Eurekin.pl_Cloud/terraform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
24249f65a582b4afd05dab3fb01f50450298f9a6
terraform/.gpg-keys
History
Greg Matoga 6a833738c2 Added second key to the vault + readme
2024-06-09 19:57:39 +02:00
..
m13.asc
adding gpg keys - 1
2024-06-09 19:27:20 +02:00
m15.asc
adding key #2
2024-06-09 19:28:55 +02:00
README.md
Added second key to the vault + readme
2024-06-09 19:57:39 +02:00

README.md

Initial set-up

On a new laptop, generate new key pair:

gpg --generate-key

Find the new key and note the fingerprint:

gpg --list-keys

[keyboxd]
---------
pub   rsa3072 2024-05-30 [SC] [expires: 2031-05-29]
      4F864F3EA770491488B90B4E8B6CEF1599D3CCB5
uid           [ unknown] Greg Matoga (Test Key) <greg.matoga@gmail.com>
sub   rsa3072 2024-05-30 [E] [expires: 2031-05-29]

Export the public part and place in this directory:

export FINGER_PRINT=4F864F3EA770491488B90B4E8B6CEF1599D3CCB5
gpg --export --armor $FINGER_PRINT > .gpg-keys/new-key.asc

Ensure all public keys are imported:

for key in .gpg-keys/*.asc; do              
    gpg --import "$key"
done

Now, in order to reencode the vault with new key:

sops -r -i --add-pgp $FINGER_PRINT tf-secret.enc.json

It should add the fingerprint to the .sops.yaml:

creation_rules:
  - pgp: D4EACAC991E3DF53D9E39FE0CB9CF7B8A8A86318,4F864F3EA770491488B90B4E8B6CEF1599D3CCB5

This will reencode all values with new master key and put public keys into the file. For other options, check doc adding or removing keys. Note that there might be some differences in the command options (e.g. -r instead of positional argument rotate).

Reference in New Issue View Git Blame Copy Permalink