|
|
|
|
@ -123,23 +123,25 @@ To mark a key as expired:
|
|
|
|
|
```shell
|
|
|
|
|
# archive key - DO NOT delete - need this for auditing
|
|
|
|
|
git mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
|
|
|
|
|
|
|
|
|
|
# list all groups
|
|
|
|
|
find groups -name ${keyname} | xargs git rm
|
|
|
|
|
# remove from verification sops
|
|
|
|
|
./verify/usr_confirm_keycfg.sh
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### 2. For each group / repo:
|
|
|
|
|
|
|
|
|
|
**Prerequisite**: Local copy of repo
|
|
|
|
|
**Prerequisite**: Local copy of each repo corresponding to a group
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
# For a given group, update sops config
|
|
|
|
|
# list all groups to which the key is registered
|
|
|
|
|
find groups/ -name ${keyname}
|
|
|
|
|
|
|
|
|
|
# For each group, update sops config in that repo
|
|
|
|
|
# Example:
|
|
|
|
|
% cd devnso-adp-argocd
|
|
|
|
|
% ${PATH_TO_THIS_REPO}/bin/update_sops.sh -g devnso-adp-argocd
|
|
|
|
|
# now git commit, push, etc
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### 3. This repo: update groups
|
|
|
|
|
```shell
|
|
|
|
|
# remove from groups
|
|
|
|
|
|
LeeW
10 months ago