Commit 227b2aa
Changed files (2)
secrets
secrets/README.md
@@ -7,12 +7,14 @@ All my secrets are managed using [sops][sops] and stored under this folder. Secr
## Adding a New Host
-First, run:
+Get the host's host key, here using the local machine's `/etc/ssh/ssh_host_ed25519_key.pub` as an example. Run `ssh-to-age` to obtain the age key.
```sh
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
```
+Add the generated age key under the top-level `keys` field in `.sops.yaml`, and reference it under the `key_groups` field in the required items under `creation_rules`. Then use `sops` to update all related secret files.
+
## Creating Secrets
Open the secret file in the terminal using sops:
secrets/README.zh-CN.md
@@ -7,12 +7,14 @@
## 添加新主机
-首先
+获取主机的 host key,此处以本机的 `/etc/ssh/ssh_host_ed25519_key.pub` 为例。运行 `ssh-to-age` 获得 age 密钥。
```sh
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
```
+在 `.sops.yaml` 的顶层 `keys` 字段下添加生成的 age 密钥,并在 `creation_rules` 下需要的项目中的 `key_groups` 字段下引用即可。随后需要使用 `sops` 更新所有相关机密文件。
+
## 创建机密
在终端中使用 sops 打开机密所在的文件: