Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity
47d4a60e45
Jafner.net/.sops.yaml
Joey Hafner 1c450159af
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 15s
Details
SSH and echo to file / ssh (push) Failing after 0s
Details
#16 Configure decrypting config.boot 
- Add age recipient key for wizard to .sops.yaml (also placed privatekey on wizard at /config/wizard.host.key)
- Add step to install sops from specific binary release v3.9.1
- Add step to decrypt config.boot locally
- Add step to push decrypted config.boot to vyos host
- Trigger workflow
2024-10-25 13:27:57 -07:00

20 lines
1.2 KiB
YAML
Raw Blame History

creation_rules:
- path_regex: .*
# The below key_group and shamir_threshold configuration
# allows any single author key to decrypt secrets,
# but hosts and deploy runners *must* use both keys
# to decrypt. This prevents a compromised host or
# runner from leaking all secrets.
shamir_threshold: 2
key_groups:
- age: # Author keys; to be held by contributors to the repo
- 'age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00' # joey@dungeon-master
- age: # Author keys (again); hacky way to give author keys a weight of 2 shares
- 'age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00' # joey@dungeon-master
- age: # Deploy keys; to be held by the deploy environment (e.g. Gitea Actions)
- 'age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3' # deploy@gitea.jafner.tools
- age: # Host key; to be held by hosts to which Stacks should be deployed
- 'age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855' # fighter
- 'age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe' # druid
- 'age1m0jpnk4t7hph5tdva3y9ap7scl8vfly9ufazr0h3cuwpcytlsulqjrt58y' # wizard
Reference in New Issue View Git Blame Copy Permalink