use agenix to manage some secrets

I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future.
author: Franck Cuny <franck@fcuny.net> 2025-06-08 20:01:34 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-06-08 20:01:34 -0700
commit: f67e56485509ce87bfc8d079813261848037104d (patch)
tree: 5478931cfaa2133939154821ee7f8b75149b3d07 /docs
parent: install agenix again (diff)
download: infra-f67e56485509ce87bfc8d079813261848037104d.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/secrets.org b/docs/secrets.org
new file mode 100644
index 0000000..04452dc
--- /dev/null
+++ b/docs/secrets.org
@@ -0,0 +1,15 @@
+* Secrets
+
+** SSH keys
+
+Get the ssh key from 1password with the following command:
+#+begin_src sh
+  op read "op://Private/nixos/private key?ssh-format=openssh" > ~/.ssh/nixos
+  op read "op://Private/nixos/public key?ssh-format=openssh" > ~/.ssh/nixos.pub
+#+end_src
+
+To create or edit a secret:
+#+begin_src
+  cd (git rev-parse --show-toplevel)/secrets
+  agenix -i ~/.ssh/nixos -e users/fcuny/llm.age
+#+end_src
author	Franck Cuny <franck@fcuny.net>	2025-06-08 20:01:34 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-06-08 20:01:34 -0700
commit	f67e56485509ce87bfc8d079813261848037104d (patch)
tree	5478931cfaa2133939154821ee7f8b75149b3d07 /docs
parent	install agenix again (diff)
download	infra-f67e56485509ce87bfc8d079813261848037104d.tar.gz