StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

prepare sops and auto fmt devshell hooks

Browse source
This commit is contained in:
goeranh 2026-03-13 17:19:02 +01:00
parent 9466ab3656
commit dee37a55e2
No known key found for this signature in database
8 changed files with 205 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
keys/.gitignore vendored Normal file
View file

@ -0,0 +1,18 @@
# Prevent accidental commit of private keys
*.key
*.priv
*.private
*_priv
*-priv
*.sec
*secret*
# Only allow public keys
!*.asc
!*.gpg
!*.pub
!*.age
# Allow this gitignore and README
!.gitignore
!README.md

40
keys/README.md Normal file
View file

@ -0,0 +1,40 @@
# Keys Directory
This directory contains GPG/age public keys for sops encryption.
## Structure
- `hosts/` - Host-specific public keys (for servers to decrypt their own secrets)
- `users/` - User/admin public keys (for team members to decrypt secrets)
## Adding Keys
### GPG Keys
Export your GPG public key:
```bash
gpg --export --armor YOUR_KEY_ID > keys/users/yourname.asc
```
Export a host's public key:
```bash
gpg --export --armor HOST_KEY_ID > keys/hosts/hostname.asc
```
### Age Keys
For age keys, save the public key to a file:
```bash
echo "age1..." > keys/users/yourname.age
echo "age1..." > keys/hosts/hostname.age
```
## Usage
When you enter the dev shell (`nix develop`), all keys in these directories will be automatically imported into your GPG keyring via the sops-import-keys-hook.
## Important
- Only commit **public** keys (.asc, .age files with public keys)
- Never commit private keys
- Update `.sops.yaml` to reference the fingerprints/keys for access control

0
keys/hosts/.gitkeep Normal file
View file

0
keys/users/.gitkeep Normal file
View file