diff --git a/.sops.yaml b/.sops.yaml index 3ba4be1..71d51b2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,6 +12,8 @@ keys: - &dweb-reverse-proxy age1ygzy9clj0xavlmau0ham7j5nw8yy4z0q8hvkfpdgwc4fcr8nufpqrdxgvx - &linux-builder-01 age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r - &x64-linux-dev-01 age1vlxerq9j9jd00qvxj2gxds9re4dz2djqmllkhzsf44gz9a5y4ghs7807h9 + # TODO: change this key post-installation + - &linux-builder-2 age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r - &tfgrid-shared age194xfar0gfdauu2dcxwqk9lh9d0vjfrzzs2ke0ppanpwv9eqxzs2qp7q7cn - &buildbot-nix-0 age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux - &monitoring-0 age1cpcwv2wlszwase38zpngk6ld3vx8ev8jsv38m9pp74jvlutvxpsqt49yrr @@ -53,6 +55,7 @@ creation_rules: - *x64-linux-dev-01 - *dweb-reverse-proxy - *linux-builder-01 + - *linux-builder-2 - *turn-0 - *turn-1 - *turn-2 @@ -64,6 +67,12 @@ creation_rules: - *linux-builder-01 - *age_steveej - *age_r-vdp + - path_regex: ^secrets/linux-builder-2/[^/]+$ + key_groups: + - age: + - *linux-builder-2 + - *age_steveej + - *age_r-vdp - path_regex: ^secrets/x64-linux-dev-01/[^/]+$ key_groups: - pgp: diff --git a/secrets/linux-builder-2/secrets.yaml b/secrets/linux-builder-2/secrets.yaml new file mode 100644 index 0000000..c712413 --- /dev/null +++ b/secrets/linux-builder-2/secrets.yaml @@ -0,0 +1,39 @@ +gh_hra2_pat5: ENC[AES256_GCM,data:upKBjPwjKKPXoFhraGUOKHjO10NbsViPUv5vRDrMpeVX73yTDJ0CpA==,iv:cqIGnlKfxJJUpHqZL/uf0ohYevMLX8yXLoREpth3sJo=,tag:haSTzohAWeQEqos4YPrKfw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Q3I1citpSnV4Z1NkN0Fj + eG04MTE5YnFsL0RDdDA4ajg3N0xISnFtWHhJCnpVOVpxQzJTSjlOK2prMER1SWtO + ME5CRU9XQjVpK2hDWHJMTEptZWhOL1kKLS0tIHNIS3J0cEV3N2h3cWlhWTZGdjJN + aDdwakZGNHdwYk5yL1JIMndyTXRPZ1kKOjuK79ALWCirqni/tbhlodfxAPeTXftZ + Kef5mPPVlZGEc2vMhhm96FmoQgRb3HYs1IAQbIc0exmbgOSlPfSVog== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MDdmSjdGc2FJQ2Fsc0VN + ckVETGo1Vm9PR09FS3ZQMis3Ry9aTmVRTHlFCndsa1ZyMkQ3ODUrNEQwNkVaanJM + V1FITUJGWmd6b09DdkF4TFF4Q204dUEKLS0tIHBSMFAwM0dYYm53RVJBenNwRVMy + R21DcndzSzJGTGtGa0dJTk9Cb1I0eW8KvEb6aCFZPfu4+dmD1Q2ygE64vqc1Y7IB + ma/EeEPBZXTsJgzd0NHjdxCrD+LTOhIjXj18iMGu3HwJbfi76Njt/Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wm7aec0vd5trqqvk6n97kh8r3x0jpue9gne9enr92kdjk63f5e8s9gjy0x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlU3F5MC80b1IxMjY1VTc2 + djZ6QkFuelQ5aHg3cldMbnRHRW9ic0pORWl3CkpHMHlNbUtKWThOOW5iSzJ2SlMx + RUdQTVFNN244NlMwUVVFeFRQYVR5alEKLS0tIFByclhxbXhocFlzMzM2RTRJeEV4 + d2JPUERjaUQ0dXppbG5hOTJlb3AyR2MKVy3X0Mh7yFzk0XinbJB9bgvpYV/W8SFU + MeA6VkJ3AHR3auw6fir5jQBltQqwKJH3Ar1D07JZzzQ1uno9zKr4ug== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-02T16:17:59Z" + mac: ENC[AES256_GCM,data:hGtRfk//Me4iurPRmbSPLnPXjDmWur0YJ41Ln77wZQlvyjCpAeuVOIBX3vFbFMsjQ72Mcj0lLOK9YlrngF0wyGHoF3Xtjd4FStmNavvpVPBXpNlrTkuQHVH/huzzSMvQEPngPmSYXVf3WhN7FLGIsxqK78RRbfe8uwnd93bVkrI=,iv:JS3of5m8JL3kppirD1v3Oah1eCxxUgJv54NcUKZK31U=,tag:AcOYhVbTjWTdUXQndRqFBA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1