bakke: create sops secret placeholder

2025-04-25 10:33:32 +02:00 · 2025-03-15 22:40:19 +01:00 · 2025-03-15 22:40:19 +01:00 · 01b725bef0
commit 01b725bef0
parent 4dc28f2d25
2 changed files with 90 additions and 5 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,18 +1,19 @@
 keys:
  # Users
  - &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
+  - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
  - &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
  - &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
-  - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
-  - &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
-  - &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
  - &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
+  - &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
+  - &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn

  # Hosts
-  - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
-  - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
+  - &host_bakke age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
  - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
  - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
+  - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
+  - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt

 creation_rules:
  # Global secrets
@ -78,3 +79,13 @@ creation_rules:
      - *user_pederbs_bjarte
      pgp:
      - *user_oysteikt
+
+  - path_regex: secrets/bakke/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_bakke
+      - *user_danio
+      - *user_felixalb
+      - *user_pederbs_sopp
+      - *user_pederbs_nord
+      - *user_pederbs_bjarte
--- a/secrets/bakke/bakke.yaml
+++ b/secrets/bakke/bakke.yaml
@ -0,0 +1,74 @@
+hello: ENC[AES256_GCM,data:+GWORSIf9TxmJLw1ytZwPbve2yz5H9ewVE5sOpQzkrRpct6Wes+vTE19Ij8W1g==,iv:C/WhXNBBM/bidC9xynZzk34nYXF3mUjAd4nPXpUlYHs=,tag:OJXSwuI8aNDnHFFTkwyGBQ==,type:str]
+example_key: ENC[AES256_GCM,data:ojSsrFYo5YD0YtiqcA==,iv:nvNtG6c0OqnQovzWQLMjcn9vbQ4PPYSv2B43Y8z0h5s=,tag:+h7YUNRA2MTvwGJq1VZW8g==,type:str]
+#ENC[AES256_GCM,data:6EvhlBtrl5wqyf6UAGwY8Q==,iv:fzLUjBzyuT17FcP8jlmLrsKW46pu6/lAvAVLHBxje6k=,tag:n+qR1NUqa91uFRIpALKlmw==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:A38KXABxJzMoKitKpHo=,iv:OlRap3R//9tvKdPLz7uP+lvBa/fD0W8xFzdxIKKFi4E=,tag:QKizPN1fYOv5zZlMVgTIOQ==,type:str]
+    - ENC[AES256_GCM,data:8X2iVkHQtQMReopWdgM=,iv:2Wq3QOadwd3G3ROXNe7JQD4AL/5H/WV19TBEbxijG/8=,tag:tikKT9Wvzm4Vz5aoy6w9WQ==,type:str]
+example_number: ENC[AES256_GCM,data:0K05hiSPh2Ok1A==,iv:IVRo61xkKugv4OiPm0vt9ODm5DC1DzJFdlgQJb1TfTg=,tag:o3xXygVEUD4jaGSJr0Nxtw==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:zoykmQ==,iv:1JGy1Cg5GdAiod9qPSzW+wsG6rUgUJyYMEE4k576Tlk=,tag:RUCbytPpo78bqlAVEUsbLg==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQ3M1YmVUWS9yZG95VVNO
