Commit 227b2aa

HPCesia <me@hpcesia.com>
2025-07-15 13:39:31
docs: update secret doc
1 parent 47742f8
Changed files (2)
secrets/README.md
@@ -7,12 +7,14 @@ All my secrets are managed using [sops][sops] and stored under this folder. Secr
 
 ## Adding a New Host
 
-First, run:
+Get the host's host key, here using the local machine's `/etc/ssh/ssh_host_ed25519_key.pub` as an example. Run `ssh-to-age` to obtain the age key.
 
 ```sh
 nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
 ```
 
+Add the generated age key under the top-level `keys` field in `.sops.yaml`, and reference it under the `key_groups` field in the required items under `creation_rules`. Then use `sops` to update all related secret files.
+
 ## Creating Secrets
 
 Open the secret file in the terminal using sops:
secrets/README.zh-CN.md
@@ -7,12 +7,14 @@
 
 ## 添加新主机
 
-首先
+获取主机的 host key,此处以本机的 `/etc/ssh/ssh_host_ed25519_key.pub` 为例。运行 `ssh-to-age` 获得 age 密钥。
 
 ```sh
 nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
 ```
 
+在 `.sops.yaml` 的顶层 `keys` 字段下添加生成的 age 密钥,并在 `creation_rules` 下需要的项目中的 `key_groups` 字段下引用即可。随后需要使用 `sops` 更新所有相关机密文件。
+
 ## 创建机密
 
 在终端中使用 sops 打开机密所在的文件: