diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-16 18:58:03 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-16 19:20:32 -0800 |
| commit | be8a70645220298b40be1b44e0888e9f54c0ce89 (patch) | |
| tree | 7fa192e9907a0199cc32ef5bd24f41007078c32d /README.org | |
| parent | rekey all secrets with my age keys on the yubikeys (diff) | |
| download | infra-be8a70645220298b40be1b44e0888e9f54c0ce89.tar.gz | |
simplify secrets management with dynamic public key generation
Diffstat (limited to 'README.org')
| -rw-r--r-- | README.org | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -59,18 +59,29 @@ nix run github:nix-community/nixos-anywhere -- --flake .#rivendell --build-on re Update records through the [[https://dash.cloudflare.com/2c659eeaf2ae9a0206c589c706b3748e/fcuny.net][console]]. * Secrets -Start by synchronizing the SSH key by running =sync-ssh-key= in the repository. Then, to create or edit a secret: +Get the identity under =secrets/identity.txt= with: #+begin_src sh cd (git rev-parse --show-toplevel)/secrets -agenix -i ~/.ssh/agenix -e users/fcuny/llm.age +age-plugin-yubikey --list --slot 1 > identity.txt #+end_src -And to rekey a secret: +To create or edit a secret: #+begin_src sh cd (git rev-parse --show-toplevel)/secrets -agenix -i ~/.ssh/agenix -r +agenix -i identity.txt -e users/fcuny/llm.age #+end_src +And to rekey the secrets: +#+begin_src sh +cd (git rev-parse --show-toplevel)/secrets +agenix -i identity.txt -r +#+end_src + +You can validate that the file is correct with: +#+begin_src sh +cd (git rev-parse --show-toplevel)/secrets +nix eval --file secrets.nix +#+end_src * Network ** Wireguard *** New host |