+            TDZvcFIxOW9GNEprTmhLK254WGdFU3BRU204ClNUc0p3MEx2bENMREt6MXBXaUJs
+            SHBQa0tzVkVGQW81c3VWQXVseW84Y2cKLS0tIEM4RXcvVkI1VXZkR3ordC9udXlF
+            MVFtcWZKZnVJbTI4ZUVxMUhnWHJhK0UK5NgnR6GiaF1xldjF/NHjuIAH50aocxMN
+            J8ZlyyUC+N19biWinzgt3Q6ktQqsVscwDQ4XJYQf1ib+j3VY3UjMjQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZWFtV2tMSFA1ZGZhSnZ6
+            Tlgva3dpUmdVWDJBNys2RUF0cHNkM0RsdXlJCjVaWDRoTXVtcm04T0puSDhKVnJC
+            YnNXT004WkdIVGQzejBpVi9waFh6MHMKLS0tIGdXRmFUQUwwVDhPTHJjS0w0NUxV
+            U3c0QllRN0czNDhpZTAyTGxYSDhFQmcKs9mkwDzRAtQvRWGfCBGR+sPSx7uzWSRF
+            vgvteBYZZ42kNRMRgYAiKOHB/+QkGBIo2eHlUgHSXduAb3L59zCpRA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UUhVZll1YXVUVmVva3dv
+            cGg4SkZ5MkdGVk5qL2xka1AxZVp2dmd4bjJZClp1TEhpMDJsTVAxQ3diM0wzUlNQ
+            dU1POHpPVHpjdmxraTA5ZWhBTyt2bncKLS0tIDZNTlNvNGNOK0RyaWRzL3FhOGpw
+            OVpvRjN1NGFUZlExbjlEUVdQSDFVbVkKvDlJhuqoM899GH2W5QhUrMBx2kVC27LR
+            4yt4SdgBv69ce9LHjEqGAJOcutFN/aQzaFU/wsGovhjyAWD6BHYAJw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUHRpbldGeWJHcVlmNHFp
+            RzAvS3AzZ2Z1czhVVkdjZ2QrSzVPRHFqN1gwCnlCSWFMaGNCNEVQaEZGbW5XaXBI
+            S01DR1JaZGVYTS9rNFJIMWpEVllIdlUKLS0tIFFVWVpUTEw1ak1NUkR0OXBneFZY
+            KzV6K2dETUlmNWhSeGgwSEZPTWNCbjQKzf3zXpRWnWyBc2UATsV18FpeKbIxviBT
+            eb+XdYDuoJgwhL5nnIBmKJ9w1P2p3xU414RouIpdTtd0XSAVqOCDEw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZLzI2Wk10L1RSK2xJSjBk
+            Z3kzaG9qM1c5aWdteEhDVEFhYnRtczlCOHdBClpXY2ErSUl2STJUajFIRk5qdnB1
+            dmpXTFBxTVlkQ0pIVEhUeEtYTEJlY2cKLS0tIGovd3NKTjRxRHlXWmNqRHozM3JG
+            SzNkTGxKK2VDdkdmaWovTnFhc0JzMEUKhfDpDOjO5nC4kvSHpvDmdJJ1fbbFHxIb
+            XRDlb+l9adKjLj0DHl7yGY3LwptI4O9Ur6yROQpOsKQOzRvWCVZzYA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNmNVMWRKenNNOXF1c0dV
+            QlNDK1lROUxxZW1UMkhUY2dmQW1xai91NFVZCkVkbVRuSVVoNHlENXY5aElxWUZM
+            dGFvaXhWaXZXZVdUU3MvQ1VZY25SdWMKLS0tIDNuaGE1TURmTVEveTkwUUJDNm9u
+            TkdWMmljR3V3ZVBRek1ZS0tFL094emMKRJ4u6SoGoxOIpQN29NdLNnS/asCsLlTT
+            HFxun2TdS1/S2y+GfBrIsp/1X637xD88i1PyJSsm8YMLOkN1i5iZfg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-15T21:42:17Z"
+    mac: ENC[AES256_GCM,data:2gH/ZaxSA6ShRu53dxj7V3jk7FsVdYS+PSHQyFT8qMvKM1hsQ/nWrKt00PUl9I7Gb4uomP9Ga3SyphYOXRBzKoV+x52oEWOJE3Q4iPrwdCkyHlxEezhTd/ZRQVatG6dvHpLuDNS9Dyph4f7Mw5USI+m4WeVdgCvHTydw+4KIfP4=,iv:yimfq96WVsagvKr8HTg1RdZBSrVGcCWPvv8XOXkOfcg=,tag:zHzdrE0PX5+AeD2lpqeJVQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1