18 lines
772 B
YAML
18 lines
772 B
YAML
keys:
|
|
- &personal_pgp_key 0x141576B17B4AE789
|
|
- &pc_main 0DCB1C584AECEB2674BB76C179FE3B714935CDAB
|
|
|
|
creation_rules:
|
|
# This rule applies to any file named 'secrets.yaml' directly in the 'secrets/' directory
|
|
# or 'secrets/github-deploy-key.yaml' etc.
|
|
- path_regex: "secrets/.*\\.yaml$"
|
|
key_groups:
|
|
- pgp:
|
|
- *personal_pgp_key
|
|
- *pc_main
|
|
# Add host keys for decryption on the target system
|
|
# sops-nix will automatically pick up the system's SSH host keys
|
|
# as decryption keys if enabled in your NixOS config.
|
|
# So you typically don't list them explicitly here unless you
|
|
# want to restrict it to specific fingerprints, which is rare.
|
|
# This part ensures your *personal* key can decrypt it.
|