--- # config files for sops & used for encrypting keys that sops-nix decrypts. # each machine key is derieved from its generated `ssh_hosts_ed` file # via ssh-to-age # sops encrypts the secrets ready to decrypt with the private key of any of the below machines # OR my 'main' key thats kept outside this repo securely. # key-per-machine is a little more secure and a little more work than # copying one key to each machine keys: - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - &dns01 age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc creation_rules: - path_regex: .*\.sops\.yaml$ key_groups: - age: - *nixosvm - *nixosvm2 - *dns01 - *citadel - *rickenbacker