diff --git a/README.md b/README.md index 6432386..d8c2266 100644 --- a/README.md +++ b/README.md @@ -77,17 +77,36 @@ For verification purposes, this repo also contains a _sample_ `.sops.yaml` to wh The following commands explain how to update the `.sops.yaml` for a repository: -#### Prerequisite - +1. **Prerequisite** + 1. Obtain Project Repo + - CLI: **e.g.**: `git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git` +1. **Create Branch** + - CLI: **e.g.**: `git checkout -b `add_pubkey_[firstname]-[lastname]` origin/main` +1. **Configure Project Repo for New User** + 1. List available groups: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh --list_groups` + 1 Update sops config AND all secrets files: + - `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g $(find . -name secrets.yaml)` + - **e.g.**: `${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd $(find . -name secrets.yaml)` +1. **Commit the changes, Create Change Request (PR/MR)** + 1. git: commit the changes to `.sops.yaml` and secrets files (`secrets.yaml`) files + - CLI: **e.g.** `git add .sops.yaml $(find . -name secrets.yaml)` + - **CAVEAT**: check for other changes with `git status` ! The files do not always follow consistent conventions. + - CLI: **e.g.** `git commit -m "adds . to sops config` + 1. git: push branch + - CLI: **e.g.**: `git push -u origin add_pubkey_[firstname]-[lastname]` + 1. gitlab: open a MergeRequest, Review, Merge + 1. **Status**: New User has access to SOPS-Encrypted Secrets within Project Repo + 1. **Hand-Off**: Proceed to next steps; Instruct New User to verify access to secrets + +#### Example + +**Prerequisite** Obtain Repo ```shell # E.g. update sops config for DevNSO % git clone git@git.dev-at.de:cloud-solutions/nso/devnso-adp-argocd.git % cd devnso-adp-argocd/ ``` - -#### Commands - **Create Branch** ```shell @@ -118,17 +137,6 @@ devnso-adp-argocd # SUCCESS: all users with keys in this dir should have functional keys ``` -**Commit the changes, Create Change Request (PR/MR)** - -1. git: commit the changes to `.sops.yaml` and secrets files (`secrets.yaml`) files - - CLI: **e.g.** `git add .sops.yaml $(find . -name secrets.yaml)` - - **CAVEAT**: check for other changes with `git status` ! The files do not always follow consistent conventions. - - CLI: **e.g.** `git commit -m "adds . to sops config` -1. git: push branch - - CLI: **e.g.**: `git push -u origin add_pubkey_[firstname]-[lastname]` -1. gitlab: open a MergeRequest, Review, Merge -1. **Status**: New User has access to SOPS-Encrypted Secrets within Project Repo -1. **Hand-Off**: Proceed to next steps; Instruct New User to verify access to secrets ## 3. Onboarding: [New User] Configure SOPS