|
|
|
|
@ -96,20 +96,7 @@ devnso-adp-argocd
|
|
|
|
|
|
|
|
|
|
At this point, the New User has been configured and can grant themselves access to any of the secrets files in this project.
|
|
|
|
|
|
|
|
|
|
## Reference: Commands for gpg keys
|
|
|
|
|
### import gpg keys
|
|
|
|
|
```shell
|
|
|
|
|
gpg --import /path/to/keys/*.gpg.pub
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### list imported gpg keys
|
|
|
|
|
```shell
|
|
|
|
|
gpg --list-keys --keyid-format=long
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Configure SOPS
|
|
|
|
|
# 4. Onboarding: [New User] Configure SOPS
|
|
|
|
|
|
|
|
|
|
SOPS is used for encrypting secrets, e.g. credentials for various systems
|
|
|
|
|
|
|
|
|
|
@ -133,14 +120,27 @@ Note: The `GPG_TTY` is necessary to have the password prompt appear. src: https:
|
|
|
|
|
|
|
|
|
|
Note: `secrets.yaml` is just an example; the file can have any name
|
|
|
|
|
|
|
|
|
|
## Example - Manual
|
|
|
|
|
# Advanced
|
|
|
|
|
|
|
|
|
|
# Reference: Commands for gpg keys
|
|
|
|
|
## import gpg keys
|
|
|
|
|
```shell
|
|
|
|
|
gpg --import /path/to/keys/*.gpg.pub
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## list imported gpg keys
|
|
|
|
|
```shell
|
|
|
|
|
gpg --list-keys --keyid-format=long
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## SOPS Example - Manual
|
|
|
|
|
|
|
|
|
|
The steps in the following example can be run locally in order to:
|
|
|
|
|
* create a sample secrets file
|
|
|
|
|
* encrypt the file
|
|
|
|
|
* decrypt the file
|
|
|
|
|
|
|
|
|
|
If these steps work, sops configured correctly - on your machine ;-)
|
|
|
|
|
If these steps work, sops is configured correctly - on your machine ;-)
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
LeeW
10 months ago