From 7464e0b710fbe3e81f64b231c9c6d99f1d4c2c3a Mon Sep 17 00:00:00 2001
From: ahtlon <git@ahtlon.de>
Date: Thu, 5 Feb 2026 18:22:59 +0100
Subject: [PATCH] [vaultwarden] add vaultwarden key and rekey secrets

---
 machines/.sops.yaml               |  2 +
 machines/vaultwarden/secrets.yaml | 75 +++++++++++++++++--------------
 2 files changed, 44 insertions(+), 33 deletions(-)

diff --git a/machines/.sops.yaml b/machines/.sops.yaml
index a07894d3..ffb8e6b3 100644
--- a/machines/.sops.yaml
+++ b/machines/.sops.yaml
@@ -14,6 +14,7 @@ keys:
   - &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
   - &machine_fanny age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
   - &machine_nextcloud age1g084sl230x94mkd2wq92s03mw0e8mnpjdjfx9uzaxw6psm8neyzqqwpnqe
+  - &machine_vaultwarden age1zs9puemeevc5kt84w9d2mc5396w0t9p60qxymkpatwvwxunzs5usmxr3an
   #this dummy key is used for testing.
   - &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
 creation_rules:
@@ -103,6 +104,7 @@ creation_rules:
       - *admin_kalipso_dsktp
       age:
       - *admin_atlan
+      - *machine_vaultwarden
   - path_regex: .*/secrets/.*
     key_groups:
     - pgp:
diff --git a/machines/vaultwarden/secrets.yaml b/machines/vaultwarden/secrets.yaml
index 2ff0d537..2cc0b821 100644
--- a/machines/vaultwarden/secrets.yaml
+++ b/machines/vaultwarden/secrets.yaml
@@ -4,51 +4,60 @@ sops:
         - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRnd3NGpkWjZVZjYxZ2VP
-            QUpTMjNwTml3NW8zL2o2c2R0TE53aEtlK0JNCi9jTjhZVXNMZ29oNDIrbFJBenkz
-            UkVBKzBQVUlYREc3bkxRb1R6RE5MaUUKLS0tIDJmdmlidmZCOXU5dDdFRmY2Q2pu
-            bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc
-            2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMk9xN1ZLSFc2QWQza3Zp
+            R0ladFBENFpXYWdjOE9XZm9Eek91dGxGOGdvCnpVaXU1RTZpVXYrZThGOEdnNytn
+            Vi95MTJNS09EMU5WMWwvRGlLUUdudEEKLS0tIGtUOWlWSSs0STA5ZkU0RzZpQ1c1
+            bGpVcVJJWk0vMUNoaEJvY3ZLNTRacWcKLkRr+vi2oIPiB1BbSTX71FFKuxysxE0n
+            0+0aHEFAj8LX3hyEiDzQA3IkX9GP9ba/x+XUMBdWwyw25MnUMVFKTQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1zs9puemeevc5kt84w9d2mc5396w0t9p60qxymkpatwvwxunzs5usmxr3an
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwS0ZHOXJSUTdlMGIzU0Nh
+            SzJDcHdvb3dmZ3dTWFJkaE9wZXFmVE9ZUkJBCjk4eTRhb3RkTlJRSUVSK2RWbDc0
