feat: secrets management

2024-01-25 22:29:40 -03:00
parent 8f054450fb
commit b64e574438
3 changed files with 35 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,3 +5,7 @@ creation_rules:
    key_groups:
      - age:
        - *primary
+  - path_regex: secrets/homex-secrets.yaml$
+    key_groups:
+      - age:
+        - *primary
--- a/hosts/homex/secrets.nix
+++ b/hosts/homex/secrets.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  imports = [ ];
+  options = { };
+  config = {
+    sops.defaultSopsFile = ../../secrets/homex-secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+
+    sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
+  };
+}
--- a/secrets/homex-secrets.yaml
+++ b/secrets/homex-secrets.yaml
@@ -0,0 +1,20 @@
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1sseqwwa7fc0ftry8njyuagdg28fkmtdwmj6m7p3etjsj83suee3shfzjyz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeGg1UzNkV0g1U0J4cUhr
+            dS9lZ1c0c0sxQzJjanRNSVBmQ09rQ1R2S0RRCmhzalFnWUNISis0K1JHSmcyN2cx
+            QWhQWFMxdmxKL1FkYU1PdmFHL1BoQncKLS0tIFN4MFRZTW5mUDI5T1Mra2tMS0Qz
+            amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
+            4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-26T00:59:09Z"
+    mac: ENC[AES256_GCM,data:HNMLXL1s8/rdcmwaUnPoOkI/a+ZkN4Hj5tYt4hpPPTB5tdrTjFum6gk0Dl9RiV2h8x8WIfCk/jUDLgZSbTKrOJTdiD1zw7oBg7SnwLy9Q5yZejQ83J6Sx8E0UVvqg8xT7b+2pwbiou9+xw9s3oW+ipNyQrJHLaOfHp+vwKkNGH4=,iv:Gg0QbvPtw2wD8yez/hXfHAeqnkWgqxJ0JvM+psrVOPY=,tag:M5hFdS9pLQMi5g2SstXZ7w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1