From 3b91d34c8ff8ee2b129f6075d796154e542f425e Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Thu, 27 Jun 2024 22:24:06 +0530 Subject: [PATCH] cleanup secrets --- .sops.yaml | 10 ++++++---- common/secrets.nix | 3 --- secrets.yaml | 40 ++++++++++++++++++++-------------------- 3 files changed, 26 insertions(+), 27 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 3f249a1..03da5df 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,11 @@ keys: - - &skipper_host_ed25519 age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a - - &rico1_host_ed25519 age1q6g2czy468c3fcdwvafru6rzhmr2edd8mzhjfs6mevhmt7z2zdsswnwe77 + - &user_adtya age1w5rvr4nl8xvjjxpct4e2a2eajvm79v4r9nyxrcn40fm8d7h9l9cqkk0jtt + - &host_skipper age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a + - &host_rico1 age1q6g2czy468c3fcdwvafru6rzhmr2edd8mzhjfs6mevhmt7z2zdsswnwe77 creation_rules: - path_regex: secrets.yaml key_groups: - age: - - *skipper_host_ed25519 - - *rico1_host_ed25519 + - *user_adtya + - *host_skipper + - *host_rico1 diff --git a/common/secrets.nix b/common/secrets.nix index b0dfdef..668e749 100644 --- a/common/secrets.nix +++ b/common/secrets.nix @@ -1,9 +1,6 @@ { config, ... }: { sops = { defaultSopsFile = ../secrets.yaml; - age = { - sshKeyPaths = [ "/persist/secrets/ssh/keys/ssh_host_ed25519_key" ]; - }; secrets = { "passwd/root" = { mode = "400"; diff --git a/secrets.yaml b/secrets.yaml index e8be97c..4d32ccd 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,8 +1,8 @@ passwd: - root: ENC[AES256_GCM,data:QZ/CB5SDzJjxZu+TmBPhD1gF2W8CiBhqYv0sqrT+e2r6ylqAjJD8DjU6W6yn5xgrxe84FcwVzu6ZMUdxlzPDIe8qGJUepKwknR+dWvfVVCb7JyEqwxoYvPZHR8RsUDUb9WboBd3rls6vsg==,iv:TN6iI6VbjrOMBJniH7P/0BGECmxRdlvRDmW3AMvrNfs=,tag:RsLwoQN6PwfyQd43r5PdoA==,type:str] - adtya: ENC[AES256_GCM,data:NyYkaztJd2/o6pNA+kJngE2rN29eaC8/aVf9PUY65AJWh2ACcaOFo2/DPTTxXgicK6cvUz3bg/xU0JA+NoxKNz9LjlirKPaRb9fnSktI1tK7ned6eR93sf7LV5pnIuQD3OCYgNYJXZf1iA==,iv:QrzQMoKu0/wcrSMeJPuVWpFFBRbVjGJYmoV5V6sThoM=,tag:BlI8RsnorJh3Td00drzQnA==,type:str] + root: ENC[AES256_GCM,data:sT8S6EgqlUTOj8wx/FWde1ht/LCfhnnJW8aLNR3IawGcjbWh+JCKnlQ/1FpuGuVF7Qm8qScRcl7FPUZPFpBtj9OJ3984S9DtFJachwSNEJ2TRU+9YdYB1WsXx9ZunMQcTLK9MIyWfIVzqw==,iv:1qfkkj3NMvS50Q84BtqYTiNIMVjdxPh1k52MudEK/5A=,tag:HUwaVYDwjKmnHhEIejnfxg==,type:str] + adtya: ENC[AES256_GCM,data:xBr14ZVeblPbgO2YT+6DPrENsJElj+UkTJebv3/x0U/u+srx82G2Lloda5zZwVBIEc5f6ZPSS4Oko3dM2PW9KUNO7IjDa+Wsm5MQogSjGT+aNtjlub2PkVts5gp+TtCOd6bUQjnf95VXNQ==,iv:ytKVRBsQWJWwXn6DpCOTDYJOVI3N/KnWtyp/GkSs7UQ=,tag:zbPtMMH6MFE6LpBga5X1GQ==,type:str] wireguard: - psk: ENC[AES256_GCM,data:DmcnhcUtFfz3i6bhd0VZnjO2ySPhBkRNxXnzAZ9/eegLNz4A7pDFociQSkc=,iv:Ucr0YztJ9MCAPsbIh8z4CjD5Fb5K5UvPiTL2FMDJ1U0=,tag:EHu2yWJ42Tohiw5F24igLw==,type:str] + psk: ENC[AES256_GCM,data:FYRtE7BAOLAnxj+S0kUZ9b6THxsJclpw22pdgmhbjbBBPWBJuEkXxcjm3CQ=,iv:Z6bgQwJDpAyF3eupUQmvjHZrxMSJrQyUYhsHaGEQRYs=,tag:+W4gBPrfsZjcUvUAx5AhYg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,32 +12,32 @@ sops: - recipient: age1w5rvr4nl8xvjjxpct4e2a2eajvm79v4r9nyxrcn40fm8d7h9l9cqkk0jtt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsb0xnak9FY2tDZDh2UzdX - NXpRSEFsTm1GWnZjMDY5Z3VSOCtyY283L0h3CkpEMjFoYjNQbk1jaFUrUWxQbzdJ - b0VzRHZnSTQvem9seHFqVHA0SW1Zd28KLS0tIFZiTEVBNVA2NEJIT2h4eFNWVUk4 - eFpjYnd2SHYxQUxpZEZYZ0RaZVYySFUKVwFyUrhFNKnYMRC8g2v1RbGz+KVzMqwP - WZ3pQCmgvSizMWwBrzrOurj9QsUEej1tlC1dnEzOCsXtPtzD53hFIg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwS1RhSGdxVVF1NEM2dWgv + dENGd2hCOXNNSkNzalc0UDIvaFk0cTV0RG1zCnRDRjdOMmdCTTBvRzR3Z2lIRTZX + bkN1Q0drTFFNNzhPampXSnlPcEV6ZE0KLS0tIFpmSDFvMHA2clVrMFFmVGx5N0Ft + dXlKcFdXbVhObWdjTUkveUZPeHVNYVUKnBOvN0Z71NmdNTCiQnkKk+FkZM7uW2vt + I7+PshcjfoFZR4EMUJh4lpvFvm5UqLFyDo86xbX52GAur+fuon6TQg== -----END AGE ENCRYPTED FILE----- - recipient: age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcmM2NkdLVThFd09xdmhL - YVFRM3d3L1hzTDRvRUVTT0JzWStWZkVjUjN3CmRxTnpZVDNyVUp0bDk4VEJpNXVH - Q1pFK01rOTJoMWF6djdMNk9ZcGExWlkKLS0tIGt6bFl6MkJYc1ZtTGhDdnc0K1hJ - R2hNYXRzeWFXSFRBQkkwQTh2Y0s2MWcKWgG8p95Ou9ojJjjUmbgqy4TinZ154d6k - PK0Z2lTZmUAYQefGCQjSWXu4+o1Yo/5l8uZ6zzx+j3DhJ6rsUzIOvQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONHpjRGhDL1Z3alptZ0Q1 + UG84T3M1djZjaU95NUNOVG1ZdFVpcEdyN25vCjErNUx1WFFGVmd5bmdqenRHY0Vr + bW0ydExrU0tBMVNGQi9iOGFaN0tKR3cKLS0tIEVGbGFCTERveXB5WkU4SzNpWm9l + SEJpS2ZoSk5sTGFSTnNBVmtIWDZpNjQKmwLxr9GdIxyMnoIiJ9A88fW0LP5/Ru9i + 7J0+GpRSn+9FeJdUW8z94rzJk1VjHdjibj9kVEMUSxvge4iyiwu3WA== -----END AGE ENCRYPTED FILE----- - recipient: age1q6g2czy468c3fcdwvafru6rzhmr2edd8mzhjfs6mevhmt7z2zdsswnwe77 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTkxVbDJIeVNFZStBZ1ha - UCtnbXlRQUZPbFEvUEZ0RFF6WTU5ZVM4L3owCkRqN3YrQzNwVFhZMEZrNnF6N2p4 - NDBYOHI4djVNT0tnTllEOFhWbWMwTEkKLS0tIEJ3TXFxdlg1cnVrSUliVGpuQThG - djJCdjcveWlxTnE2M2tqT2dEalB2eFkKhWuVT05y517bYmHXqWZ8RbmFIiDMBEbH - /XE0IqVtMdVTXAniUr0wMU6alBpehb2cmdSQTL+7Q9mNJL2D9ONvyQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TDdvNUR6Uk8rdGlGNW5D + Yk1UN1VjZFlxZEJHejFjN1RiTzJXRmV5S0U0ClNGVHBCSHRlaC9HYW5HTG11TXdL + VS8wT2dxZ1hyK3RhV1ZETHY0SXlCRTgKLS0tIGtnRWN4NEcxTjBSNjJXeFRHck5r + M21sSW83S1RaUmRUZHdLc0MxNk5kcWsKZBr246PGjclDw3rhP8FMXnTlMh586SAT + aHtqDauFE1Z8rjAHbED889xNMYTev0ggcRFLL+ylFOMt1rbZIkqFcw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-25T16:26:11Z" - mac: ENC[AES256_GCM,data:7vYPgICEbjWxehKSr0jkzZkmxteUkpZZNqZGf5AbgbWJGm4ntli0eml5MJicqHd/LIFLC1BZybyIo5k/3bqK0ge8McfOoM4UIBel68tDwk2QgxOm2pSZyo+qHWEPeahCJCtfDF6142XJp3V861wlbcjd9rs34fEWGNlVVBkl3LA=,iv:xrTqx8O/Y45C92kzXfuVQQewGceqZnubjKdbWdGvN6s=,tag:i6ZdLRcRCaL4SW9FiTPu/A==,type:str] + lastmodified: "2024-06-27T16:53:21Z" + mac: ENC[AES256_GCM,data:pNp60XQOIITU0xFX3EkFVnbWywHjywwRyK6ud9RAnzcRFkJPgx5ZBZiNnSARu1LhpGY1k5PWrQ3/X1bpF60q5mDX2Tn0hr5qCksMKZ0RUIFtlVxeeepGnlqgMsG+4LFXA4IWn23fK3B8I5fQGtG0lzR+VvgzPfKa0xnr0hbd++s=,iv:ODaVMYF6FyRK8P2A22rLoWiHrdQlgiCvC7SkSye83GI=,tag:gGmZcd6wLMGWxFUAye0y9w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1