StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
stura-infra/keys/README.md
goeranh dee37a55e2
prepare sops and auto fmt devshell hooks
2026-03-13 17:19:31 +01:00

994 B
Raw Blame History

Keys Directory

This directory contains GPG/age public keys for sops encryption.

Structure

  • hosts/ - Host-specific public keys (for servers to decrypt their own secrets)
  • users/ - User/admin public keys (for team members to decrypt secrets)

Adding Keys

GPG Keys

Export your GPG public key:

gpg --export --armor YOUR_KEY_ID > keys/users/yourname.asc

Export a host's public key:

gpg --export --armor HOST_KEY_ID > keys/hosts/hostname.asc

Age Keys

For age keys, save the public key to a file:

echo "age1..." > keys/users/yourname.age
echo "age1..." > keys/hosts/hostname.age

Usage

When you enter the dev shell (nix develop), all keys in these directories will be automatically imported into your GPG keyring via the sops-import-keys-hook.

Important

  • Only commit public keys (.asc, .age files with public keys)
  • Never commit private keys
  • Update .sops.yaml to reference the fingerprints/keys for access control