Rename sops secret files
onedr0p opened this issue · comments
Devin Buhl commented
Following the advice of @mirceanton I should rename sops secrets so unencrypted secrets have an extension of .secret.sops.yaml
Mircea-Pavel Anton commented
unencrypted secrets have an extension of .secret.sops.yaml
ENcrypted secrets should be *.secret.sops.yaml
DEcrypted secrets should have an extension of *.secret.yaml
.
Mircea-Pavel Anton commented
Also, do not forget to:
.gitignore
the unencrypted secrets (https://github.com/mirceanton/home-ops/blob/main/.gitignore#L16-L17)- update the
.sops.yaml
config (https://github.com/mirceanton/home-ops/blob/main/.sops.yaml#L10-L15)
Additionally, this naming convention opened up the door for a few QoL improvements in my repo, in case you're interested:
- script to batch-encrypt all secret files (https://github.com/mirceanton/home-ops/blob/main/scripts/sops-encrypt-all.sh)
- script to batch-decrypt all secret files (https://github.com/mirceanton/home-ops/blob/main/scripts/sops-decrypt-all.sh)
- taskfile automation for
sops
(https://github.com/mirceanton/home-ops/blob/main/.taskfiles/sops.yaml)
Devin Buhl commented
Thanks 👍 This was mostly done in 88f7695