+            cEtycnFOZlU5ellTSFZXc2ZVZ3lwZU0KLS0tIHpyQ1NCR2dWNURxT0pxcmxMWTlo
+            NGJqai9HNjdkc1NOTGRtSFZWWDIvQkEKe3GqRFTdMQwPbavO6bDobWMf7FwJx1OA
+            7JufIAMJORTfDTyC2fN3bpcZ+UcbPm2pplyzJ6T5p4wOFqQhRrHHyQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2026-02-03T20:58:16Z"
     mac: ENC[AES256_GCM,data:zxM4GRwlcYoJF51Hbe0VfWvO9PrHQeCUTrGgiVgrP91qX51WTGWfCQfAVAouT3sEvE6Ie5bnAMUWjVjIrnRS6WUCQwUBwFYYUKIkJPooKwlvXRAuZ9UGZERi0/i43WKwB3/xSyVqRb9T5M6exjlkYCuE4Yv3lSEUiIn8fu/Zaas=,iv:D6f3V19E+4qukW8i9wKtNPKfYgD3OXztkICMhD24IzY=,tag:e97txZiaqDPxCLQUbNHwwg==,type:str]
     pgp:
-        - created_at: "2025-12-18T17:32:21Z"
+        - created_at: "2026-02-05T17:22:42Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQGMA5HdvEwzh/H7AQv/X02f2/84Twa9Sgj7husyP8ZOva1gsUnakZRd670K1Vxe
-            Z7eY4THMkP59qtbzCDkop0GulM1WNXd3jocT169WKYA5+myjNl131Ppn/DfAHMCk
-            QqguILH7K8X7zQkDU6Y4LE2sLuxYeoYz7aptdwoZpWZRKJjX6Q0pFrbFLZP54CJD
-            BXqcRAGHXSmr8lMJVmaQolzyn9B08Vv/D1LTfgI9qA+K+sxjKQopOjvv03NFSM67
-            PbNNqjQpToM2LaFJTfxXrwljRUkt1BN98wxKlFRIKVbb4spezYHFU+zf5XqM8+sg
-            V9mIGw/5lhYPfSB9EN/2mcqabaWFEqmhBRKRHVirXWBrUmvb5+cKTRQ93zM7Lipr
-            prz7MK+1DRxB5BgKxOiLTz+q/1JlmwpulxBBSSd8o3nHhpjEyaMBoa30TYuUWAVl
-            lW8zCC9H0H8vnqam2OXalu6tu8jvQ6AIquQGOKb3NtWf6pCTQNv0F7t0AWK2zkUL
-            WjrkEiG3lv3vGJeVGq9U0lgBj8HtXnnHsDMJkhPGClQeJcWiv7Tj8f79+Mni8QhM
-            dVWXVesg+dsUazptP35n2S2XlLY8Jk3tyD1KTLrt5R/MMGhAZOmgPS4I4q+zrZSj
-            S0Dj9iTJcJ/F
-            =YEYS
+            hQGMA5HdvEwzh/H7AQv/XLqprcMEI3EYKJw/DA5w64lHAXKzkf8bKpFPWYSnbqMT
+            ajDkcOhA+KMRt1Qgr8aCW7cnWLfy6Ff7U2rSFQ4uBgGKChmYSiMiPdEokYQuYbFE
+            pJh/j4qGcewVpQDVe6N+obqZ0n5oQImn0mO8KkXjrcBhrhuLThAeNxFl7RILOfD0
+            HPFYwy6vMIVPFYCAm4CqIjsMo4feCPYcpxJJwO4aRISkR8vcGAgu9/wWhQIxvdPf
+            O4gTcRshfX6C+TwnwW6Ac7D1rDS5HBnQF4pD4wfYEI00qHKHgeYC4TrEnmta6MG2
+            bvOQBbAUDSf3heEcQ3CwqcRDHzIssAlbW3p9nBRUVOuOta+3rV29lSuz8cbEqVOs
+            MOwN/atluA1jhWgZbt+8SuoleHnbR+hJNJnplvoKN2PmJ3tEbpSCaRaZVaaRFEhm
+            K1tLG2B5IaKMY4n0N1bPnFcvL7s1xS0INPodXzJITyvuJssEL5Dc+YEWxNvEmHGJ
+            ttlyHBJCxWOHsPMh2UcB0lgBBtJt+O2lcAIpwky9T2ufj1EFzLkXV4Sf39S6J/PI
+            814IQE1Bmuy1qqkGhc6WthiooVf/udtWgehwQFwrpY+35GaNQHluFJOrthqraYXK
+            shMbX3AZdLuu
+            =w602
             -----END PGP MESSAGE-----
