-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.sops.yaml
More file actions
56 lines (50 loc) · 1.49 KB
/
.sops.yaml
File metadata and controls
56 lines (50 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Example:
keys:
- &sre $SOPS_AGE_PUBKEY1
- &group1-bp-a-1 $SOPS_AGE_PUBKEY2
- &group1-faucet-a-1 $SOPS_AGE_PUBKEY3
creation_rules:
# -------------------------------------------------------
# General environment secrets are admin only
- path_regex: (secrets|workbench)/envs/.*$
key_groups:
- age:
- *sre
# -------------------------------------------------------
# Group no-deploy secrets are admin only
- path_regex: (secrets|workbench)/groups/[^/]+/no-deploy/.*$
key_groups:
- age:
- *sre
# -------------------------------------------------------
# Group producer and other secrets
- path_regex: secrets/groups/group1/deploy/.*faucet.*$
key_groups:
- age:
- *sre
- *group1-faucet-a-1
- path_regex: secrets/groups/group1/deploy/.*$
key_groups:
- age:
- *sre
- *group1-bp-a-1
# -------------------------------------------------------
# Workbench pool onboarding -- modify during creation
# Modify and add specific block producer keys as needed
- path_regex: workbench/groups/deploy/[^/]+/.*$
key_groups:
- age:
- *sre
# - *EXAMPLE_MACHINE_KEY
# -------------------------------------------------------
# Secrets and workbench catch all
- path_regex: (secrets|workbench)/.*$
key_groups:
- age:
- *sre
# -------------------------------------------------------
# State-demo functionality test
- path_regex: state-demo(-ng)?/(envs|groups)/.*$
key_groups:
- age:
- *sre