|
|
|
|
@ -62,11 +62,16 @@ Follow the interactive prompts:
|
|
|
|
|
|
|
|
|
|
The following commands explain how to update the `.sops.yaml` for a repository:
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
#### Prerequisite
|
|
|
|
|
```shell
|
|
|
|
|
# E.g. update sops config for DevNSO
|
|
|
|
|
% git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git
|
|
|
|
|
% cd devnso-adp-argocd/
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### Commands
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
# List available groups
|
|
|
|
|
% ${PATH_TO_THIS_REPO}/bin/update_sops.sh --list_groups
|
|
|
|
|
# INFO: listing groups
|
|
|
|
|
@ -74,11 +79,23 @@ admin
|
|
|
|
|
automation
|
|
|
|
|
devnso-adp-argocd
|
|
|
|
|
|
|
|
|
|
# For a given group, update sops config and specified secrets file
|
|
|
|
|
% ${PATH_TO_THIS_REPO}/bin/update_sops.sh -r devnso-adp-argocd -s ./adp-api-devs/adp-api-devs/secrets.yaml
|
|
|
|
|
% git diff
|
|
|
|
|
# For a given group, update sops config
|
|
|
|
|
% ~/ws/netgo/git.dev-at.de/smardigo-hetzner/communication-keys/bin/update_sops.sh -g devnso-adp-argocd
|
|
|
|
|
# RUN: generate SOPS config
|
|
|
|
|
# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files
|
|
|
|
|
|
|
|
|
|
# [OPTIONAL] For a given group, update sops config AND specified secrets file
|
|
|
|
|
% ${PATH_TO_THIS_REPO}/bin/update_sops.sh -g devnso-adp-argocd -s ./adp-api-devs/adp-api-devs/secrets.yaml
|
|
|
|
|
|
|
|
|
|
# commit the changes to any .sops.yaml or secrets files, e.g. with
|
|
|
|
|
## OPINIONATED GIT - use preferred method
|
|
|
|
|
% git add -p
|
|
|
|
|
% git commit -m "adds <firstname>.<lastname> to sops config"
|
|
|
|
|
% git push
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
At this point, the New User has been configured and can grant themselves access to any of the secrets files in this project.
|
|
|
|
|
|
|
|
|
|
## Reference: Commands for gpg keys
|
|
|
|
|
### import gpg keys
|
|
|
|
|
```shell
|
|
|
|
|
|
LeeW
10 months ago