991 B
991 B
Sops
How to add admin keys
-
Git:
- Generate gpg key
- Add public key to
./machines/secrets/keys/users/ - Write the fingerprint of the gpg key in
.sops.yamlunderkeys:in the format- &admin_$USER $FINGERPRINT
-
Age:
- Generate age key for Sops:
or to convert an ssh ed25519 key to an age key
$ mkdir -p ~/.config/sops/age $ age-keygen -o ~/.config/sops/age/keys.txt$ mkdir -p ~/.config/sops/age $ nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt" - Get public key using
$ age-keygen -y ~/.config/sops/age/keys.txt - Write public key in
.sops.yamlunderkeys:in the format- &admin_$USER $PUBKEY
- Generate age key for Sops:
-
Write
- *admin_$USERunder the apropriatekey_grups:of the secrets the user should have access to -
cd machines/and reencrypt existing secrets for the new key withsops updatekeys $path/to/secrets.yaml