UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
862ae2c86417716bbd88a6cd86e15244dd8ca5ca
athenix/secrets/secrets.nix
UGA Innovation Factory 862ae2c864
All checks were successful
CI / Format Check (push) Successful in 2s
Details
CI / Flake Check (push) Successful in 1m42s
Details
CI / Evaluate Key Configurations (nix-builder) (push) Successful in 13s
Details
CI / Evaluate Key Configurations (nix-desktop1) (push) Successful in 7s
Details
CI / Evaluate Key Configurations (nix-laptop1) (push) Successful in 8s
Details
CI / Evaluate Artifacts (installer-iso-nix-laptop1) (push) Successful in 22s
Details
CI / Evaluate Artifacts (lxc-nix-builder) (push) Successful in 14s
Details
CI / Build and Publish Documentation (push) Successful in 10s
Details
chore: Run nix fmt
2026-01-30 19:19:38 +00:00

53 lines
1.7 KiB
Nix
Raw Blame History

# ============================================================================
# Agenix Secret Recipients Configuration
# ============================================================================
# This file defines which age public keys can decrypt which secrets.
# Used by the ragenix CLI tool for encrypting/editing secrets.
#
# Usage:
# ragenix -e secrets/global/example.age # Edit/create secret
# ragenix -r # Re-key all secrets
let
# ========== System Public Keys (Age Format) ==========
# Convert SSH host keys to age format:
# ssh-to-age < secrets/{hostname}/ssh_host_ed25519_key.pub
# Example (replace with actual age keys):
# nix-builder = "age1...";
# usda-dash = "age1...";
# ========== User Public Keys (for editing secrets) ==========
# These are personal age keys for administrators who need to edit secrets
# Generate with: age-keygen
# Example:
# admin1 = "age1...";
# admin2 = "age1...";
# ========== Host Groups ==========
allHosts = [
# Add all system keys here
# nix-builder
# usda-dash
];
admins = [
# Add all admin user keys here
# admin1
# admin2
];
in
{
# Global secrets (encrypted for all hosts + admins)
# "secrets/global/example.age".publicKeys = allHosts ++ admins;
# Host-specific secrets (encrypted for specific host + admins)
# "secrets/nix-builder/ssh_host_ed25519_key.age".publicKeys = [ nix-builder ] ++ admins;
# "secrets/usda-dash/ssh_host_ed25519_key.age".publicKeys = [ usda-dash ] ++ admins;
# NOTE: Until you populate the keys above, you can create secrets with:
# age -r <public-key> -o secrets/path/to/secret.age <<< "secret content"
}
Reference in New Issue View Git Blame Copy Permalink