diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-06-12 07:40:53 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-06-12 07:40:53 -0700 |
| commit | ec2afd9e927a521edfb68ad9eb3e0e8391d12156 (patch) | |
| tree | f348f44d197acf8ee9fff40fef5e04cc1c69b15b /docs/secrets.org | |
| parent | configure `aspell` properly to work with Emacs (diff) | |
| download | infra-ec2afd9e927a521edfb68ad9eb3e0e8391d12156.tar.gz | |
use a dedicated SSH key for agenix
The key is still stored in 1password, and we add a script to
synchronize the key to the host.
The existing keys have been rekeyed with the new key.
Diffstat (limited to '')
| -rw-r--r-- | docs/secrets.org | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/docs/secrets.org b/docs/secrets.org index 04452dc..10d4e9b 100644 --- a/docs/secrets.org +++ b/docs/secrets.org @@ -2,14 +2,16 @@ ** SSH keys -Get the ssh key from 1password with the following command: -#+begin_src sh - op read "op://Private/nixos/private key?ssh-format=openssh" > ~/.ssh/nixos - op read "op://Private/nixos/public key?ssh-format=openssh" > ~/.ssh/nixos.pub +Start by synchronizing the SSH key by running `sync-ssh-key` in the repository. + +Then, to create or edit a secret: +#+begin_src + cd (git rev-parse --show-toplevel)/secrets + agenix -i ~/.ssh/agenix -e users/fcuny/llm.age #+end_src -To create or edit a secret: +And to rekey a secret: #+begin_src cd (git rev-parse --show-toplevel)/secrets - agenix -i ~/.ssh/nixos -e users/fcuny/llm.age + agenix -i ~/.ssh/agenix -r #+end_src |