From e344613ebcec83ce61367b33c68cc85ef6c985a9 Mon Sep 17 00:00:00 2001 From: John Bowdre Date: Thu, 9 Jan 2025 08:55:43 -0600 Subject: [PATCH] sops: add work identity --- .sops.yaml | 6 +++--- home/global/secrets.yaml | 27 ++++++++++++++++++--------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index d786831..ec64f89 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,9 @@ keys: - - &users: + - &users - &john age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt + - &john-work age1l7e29a95nat4qm4yraxhg6n2lzefp6ppt9hrap0zf0pm08vnquws8amdmm creation_rules: - path_regex: home/global/secrets.ya?ml$ key_groups: - - age: - - *john + - age: *users diff --git a/home/global/secrets.yaml b/home/global/secrets.yaml index 7f94d32..9680850 100644 --- a/home/global/secrets.yaml +++ b/home/global/secrets.yaml @@ -1,5 +1,5 @@ -tempest-station: ENC[AES256_GCM,data:FaDaqpLl,iv:PTPeOhDZwYIJspirN/9Ncw4KI70oBvNtYHVeGc/Lo/c=,tag:qrdJLRGe16V2NAwDlIozWw==,type:str] -tempest-token: ENC[AES256_GCM,data:mSpZdECMQWn9DLYADnfVPyc6oR1m1R7bf4PYLH/F6YFmxPfW,iv:mNH4oyDY/DOlXO5uj/HemfaVK6CqG0RIp6G9ywC+eNY=,tag:uba+AYAUY8r+1z242/8Tgw==,type:str] +tempest-station: ENC[AES256_GCM,data:zEBjoB5f,iv:ZTOOHsqNWD01Kz4ynsLtJCJ2iRzO6dtevTSb+vZYFZc=,tag:D5p/VuRZMZsknRe/nrFAWA==,type:str] +tempest-token: ENC[AES256_GCM,data:l/GqoDJ8TNvBoLuPkv0gYxC+uGSe+tslB/3mpchhoZYJNiBH,iv:INORWAjAvL/iTuZ2wuwH/2OcLc/QhE9RmsKUnDxQtjw=,tag:Kxb1lKJ7yzzmza19l9elGQ==,type:str] sops: kms: [] gcp_kms: [] @@ -9,14 +9,23 @@ sops: - recipient: age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZEplR3YyT3crQi9BeW5I - aUhkMmpiTkxiQk5qOEFpL2NEaWxYSVRpMHhZClRkbTBjajVoRE1ldVZDV1ZWZndm - S0J2YU91VzlZZHFmdmtZejhsSU1kQUkKLS0tIC9HZHFOUXBRaDB5K0ZSTW16KzZF - OXNIL1RLL2JuMURTenhaUUkvbDl1d0kK+xHbc67E9NNNDelKuKfBB/59taJyuon+ - YpftfBZRmvONdl3eWNPSDygEuAP7uP8/APsI0SThZBDyL6KLk515tA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxYnJNQ2ZEaWlwNlFZRGpK + alBCUmQwaXZEa25JMUN2dVk4cjhPMDZ6eFRZCldHbmNWRnkvelViMnI0VFBRaVdn + a01VcGFzbHNPUFlCZGtjMkZoalBpMkEKLS0tIC9tdElZS3hTckt5N3Y4REJMTWhG + Ylh5N2hpKzNzR2F3LzBPTkw3UUU1YmsKmzyo8LN7s5qjtw/rxlUzb0onSuxHy+J1 + gRR5Fm/1c1g7pa1QZL7/3ZRvWFFbzk7G038hN+CR3BmVosQsIIBVmg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-09T03:36:30Z" - mac: ENC[AES256_GCM,data:WHu28jAhHHOaNURxCN5PKFeBNgXq2DGixKsdpLyj1N+5wHCuNDMW4a6qWsNfbZ589d0J6UBZp0lPzze/VzGtH2OLZUx0Ai75ALCm44mJwTnzHcECK0rTQoAECoOWd5O0UBP1rbCLT43JOEaVNzN1pe62kNj+x+PkQt5HRqCMyLo=,iv:5JLsPOjjlL7iDM0Fnm1z1/c+mSK/FVIWsB3Z73m9HvA=,tag:9Ffw2cusPYfJIrYCR74D+Q==,type:str] + - recipient: age1l7e29a95nat4qm4yraxhg6n2lzefp6ppt9hrap0zf0pm08vnquws8amdmm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSTNCWXN0NTVPT2V5MUZ6 + SnhsZGZRYnVSc3dNVk4xYm9ZNXo1d1BDSlRBClFYL0djRTFJUzJ0cG5meVc4Qkll + N3RZQTNNMFFGRGhCNjQ4UzhBczEvS3cKLS0tIGhJaEVvSiszRlptUkN0RUVmQ2hs + WUtrRmE2a1BNVCswZ3RLOW9tc2Fsb2cKonFNehHOwgxetsh43G3ZoFyXBNgvN4ah + 0yaVkC1LJ0eCrwbN7+AmA7sqEy4zghxHiaO9cQ7OGJ1VPn85OcJFqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-09T14:54:47Z" + mac: ENC[AES256_GCM,data:b9acqiqYXVbjZvaK1xfHNg7AREoIoK5uYHbcASGKI7ufvyhM/cJuwgpFBeCjp1pIM8cWRCO1B9YK+Xmmn7+wQWkt41qOfDWPNurr/u9kPAdM79hnryqgRVjOjK17RSkkRPwve9VosH9V4HVywhOUr7WFBmlnxm5yxrZLR7aDhIM=,iv:6PKTdzpFuOULt0h1/mzUSJp5JtuiJ1TzsgaEPvKDCaE=,tag:U6eU8ov3kidpgcYEpeUwcA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2