Skip to content
Snippets Groups Projects
Select Git revision
  • 50b1b98f85de271e4a6568ede00a5cb5a45ef6d8
  • main default protected
  • dashboard
  • bump/prod-31baa525-13627
  • bump/dev-31baa525-13626
  • bump/dev-64eb1ef6-13590
  • bump/dev-9b3fd252-13577
  • bump/staging-9b3fd252-13578
  • bump/dev-0de954d9-13570
  • bump/staging-0de954d9-13571
  • bump/staging-993e2303-13541
  • bump/dev-993e2303-13540
  • bump/prod-993e2303-13535
  • bump/prod-f4233055-13525
  • bump/prod-cadef8da-13515
  • bump/prod-f4debe36-13504
  • bump/prod-6909a105-13499
  • bump/prod-cc4ea065-13470
  • bump/prod-11a8effe-13454
  • bump/prod-f46e74e9-13235
  • bump/prod-a0453748-13223
21 results

age-secrets.md

Blame
    • age-secrets.md 1.02 KiB

    secret management with age

    Secrets are encrypted using SOPS (ksops and helmSecrets) and keys are handeled using age in favor to PGP Keys which are a pain to handle.

    To generate your personal age key-pair:

    mkdir -p "$HOME/.age/sops/"
age-keygen -o "$HOME/.age/sops/keys.txt"

    Then go and add your age public-key to the .sops.yaml config file to every block and add it to encrypt-secrets.sh. The second step is necessary because of sops#966 not yet merged.

    To quickly encrypt all files, just use

    ./scripts/decrypt-secrets.sh

    and before comitting, use

    ./scripts/encrypt-secrets.sh

    However: You shouldn't do this except you know exactly what you're doing. Better use

    sops path/to/encrypted/secret.yaml

    and edit the file using the editor configured in $EDITOR. This will make sure, the file is encrypted proberly and you don't accidentally commit an unencrypted secret.

    Impressum - Datenschutzerklärung