           fp: c4639370c41133a738f643a591ddbc4c3387f1fb
-        - created_at: "2025-12-18T17:32:21Z"
+        - created_at: "2026-02-05T17:22:42Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA98TrrsQEbXUAQ/+LMZHO0oxmlivnL1qKaDz5JKAL718pHmjshxc53gUo4aN
-            x9WC4USniK8IMV4MTZUxti/ekJ5Bxd+myMMIORHE4R1q1FNO1tWx9n8PXAVhIrDx
-            XF/2NZKzUzCHd3OE3GvS+LSTITLnJdtSuAOPA9MjOeC2TU52r3CkNxUfYMjLYIuk
-            soZi8HfTWVfXKyEq300CLdEqoiaN6lqaxY+e0LoiQjPTpZSs0KhpcjvvmKBpZI0x
-            temAZ+VbEU93DuCVxsXQAQria5GUYs66237goctBjto6G0uOyzJ3lOE17ThDkL8J
-            PpbmoR+CkT++lJnSeeRuhF5FYaVWPl0LDGVLAQrkeblGUjhLtzSrN/ZNyjhGaYdk
-            zlUOFUNVlaok1fcC+8PNsfcna7keLW+N4YPTeZQljjH1uWvdzIZaJto1TaDYrSyu
-            EVF4J0FDThMCu7fyf0TrbqE8n7xs/1F7BBfhUC0wWztX4sNo9mNBZK1d96ihFlzB
-            FRBjrAKCGSD4eZcwaJZB/4NoipFDUh9kmQemmSalDNaHjvdXsT4euY4JNqwKw2iK
-            76EYBym1fvEaOeYvoOotLU3vrW6dH0YNEf0+Zvtl8XiUHlDCnxeLaBoVybA7p+Rt
-            0J/S3wPMubikTuq3mSsJcUM8c25sRBD90LjZsAcwKbmfDZntkTNGUr3AEaBdEyTS
-            WAGKfeJiKoH24BQrslUV8V4i4Fcz6xh1tb11Dmg9XcEiZm4+IF/P+UvjHgXanVdu
-            GvEauo1dOpGu+L8xc68fSFfMNQcWDJ1UmZIyJ3FLDbaxI/66H041peA=
-            =YUFg
+            hQIMA98TrrsQEbXUARAAiZsUiicVpIDdSF/XSuZOITPwmL0P1Nyc1LI9QpyQw2fj
+            uaoJV3xO+MW4ovDcJRms/6T5b4IG740s19l/iryd2jhPwn+94EkzhR1cRydvCimU
+            Zexf+y793kKe0TbcNvakAnpArI5RPdAIoPB7V2aa0vweABaxE5XoDedJA646wMbl
+            +pgzVxoE7i6+uxWHGw3MitCneiBcljg9g04FVj9doJfG6LQxfpx01pjiRLVsTGfV
+            LXPLKVJOToEusFz1hLaFMLxPkvFbgQD1YQz82OOJasHr9YGCzitqhA+EV4U4Y9AH
+            bzPlz1qractUIz8pawhKcTUd8Xw+WOZ6kFX3EdUUnD46jMf12j2fe9Axw8v+Cujx
+            jb8+mSbRNH8Tx/phbhWyBhTNhNXoMLW/2nTSJjTUvdjNlIJi3Ntu4AyPpZ9Z2LwM
+            azvzHRC20gEsf25YKAv2/EnOAi7/jx9uknj3pATdaAAS5hKcMutVdiBAPS37695W
+            Fh8aaoCb4ieuHmHFAt0SQ30z/oR2psurwaurGcLQz9IR9uUlCFU9uVifDaSCNiwF
+            EVsRQZAslLqGPDf7c/r8efsMcHRfVVCJvvuvyRZNSHIpOnR/QGLOeNY+B59IdTCJ
+            fk2dMvZpyM1AdLkW2jT0qXj4vKAvVPlEbIXmq9bu/jJER35MzMRWfMmbBzek9t3S
+            WAGL4Zf96omkP7Z9j1UYGv4xcGksajbA6HvCHfjI+mUKV4QxGieeJhicaPYLuo7x
+            wKZqzMZGPpy1dPq75t0RAmnRzHaB9VEUWfO+KYIY/+1qRxOANYl+uZA=
+            =K3Hh
             -----END PGP MESSAGE-----
           fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
     unencrypted_suffix: _unencrypted