Add documentation describing how to add keys to sops

doc/src/SUMMARY.md

@@ -12,5 +12,6 @@
             - [musik](./projekte/musik.md)
         - [TODO](./todo.md)
     - [How-to]()
+        - [Sops](./anleitung/sops.md)            
         - [Updates](./anleitung/updates.md)
         - [Rollbacks](./anleitung/rollback.md)

doc/src/anleitung/sops.md

@@ -0,0 +1,25 @@
+# Sops
+
+## How to add admin keys
+- Git:
+    - Generate gpg key
+    - Add public key to `./machines/secrets/keys/users/`
+    - Write the fingerprint of the gpg key in `.sops.yaml` under `keys:` in the format `- &admin_$USER $FINGERPRINT`
+
+- Age:
+    - Generate age key for Sops:   
+      ```
+      $ mkdir -p ~/.config/sops/age
+      $ age-keygen -o ~/.config/sops/age/keys.txt
+      ```
+      or to convert an ssh ed25519 key to an age key
+      ```
+      $ mkdir -p ~/.config/sops/age
+      $ nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"
+      ```
+    - Get public key using `$ age-keygen -y ~/.config/sops/age/keys.txt`
+    - Write public key in `.sops.yaml` under `keys:` in the format `- &admin_$USER $PUBKEY`
+
+- Write `- *admin_$USER` under the apropriate `key_grups:` of the secrets the user should have access to
+
+- Reencrypt existing secrets for the new key with `sops updatekeys` (kali is this right?)