Skip to content

Commit

Permalink
chore: rotate gha pat5 and refactor into shared secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@steveej
steveej committed Jan 20, 2025
1 parent 18cb1d6 commit 72908a8
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 113 deletions.
8 changes: 7 additions & 1 deletion .sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,18 @@ creation_rules:
- *age_r-vdp
pgp:
- *steveej
- path_regex: ^secrets/linux-builder-shared/[^/]+$
key_groups:
- age:
- *linux-builder-01
- *linux-builder-2
pgp:
- *steveej
- path_regex: ^secrets/linux-builder-2/[^/]+$
key_groups:
- age:
- *linux-builder-2
- *age_steveej
- *age_r-vdp
pgp:
- *steveej
- path_regex: ^secrets/x64-linux-dev-01/[^/]+$
Expand Down
2 changes: 1 addition & 1 deletion modules/flake-parts/nixosConfigurations.linux-builder-01/configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@

sops.secrets.github-runners-token = {
key = "gh_hra2_pat5";
sopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;
sopsFile = ../../../secrets/linux-builder-shared/secrets.yaml;
};

system.stateVersion = "23.05";
Expand Down
2 changes: 1 addition & 1 deletion modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@

sops.secrets.github-runners-token = {
key = "gh_hra2_pat5";
sopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;
sopsFile = ../../../secrets/linux-builder-shared/secrets.yaml;
};

system.stateVersion = "24.05";
Expand Down
55 changes: 0 additions & 55 deletions secrets/linux-builder-01/secrets.yaml
View file

This file was deleted.

55 changes: 0 additions & 55 deletions secrets/linux-builder-2/secrets.yaml
View file

This file was deleted.

54 changes: 54 additions & 0 deletions secrets/linux-builder-shared/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
gh_hra2_pat5: ENC[AES256_GCM,data:eAMybGqWbxe6gBnjg4+JlDw3qsB7sq4Cuss2peDv5lxdc6lqIIe3Sw==,iv:RzYwJZS0XKZ9ByfK0X3ONroiA6itfzUIHFxaH95l1fo=,tag:W4y6thA9zckLQ0RNumkVMg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cFk3eTV0NW5VaFdyUWhz
K0w1Vm1mME9QZHZvTTNQajIyeURLMjdsUUFrCm5zbURDRTlLNE1JdWV0VVoyUDZr
aHcwVmJqQ3V6ZSsxQThIVkpSQ0FBNW8KLS0tIGNSYU0xdlZ0SkJHZFZyelFGKzFv
VTFRVlAxZFc2QnQ5QXNrSEFta3BXYUUKZP06lh/ttYeMlfLm/3POUpe/nBEElZPa
24laAh4N3TnkuJjnQMcTNmbdVOQue5zCMO2M6Ff8+Bm2fU4DQm72dw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYSs1UnhRaVFIQWx0WFNZ
aWJ5WXUzUXoxaXJBbVVXZ0FRbGNTVlBISWtFCnlJWmh2dlhLaDhNWU5Vc0hrdDVl
ejJrT0lvU0doWlFmNjlvb1JNZThGaHcKLS0tIDA4K0hBcTFnRlpNb1RUb1k0blZV
cWpiUnNxMkRKS2lpbUR4TStudCtaWTQK3LCx5rSbRUsg2b8vyc1aQsZ9X5XnBX21
ZzO0tHEFs/kuEZ+FnV78bg0wpTUqkI/rCox+dVGo4Pjy6dLGxcJYZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByb0N2a1lUL1phVng1MGRM
eksyS0xoRjN1R05ST0h0WGRGdTdBLzF6VUhnCkZubHZYdjA4NFUxbUcxaGNFQ0li
bG1hU2ZFREV3L1U1dXFPbzhoOUJzWEUKLS0tIFFqejgyT1NTUlBtR2JHbTRQdHgv
MjhSMG9RMXhsaTNiOGdJZHp1NTlQVncKFgoAE/1sOMzAFmr4DaX7g7ARTvXiyBVq
tZo6WpI/85Ji9RlrtWYn5J7DSphF/2mW5J1H8/o7JBtuagfwxOOcHQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-20T10:15:31Z"
mac: ENC[AES256_GCM,data:lQxtdDeqM+TJLlZBHaFvnCXcOdHcdH0H2zVSttVJrSLuDg3LzYOA4yn/GjXhVEpja4orsBzcR5n7K73APswpk+goUF0xJOkR4mEnK50Ps8v9dA5A7zu/AX84bfHSwrrA0OUHCe+bVlRZaoSin0YWUwh3BjKeyaC/BQtA0YwC9bI=,iv:sDf6tiKwfPf/8DDUL49EvuO0h6pSa/ldix8inK7HOok=,tag:J8OeCaxRNCHtivhdquqU6Q==,type:str]
pgp:
- created_at: "2025-01-20T10:13:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQgAs52Iqin+cCEUQ+VouN+YXteBmNyAn+qUodu6Js/h8EFG
bwmFOlh3sVAV+VRN9AAqgU6KnJCoKkeuBnuyyk/JKkao6Ln2LY3rsxjOv9os9ZDg
3iv0e3/YEuAYwxEckW6a94oKfDTiSKQ9Rn2nhExiLr6NK2htsX0dnvdBK2gki5Em
mi6r+R5tJ1UrCwUZOpxPNfoe032NFtq/5XuHpBpOg04fAZEV956IApF1M0/zr00h
JetQRWJ5xqYIzbzTKA/HPJYXkfglWG1hkPX3f53fLUNtZth+JYvN43f+Ya53nvoG
UliIpPDl1SEceAKolJQAo0uizNHtcGVd9VtHy+IwFdJcAZM3klBWJk0gTbCBehD0
04DQKRxr5r2O8ZmPKNYcXVI65dDRm2mn6kFMKuE4d+CfsNgcXc8IuIJwbn/pemZ5
gT4glti2/mQCNKdyEeN5UF9vfysZALxT6d75tdY=
=4bah
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.9.2

0 comments on commit 72908a8

Please sign in to comment.