home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit f6315f8296e18c443aceafd22a353a6703deadb0
parent 5290a0e15dacff213a132a9fa50abcee918102e3
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Tue, 26 Oct 2021 19:04:01 +0200

sops: add different secret rules per hosts

Hosts specific secrets are split into folders, and should be readable
only by "vincent" and themselves.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
M.sops.yaml | 34++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml @@ -5,20 +5,26 @@ keys: - &sakhalin 8b80ab02638ab9c34f6c21bd69928b5908e10cbf - &kerkouane b8b02c0885a74753f8fb53f031f0386f20f3e4ec creation_rules: - # - path_regex: secrets/admins/[^/]+\.yaml$ - # key_groups: - # - pgp: - # - *joerg - # - path_regex: eve/secrets/[^/]+\.yaml$ - # key_groups: - # - pgp: - # - *joerg - # - *eve - # - path_regex: eva/secrets/[^/]+\.yaml$ - # key_groups: - # - pgp: - # - *joerg - # - *eva + - path_regex: secrets/wakasu/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *wakasu + - path_regex: secrets/aomi/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *aomi + - path_regex: secrets/sakhalin/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *sakhalin + - path_regex: secrets/kerkouane/[^/]+\.yaml$ + key_grousp: + - pgp: + - *vincent + - *kerkouane - path_regex: secrets/[^/]+\.yaml$ key_groups: - pgp: