surtur
62518f7ad7
the workflow is as follows:
* age is used to manually encrypt e.g the sops keys file so it can
securely be stored in git
* homeage decrypts the file and symlinks it where sops expects it to
be present. decrypted, which it will be, but it will in fact be
residing in $XDG_RUNTIME_DIR (which *should* be tmpfs) and only be
symlinked to $HOME/...
* sops can from then on be used to manage arbitrary secrets as usual
21 lines
1.0 KiB
YAML
21 lines
1.0 KiB
YAML
sops:
|
|
kms: []
|
|
gcp_kms: []
|
|
azure_kv: []
|
|
hc_vault: []
|
|
age:
|
|
- recipient: age1nt7a9nsgwsf7c9x8yx3qu8w24svz02hpfuwtmk8dazw6j6lh33hsgv8erk
|
|
enc: |
|
|
-----BEGIN AGE ENCRYPTED FILE-----
|
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORW1QaS91aGpTT1RINTJS
|
|
ZGMvQVU1OXc4dERoMWcwOXJaVWlFSDlKQ0NrClFCZVpUOCs5RVZhRVBkdDNTdVJX
|
|
bHlUNWw1dHNVRFlRQ0tuSnRqQ3hjWGcKLS0tIE4vWDlyK2NkZkpqVHV5aVBpWWxz
|
|
ekw2d2FVS3dxUmpzV3pXOWZTaENwR0UKH93OIxoc09BGqfJWxYvfZFXrNrQbv65H
|
|
K1IEVR31Qno9YQuwnrKJ6SR5MlvJ6A8FeGmqgoyWj4pLRU35a1XQCg==
|
|
-----END AGE ENCRYPTED FILE-----
|
|
lastmodified: "2022-09-10T14:25:34Z"
|
|
mac: ENC[AES256_GCM,data:YIuDT6kePJUOVADzIFsGKDKLcXPmDehtg1sH7ve7/3ko51N94Q7WyiXakcMliSMKQvfziWSpjQm7EsRJAZxDWd9ecweNHIgFxJdrAWHKbptxtFa2WedjP/R1Xau5NE53E3B1Hicq8wh6tgQjubUpR+IPzpnjUETxAcLuKRjmS0o=,iv:AWSCTld6BboQUgf2XZdB2wxiSlbT8JtYATw702Q2YeM=,tag:R8nEF5fBMy07v74V6H8TJQ==,type:str]
|
|
pgp: []
|
|
unencrypted_suffix: _unencrypted
|
|
version: 3.7.3
|