From 659ce321a654f4f628ea53f48be16b71c4f99781 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 17 Jun 2022 19:28:36 +0200 Subject: [PATCH] add cirrus secrets --- .sops.yaml | 9 +++++- secrets/cirrus/secrets.yaml | 42 ++++++++++++++++++++++++++++ secrets/{ => microwave}/secrets.yaml | 5 ++-- 3 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 secrets/cirrus/secrets.yaml rename secrets/{ => microwave}/secrets.yaml (82%) diff --git a/.sops.yaml b/.sops.yaml index 9de2531..0918512 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,10 +1,17 @@ keys: - &admin_oxa DD0998E6CDF294537FC604F991FA5E5BF9AA901C - µwave age1eysr2m8ust6gq9jk88lpzzcy8gdrzlts69zlfqul766t6gvqw9qq24z68l + - &cirrus age1qm70jkg7us4ft4x3nh7kwxlul022kteescjj83ywvjhysj6nsq5sw7l6p8 creation_rules: - - path_regex: secrets/[^/]+\.yaml$ + - path_regex: secrets/microwave/[^/]+\.yaml$ key_groups: - pgp: - *admin_oxa age: - *microwave + - path_regex: secrets/cirrus/[^/]+\.yaml$ + key_groups: + - pgp: + - *admin_oxa + age: + - *cirrus diff --git a/secrets/cirrus/secrets.yaml b/secrets/cirrus/secrets.yaml new file mode 100644 index 0000000..359a64c --- /dev/null +++ b/secrets/cirrus/secrets.yaml @@ -0,0 +1,42 @@ +wg: + oxalab-seckey: ENC[AES256_GCM,data:XOBmfM82l686jvqjiqy+VdIollpaX+h1j609j+70CE7thA3CJki2W0neDC0=,iv:6/lsg7r/GHasNWV8lOheEMpoW5HWuRgHtdlGEqK0Dbo=,tag:I1PJC99omIfygb9T1cN1hg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qm70jkg7us4ft4x3nh7kwxlul022kteescjj83ywvjhysj6nsq5sw7l6p8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0Z0M3JWR0s0RDVmbjlV + RDJ5OU8zVXh5RW4wbmM1TmNhWVBjK0lxVWswCmhyRHlKQUxNNXpFSmlhNUVpclo3 + UHhDSWhNUXdwamJRaVhTelI2cldGd0UKLS0tIEpsUStSSmliWVMzVkNhRVVQOExT + dkFwVkVHR3hsMUlpRzY4Wm5LYXZlYzgKZC8dlewbtxo0KIQWQ6sy2Kv/qRgNJY3H + XGfb11bFdmmfiTY98KsfuhY9nRQRUlRMfjc7pHztUk2hVMEIN8WkXg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-06-17T11:47:49Z" + mac: ENC[AES256_GCM,data:mB02yyuVAzneQBrIWKphYos9orFk4emwPZh97TUvu7HREZn2Qte7WSHF9R30pnUiLMj1iMESFGbvR0hKZlQa/XmqB1/87u6I/0JIiPHajTy2FEs4HBd2Z5WaQ2bIki8sEWuOenTAL9xFyvjzRFjDM9pWons2fXy0l05HjQLwkFE=,iv:IboNxYf4TDK/ziuU7n3IUvHfbqpbZn9hJ+IGuhRvI04=,tag:jB5y79Q/kano06ZlIVEkfA==,type:str] + pgp: + - created_at: "2022-06-17T11:46:30Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7ARAAdBKiWQEPLFxr1zskS2nnr10yA7rKWzKTCx9AIpLk9g8k + VkzOz5qGznFkPCp+mBecIb71MnjzyHNM8j83AqqjYAQDOxQwO1tgipVxk4cNab/J + cFtdZorqt3klkoDUAbvRl2+qB+93m6V7Hrx6BggDU6Xg+eKM/NIHHhy3LLyssuuO + bpkO/jNVfRfP98FzkSY23cqT4tnbjbH2vCY9ZpNoiJrhr/S3shWz44vpk+u+dTc/ + /0Z4N6zj9Hll3uxf4dxaoafsmX9FcqLvtye1BxK8fAxF+gDudkYbCurdl0ZC036C + semcLdTlCJVubLiRcxItpeP81zVgxiwm40i+o57R3QLhjzjpckEd2VYGy7TdQDcY + /8DRGHlro/OlJFun2qA+8GJix2VPM1CiJWfKTUb2D4dNp2DrmA+CdY0cWNSegS/K + 0toMtIWGVFCdWjSVWTS8ETXPexyGykA5meIdjNFpcaA4LJVB0Ixi+DqsdDSWQKK4 + k/khNSA/iUvWGi31+JaJikQDSVMu5iqLL2/cWI9L4JvgKSppRFjruUfu8HxJ8YW4 + jFPGxrt5aRHe752PaGU93/B4UirZbkNOAjnP/+MyO4ANy6yrQNq8YUJDOEOwe4Mo + bYbrzmyWRlv9WR88RUFnciCKQUyffJ26ekVACWUv9Ka84CpuaJuT1hQLKR3Uy23S + 5gE0mX8xH4vwSv2qiMpACUCKNT1gk8oxjBad82dhaowCaSQNtQhUaLTp0x3M63Ow + 8iuuwh9VVygSYJuoO5GmxUXkLROCvQO6ZdSBltFNIT86BOIROL+TAA== + =oDss + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.2 diff --git a/secrets/secrets.yaml b/secrets/microwave/secrets.yaml similarity index 82% rename from secrets/secrets.yaml rename to secrets/microwave/secrets.yaml index 59dc941..ef4b335 100644 --- a/secrets/secrets.yaml +++ b/secrets/microwave/secrets.yaml @@ -2,6 +2,7 @@ wg: wg-zw-seckey: ENC[AES256_GCM,data:fkt4UEVgmmFw6UFUEs6T5/CePKo1Z/hc8pu+Bj6fWT/p/1eE14Y3TgxfMks=,iv:SN97FG5Lquhc7k9R1Aavu7hE1zoY4FAnacvapdLkBkk=,tag:l82y7vwieanfYRRjfqKJoA==,type:str] wg-dvb-seckey: ENC[AES256_GCM,data:a1OuEOnSwCqwfL6+TYhyU1lkRcDeW2wAJetytc8ry8kJicPGMkqSHJvRdBs=,iv:oS1olgSuhR3J0LW8OSDSYMSHxxhBehdEP0VnQIKqOAM=,tag:CXkL5lOF91KluH3yGWwzTA==,type:str] mlwd-nl-seckey: ENC[AES256_GCM,data:YM7dq8aRm7qNECiE3NR4B8BId4MioPS8zoeiSOPBJfh+LuXf8yQ5ZI3opNg=,iv:9xwVbKstq2mj1hzL2PS1Wlr3pgaW6Kl/WAG7CJjug7c=,tag:BqIyxZDWnVGpBsZCPhkeuQ==,type:str] + oxalab-seckey: ENC[AES256_GCM,data:eWdcDboE4L7/8k87kipaZXdFbo8tp+/RS5KCkfnE4OYCOtNg5WJlrJTsE3o=,iv:tjfVIiFbNa8p0NhL2No1UogHkppIdWNaXW5Qjny725s=,tag:em0g5BERF+lOR6VSW8Wh8A==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: TjlMN1JLazV4YldTNlZwSldsREZNMjAKGMAs2yOck92r8hdm3Iw4+Rio73WB/MLE tyflDRSKJCRKV/IjDuFqTAlpdA7T4KOWwc7HyhdLVkhz2jyTBT/ioA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-05-29T12:22:15Z" - mac: ENC[AES256_GCM,data:qV8RPVlE2y25K+V8v+QqAT4RkzcSgFIHxZ2NwTirksr2Z10B+s7ZSVyvjVOtdINv4IDOuehSwXor4tbWSxrO1BIqoaBQ6hzMOCbB3RTQ/0LCmIqomIhqSWM6l7UubhCV1Nem8D1MI7325VRPnfLvX8ZprCMANZ+sQVALVEs71QY=,iv:QqMaRhisaMkIe+huAQx51BikBemtH3L03BEvBJGK1Wg=,tag:dOFAZbbwhW3bvVBy5CWiIw==,type:str] + lastmodified: "2022-06-17T11:51:56Z" + mac: ENC[AES256_GCM,data:AVRrSEwdB2Jn1hXarb6m+8FQfHROHOf90fLjhPRVniFHh/6F59XpxXppqewcx/tQoW2OfKrKcSSuEsaxAYXKSMBR8ciQibs/QhaMabWcmVQ7j/gfncdcvizmWwalTvoePHwB7ar5y7IFK2Fy1ejYMUXdb7k3yhK2yJK3b58q5U0=,iv:Na7/KDATZpFGRw/4IwNGU8TywXylolXiqsOVaIh/p5s=,tag:rm8l1vofP8u9kLKlTDcy9g==,type:str] pgp: - created_at: "2022-05-29T12:17:48Z" enc: |-