7vg6za7wg63u6sq7ywuw6qkw0qek395nq5kyzae + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUUQwRjVYSzhDZFVXWTBS + czB4TXZuc2VXSDNtbkZZZC9hZ3c5bkNqaXdNCnJJV2RHWWVES1hpSlI5WURWOGRv + a1J1MTd0Q3pFVHFSNDNWdGFEWEp2emcKLS0tIGhndkxkQitzZ3QwUEJGdU5FMjFP + S2xPTlVlOHNvQVc0L3NaaG52cmM0QXMK6Y/PpW55BwjUniYa2Q07QzIgVxTwH/gy + 4qZnGaOPi+BTwMWG9/h5kbbdVBZ/PdpmzzGw2qcfFA4SotA4xj9cyw== + -----END AGE ENCRYPTED FILE----- - recipient: age1hqe5hs2jz2fk5zvw346ajhwlagkheunacahpu42uruxu0nlnwy7qn9q5k6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaEExRXJJV1pZV1R6WUUz - VUU2WTdkQTlybElIazVJcXBqS2hvRVZXU3lZCkVLYmxNamNQcThhMlRuQ3F2Z0RC - TWd2ckZ1WHhuZXowZmpFc25JRXlVUlkKLS0tIFpvbGNnMEpQalpBTW5CYklYMmRJ - M1ZYako3U2NzcVhqenZuTjRKSkpsRnMKssLyuNfy6zXMwfA8maV8PP6unCvJSWRz - IKTVyg/ZX4HWHV+cbfM1VQvakeiT0D3ji/u4jpJFIdmd/bQu6wuHqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNjQzMVl4cVNWWWlJMnl4 + cWdYRE5va0ZhM2pRY21Nb0NFcnVqMjc5ZlhjCllUOFNNZ3oyUzRVUzE5Q0J2aGI0 + ak1GR1lvdVNzSEJxNUJRKzBSOU15K2cKLS0tIGE5V09lVmVwUHhuVUZDWDljNDYx + TlZpeGU5YnF0V3V4T1drYTJGcC96MUUK89QI1fgqaMqgqjnTkokuQIvUEOLznHE7 + EanxjY1iez8dKrgdm67GHRPtd54m7wckDnAvENq7FxwOAyZrmnfW7w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-10T22:16:07Z" - mac: ENC[AES256_GCM,data:uRa8dJpc8eapcKDgsXKl3mbeYfd8tOsmsLMaQTd4B2CMqAsMkOxQhPZjOdfd4CEuqmx/W92O8lMpjIiuYA/p2wWWHT+RN3R9NUAn0KO/9oFKqHMe086FDOgi6ruERWx8p+oDavHAcff/9BlfRbGOO8/iLU3J3m34otB6RUIP9A4=,iv:0bbNv2Ur7kLun6KWfW9UY/Y+8HGcjo/3uUa1KICC92w=,tag:Ku7rWD93eWFpZnOU1beUVg==,type:str] + lastmodified: "2023-06-14T19:55:31Z" + mac: ENC[AES256_GCM,data:OJ2vp00y6k/KDJ1jqyK4/QAt383Mi4mP/cnLTS4OOiZzNhujIAFLg5l/STdPrZe7y4GuczH08+kzSUgENwwYQApYEzupKsd+TUyXWYQzVuXX2pmrkVJD9umdsGt/gY3P7ykxM3gaN5SeflJIij/MQSlnuvYPVuI1dyCnyPnK6aE=,iv:on00K4KOk43Js8+/wPcU0e6qwwlZP4q2uiHc9hHYalQ=,tag:8JW4EhictAqOSzpk1h9oBg==,type:str] pgp: - - created_at: "2023-06-10T22:31:38Z" + - created_at: "2023-06-14T20:06:20Z" enc: |- -----BEGIN PGP MESSAGE----- - wcFMA9JutVRDNegnAQ//bhs6s7+2YkwiPq/sID5PwYKKxMW8oriBF0oT7DfEd8ob - fwzK+T7tv+r/wWfC5Q97PKCsZxxxNTq5/cJ3qFIhuzsmVUVARL4NK5E3LN0COJJE - cx6b5Jjg/DGMB8VrUOqJl9QgnU7oM0O+gN/SBsIoItoKwK3yyMYcGrhM6XaRQVAs - HeUJV72Olqx0DD3+0k+KTdnhMwqBGo7glXcc+hngQW9+U1uW1sFdqF/1sFJFKbuh - rmLl/C5Idxlys4HaJJ9rx6/2hzh+/Xu2L/sstSgLxeTZ3hCjM8J4DmrL16gCeDRZ - RLzXnLYWTYWH/D91dWRrCLhLNk4KtGrQGhyNDfU1OAyo910mBmy7sRdM8iaasYdG - GcqhLZVkzqc/PmDrUL/ByG+/yQi2AysQchTIwW73tCzWfZmP64WOovdyKtdcA098 - phQriPNa3S1kn6ithLbj+op1iQFs1PblF8KjgpPQadairx2HGNtgnlexqXcCw5mH - LWwWsr4mI6M84+A6sjFbhp0/ds0Q1VzzEwXhdFPa0aTWis59oGYy4QmgqW4WnFQG - 2SvzXNJG2hzYbK/2JrWAJerNs5zASBTSMSxITfiWM4UY8J16WPyyOuWRTKAxGjs4 - acNOtMqKldsCRcZB3/4OYINdymG/yuIXOXaO5D2SBpjwdj96m1UPAL3a8C1fePvS - UQGlLX2wQfHWO24rCakEG3e3LEBR/o1HYwBNM8XGQd1z5GtUehn7duxS2aohUTct - cLX/WLe7lKJVnW5qSkBIfTy3jAGmfIAznWWHv9kCHiR7Pw== - =lMPO + wcFMA9JutVRDNegnAQ/6A/jLsJmB/g5nWE/Fu//krIkf9dw9a4hM1juKT2IxfDue + HX/KUhMNvSPNWqQ49WJUJOzl0gCSIp8NyzZCztYRQ2/kLW5Vh0YA/ifS/jMv3dkx + mDhZikFsjw4aIhxobys3jb5WjrP0/Z7ASBegkSM5gONgu2RaereCPJXGT9rnZB8m + M2ZAiqLXf0qVcdUh1Wjbe23oqPFAGu9a7kZ1XntXGwTlrfJH0Rjq+xIs1UKNB2ux + v/gSC5xP0Fzed56PTv7k62CjSUqnSWlb98oJroQ+diK23wRwHGukvpGldId/nvUo + 3JiY4/I/2LDQCu+8Thd7WvQ2K4J7ioG6TkMS3+9F4SMHuW0hOT4KrBblA04RYF/x + PRWCHrTVDZunzDW3boPZIR1i37KfgoYFA+5YlR8KaLWHXe8Tg4jVPrbzYTd7ggFd + 96xnL4IsNabnLrihXg8+ir/w35bmY5wwwal3aGCNhCpWCQWDn/ZwsKtvAOmFOmqG + QkUjp95u/iW6AcahgjNy9IzNPVfzLqyzQrf/7jG/D/FD+r1t/6ShdARR5QxEQ85t + y7CcJ+vEuKQhAd0SP7oshZZ3cl1OpkEtl5rpdUiSRO3F7wWj8tu05PfDfr2OikUv + rgouK4NmvTX2y0PtJK2uX0BLNkNWgxjmvcpqZwQNDX6mNPd9L277YQCBQhXcu7zS + UQFMO7mn9rJx6jJzWlAL41CIXQ1VE+/uB8ZGJp//46QspaeGNPge5GQH3B7SvQq7 + NjejELOh+2VJIWUSlykkTeWOmGK60luDuww3G8FTG+p55A== + =Tk8d -----END PGP MESSAGE----- fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029 unencrypted_suffix: _unencrypted