From 6453dec3b4e6985e48235ce4a80737ff20429e3b Mon Sep 17 00:00:00 2001 From: Angel Nunez Date: Sun, 10 Nov 2024 00:07:48 +0000 Subject: [PATCH] mention that multiple .sops config files might be used --- Tenant--Wiki.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Tenant--Wiki.md b/Tenant--Wiki.md index 5920d6b..159eb7a 100644 --- a/Tenant--Wiki.md +++ b/Tenant--Wiki.md @@ -123,6 +123,10 @@ age-keygen -o "$HOME/Library/Application Support/sops/age/keys.txt" Edit the [`./sops.yaml`](https://git.kvant.cloud/phoenix/tenant-tpl/src/branch/main/.sops.yaml) file and add your public key that you have generated previously. +Please notice that you can copy this file into any subfolder of your project in case you need to have different keys depending +on your secrets file. This is useful to limit who has access to the production secrets while all developers might have access to +the dev secrets. + ```shell $ cat .sops.yaml @@ -165,7 +169,7 @@ key In case add/remove a key secret generated previously will need to be reencrypted with the appropriate key. We have place a [shell -script](https://git.kvant.cloud/phoenix/tenant-tpl/src/branch/main/scripts/rewrap-secret.sh) that will do that for you. +script](https://git.kvant.cloud/phoenix/tenant-tpl/src/branch/main/scripts/rewrap-secrets.sh) that will do that for you. It will reencrypt all the secret that it will find in folder and subfolder following the .sops.yaml rules files of your directory.