gitea-admin
/
communication-keys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

clarifies README

Browse Source
ADP-179_sops_manage_keys
LeeW 10 months ago
parent cbc57acf1d
commit e2a8eb1a05
1 changed files with 40 additions and 9 deletions
Show Stats Download Patch File Download Diff File

49
README.md
Unescape Escape View File

@ -1,4 +1,11 @@
## howto create a gpg key # GPG Key Repo
Purpose: Manage gpg keys for:
* SOPS
# Key Management
## howto create and add a gpg key
- please follow instruction on following link: https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key - please follow instruction on following link: https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key
- add ONLY the _PUBLIC_ part of your gpg key!!! - add ONLY the _PUBLIC_ part of your gpg key!!!
- checkin via MergeRequest/PullRequest - checkin via MergeRequest/PullRequest
@ -9,16 +16,47 @@ gpg --import /path/to/keys/*.gpg.pub
### list imported gpg keys ### list imported gpg keys
gpg --list-keys --keyid-format=long gpg --list-keys --keyid-format=long
# EOL: Archive Expired Keys
To mark a key as expired, move it to the `archive/` dir as follows:
```bash
mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
```
# Configure SOPS # Configure SOPS
SOPS is used for encrypting secrets, e.g. credentials for various systems
## Install
https://github.com/getsops/sops
Note:
* MacOS: If desired, one can also use brew to install sops: `brew install sops`; although this is not officially maintained, [the formula is essentially the same as the official installation instructions](https://github.com/Homebrew/homebrew-core/blob/4496ce5131bc09e7065fa0aa8fb96366a3df6477/Formula/s/sops.rb)
## Usage
Decrypt and Display Secrets in Terminal:
```bash ```bash
GPG_TTY=$(tty) sops secrets.yaml GPG_TTY=$(tty) sops secrets.yaml
``` ```
Note: GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/ Note: The `GPG_TTY` is necessary to have the password prompt appear. src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
Note: `secrets.yaml` is just an example; the file can have any name
## Example ## Example
The steps in the following example can be run locally in order to:
* create a sample secrets file
* encrypt the file
* decrypt the file
If these steps work, sops configured correctly - on your machine ;-)
```bash ```bash
#!/usr/bin/env bash #!/usr/bin/env bash
set -ueo pipefail set -ueo pipefail
@ -30,10 +68,3 @@ sops -e -i secrets.yaml
# decript, print to console # decript, print to console
sops -d secrets.yaml sops -d secrets.yaml
``` ```
# Archive Expired Keys
```bash
mkdir archive
mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
```
Write Preview
Loading…
Cancel
Save