bakke: create sops secret placeholder

This commit is contained in:
Felix Albrigtsen 2025-03-15 22:40:19 +01:00
parent 4dc28f2d25
commit 01b725bef0
2 changed files with 90 additions and 5 deletions

View File

@ -1,18 +1,19 @@
keys:
# Users
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
- &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
- &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
- &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
# Hosts
- &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_bakke age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
creation_rules:
# Global secrets
@ -78,3 +79,13 @@ creation_rules:
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
- path_regex: secrets/bakke/[^/]+\.yaml$
key_groups:
- age:
- *host_bakke
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte

74
secrets/bakke/bakke.yaml Normal file
View File

@ -0,0 +1,74 @@
hello: ENC[AES256_GCM,data:+GWORSIf9TxmJLw1ytZwPbve2yz5H9ewVE5sOpQzkrRpct6Wes+vTE19Ij8W1g==,iv:C/WhXNBBM/bidC9xynZzk34nYXF3mUjAd4nPXpUlYHs=,tag:OJXSwuI8aNDnHFFTkwyGBQ==,type:str]
example_key: ENC[AES256_GCM,data:ojSsrFYo5YD0YtiqcA==,iv:nvNtG6c0OqnQovzWQLMjcn9vbQ4PPYSv2B43Y8z0h5s=,tag:+h7YUNRA2MTvwGJq1VZW8g==,type:str]
#ENC[AES256_GCM,data:6EvhlBtrl5wqyf6UAGwY8Q==,iv:fzLUjBzyuT17FcP8jlmLrsKW46pu6/lAvAVLHBxje6k=,tag:n+qR1NUqa91uFRIpALKlmw==,type:comment]
example_array:
- ENC[AES256_GCM,data:A38KXABxJzMoKitKpHo=,iv:OlRap3R//9tvKdPLz7uP+lvBa/fD0W8xFzdxIKKFi4E=,tag:QKizPN1fYOv5zZlMVgTIOQ==,type:str]
- ENC[AES256_GCM,data:8X2iVkHQtQMReopWdgM=,iv:2Wq3QOadwd3G3ROXNe7JQD4AL/5H/WV19TBEbxijG/8=,tag:tikKT9Wvzm4Vz5aoy6w9WQ==,type:str]
example_number: ENC[AES256_GCM,data:0K05hiSPh2Ok1A==,iv:IVRo61xkKugv4OiPm0vt9ODm5DC1DzJFdlgQJb1TfTg=,tag:o3xXygVEUD4jaGSJr0Nxtw==,type:float]
example_booleans:
- ENC[AES256_GCM,data:zoykmQ==,iv:1JGy1Cg5GdAiod9qPSzW+wsG6rUgUJyYMEE4k576Tlk=,tag:RUCbytPpo78bqlAVEUsbLg==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQ3M1YmVUWS9yZG95VVNO
TDZvcFIxOW9GNEprTmhLK254WGdFU3BRU204ClNUc0p3MEx2bENMREt6MXBXaUJs
SHBQa0tzVkVGQW81c3VWQXVseW84Y2cKLS0tIEM4RXcvVkI1VXZkR3ordC9udXlF
MVFtcWZKZnVJbTI4ZUVxMUhnWHJhK0UK5NgnR6GiaF1xldjF/NHjuIAH50aocxMN
J8ZlyyUC+N19biWinzgt3Q6ktQqsVscwDQ4XJYQf1ib+j3VY3UjMjQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZWFtV2tMSFA1ZGZhSnZ6
Tlgva3dpUmdVWDJBNys2RUF0cHNkM0RsdXlJCjVaWDRoTXVtcm04T0puSDhKVnJC
YnNXT004WkdIVGQzejBpVi9waFh6MHMKLS0tIGdXRmFUQUwwVDhPTHJjS0w0NUxV
U3c0QllRN0czNDhpZTAyTGxYSDhFQmcKs9mkwDzRAtQvRWGfCBGR+sPSx7uzWSRF
vgvteBYZZ42kNRMRgYAiKOHB/+QkGBIo2eHlUgHSXduAb3L59zCpRA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UUhVZll1YXVUVmVva3dv
cGg4SkZ5MkdGVk5qL2xka1AxZVp2dmd4bjJZClp1TEhpMDJsTVAxQ3diM0wzUlNQ
dU1POHpPVHpjdmxraTA5ZWhBTyt2bncKLS0tIDZNTlNvNGNOK0RyaWRzL3FhOGpw
OVpvRjN1NGFUZlExbjlEUVdQSDFVbVkKvDlJhuqoM899GH2W5QhUrMBx2kVC27LR
4yt4SdgBv69ce9LHjEqGAJOcutFN/aQzaFU/wsGovhjyAWD6BHYAJw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUHRpbldGeWJHcVlmNHFp
RzAvS3AzZ2Z1czhVVkdjZ2QrSzVPRHFqN1gwCnlCSWFMaGNCNEVQaEZGbW5XaXBI
S01DR1JaZGVYTS9rNFJIMWpEVllIdlUKLS0tIFFVWVpUTEw1ak1NUkR0OXBneFZY
KzV6K2dETUlmNWhSeGgwSEZPTWNCbjQKzf3zXpRWnWyBc2UATsV18FpeKbIxviBT
eb+XdYDuoJgwhL5nnIBmKJ9w1P2p3xU414RouIpdTtd0XSAVqOCDEw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZLzI2Wk10L1RSK2xJSjBk
Z3kzaG9qM1c5aWdteEhDVEFhYnRtczlCOHdBClpXY2ErSUl2STJUajFIRk5qdnB1
dmpXTFBxTVlkQ0pIVEhUeEtYTEJlY2cKLS0tIGovd3NKTjRxRHlXWmNqRHozM3JG
SzNkTGxKK2VDdkdmaWovTnFhc0JzMEUKhfDpDOjO5nC4kvSHpvDmdJJ1fbbFHxIb
XRDlb+l9adKjLj0DHl7yGY3LwptI4O9Ur6yROQpOsKQOzRvWCVZzYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNmNVMWRKenNNOXF1c0dV
QlNDK1lROUxxZW1UMkhUY2dmQW1xai91NFVZCkVkbVRuSVVoNHlENXY5aElxWUZM
dGFvaXhWaXZXZVdUU3MvQ1VZY25SdWMKLS0tIDNuaGE1TURmTVEveTkwUUJDNm9u
TkdWMmljR3V3ZVBRek1ZS0tFL094emMKRJ4u6SoGoxOIpQN29NdLNnS/asCsLlTT
HFxun2TdS1/S2y+GfBrIsp/1X637xD88i1PyJSsm8YMLOkN1i5iZfg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-15T21:42:17Z"
mac: ENC[AES256_GCM,data:2gH/ZaxSA6ShRu53dxj7V3jk7FsVdYS+PSHQyFT8qMvKM1hsQ/nWrKt00PUl9I7Gb4uomP9Ga3SyphYOXRBzKoV+x52oEWOJE3Q4iPrwdCkyHlxEezhTd/ZRQVatG6dvHpLuDNS9Dyph4f7Mw5USI+m4WeVdgCvHTydw+4KIfP4=,iv:yimfq96WVsagvKr8HTg1RdZBSrVGcCWPvv8XOXkOfcg=,tag:zHzdrE0PX5+AeD2lpqeJVQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1