* New User: new key to be added; can be a new employee being added for first time, existing employee getting access to a new repo, key rotation, etc
* Existing User: user who already has access to the appropriate project
* Role: New User: new key to be added; can be a new employee being added for first time, existing employee getting access to a new repo, key rotation, etc
* Role: Existing User: user who already has access to the appropriate project
* Definition: List of all users: [verify/.sops.yaml](verify/.sops.yaml)
* Keys Repository: This Git Repository (`communication-keys`), manages public keys and configuration in Project Repositories
* Project Repository: Git Repository for each Project which contains SOPS-Encrypted secrets, e.g. for GitOps Deployments using Helm Files
Procedure:
1. In the Keys Repo (`communication-keys`):
1. New User creates,adds GPG Key
1. Existing User configures groups
1. Existing User configures verification SOPS Config
1. New User installs SOPS
1. New User verifies SOPS installation using verification SOPS Config
1. **Status**: New User has working key, working sops installation. Caveat: No access to secrets in other repos yet
1. In the Project Repo
1. Existing User adds New User Key to SOPS Config, Secrets Files
1. New User verifies access
1. **Status**: New User has access to SOPS-encrypted secrets within Project Repo
## 1a. Onboarding: [New User]: create and add a gpg key
1. Clone this repository
@ -81,22 +96,30 @@ The following commands explain how to update the `.sops.yaml` for a repository:
#### Commands
Configure Project Repo for New User
<!-- TODO: auto-determine group with git remote show origin -->
<!-- TODO: auto-determine secrets files by integrating the 'find . -name secrets.yaml' in the script -->
LeeW
10 months ago