|
|
|
|
@ -114,13 +114,36 @@ Note: `secrets.yaml` is just an example; the file can have any name
|
|
|
|
|
|
|
|
|
|
## 5. Offboarding: [Existing User]: Archive Expired Keys (EOL)
|
|
|
|
|
|
|
|
|
|
To mark a key as expired, move it to the `archive/` dir as follows:
|
|
|
|
|
To mark a key as expired:
|
|
|
|
|
1. move it to the `archive/` dir
|
|
|
|
|
2. for each group, update the project repo
|
|
|
|
|
3. remove the key from the group
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
# remove from groups
|
|
|
|
|
find groups -name ${keyname} | xargs git rm
|
|
|
|
|
### 1. This repo: archive
|
|
|
|
|
```shell
|
|
|
|
|
# archive key - DO NOT delete - need this for auditing
|
|
|
|
|
git mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
|
|
|
|
|
|
|
|
|
|
# list all groups
|
|
|
|
|
find groups -name ${keyname} | xargs git rm
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### 2. For each group / repo:
|
|
|
|
|
|
|
|
|
|
**Prerequisite**: Local copy of repo
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
# For a given group, update sops config
|
|
|
|
|
# Example:
|
|
|
|
|
% cd devnso-adp-argocd
|
|
|
|
|
% ${PATH_TO_THIS_REPO}/bin/update_sops.sh -g devnso-adp-argocd
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### 3. This repo: update groups
|
|
|
|
|
```shell
|
|
|
|
|
# remove from groups
|
|
|
|
|
find groups -name ${keyname} | xargs git rm
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
# Advanced
|
|
|
|
|
|
LeeW
10 months ago