commit f6315f8296e18c443aceafd22a353a6703deadb0 parent 5290a0e15dacff213a132a9fa50abcee918102e3 Author: Vincent Demeester <vincent@sbr.pm> Date: Tue, 26 Oct 2021 19:04:01 +0200 sops: add different secret rules per hosts Hosts specific secrets are split into folders, and should be readable only by "vincent" and themselves. Signed-off-by: Vincent Demeester <vincent@sbr.pm> Diffstat:
M | .sops.yaml | | | 34 | ++++++++++++++++++++-------------- |
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/.sops.yaml b/.sops.yaml @@ -5,20 +5,26 @@ keys: - &sakhalin 8b80ab02638ab9c34f6c21bd69928b5908e10cbf - &kerkouane b8b02c0885a74753f8fb53f031f0386f20f3e4ec creation_rules: - # - path_regex: secrets/admins/[^/]+\.yaml$ - # key_groups: - # - pgp: - # - *joerg - # - path_regex: eve/secrets/[^/]+\.yaml$ - # key_groups: - # - pgp: - # - *joerg - # - *eve - # - path_regex: eva/secrets/[^/]+\.yaml$ - # key_groups: - # - pgp: - # - *joerg - # - *eva + - path_regex: secrets/wakasu/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *wakasu + - path_regex: secrets/aomi/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *aomi + - path_regex: secrets/sakhalin/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *sakhalin + - path_regex: secrets/kerkouane/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *kerkouane - path_regex: secrets/[^/]+\.yaml$ key_groups: - pgp: