From f67e56485509ce87bfc8d079813261848037104d Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 8 Jun 2025 20:01:34 -0700
Subject: use agenix to manage some secrets

I have some secrets that I want to manage for my user without having
to rely on 1password, and ensure proper rotation everywhere when
needed.

For now we only have two secrets (one for `llm` and another one is the
API key for anthropic for Emacs).

Will document the process better in the near future.
---
 secrets/secrets.nix                       | 9 +++++++++
 secrets/users/fcuny/anthropic-api-key.age | 6 ++++++
 secrets/users/fcuny/llm.age               | 5 +++++
 3 files changed, 20 insertions(+)
 create mode 100644 secrets/secrets.nix
 create mode 100644 secrets/users/fcuny/anthropic-api-key.age
 create mode 100644 secrets/users/fcuny/llm.age

(limited to 'secrets')

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..883ef91
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,9 @@
+let
+  users = {
+    fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+  };
+in
+{
+  "users/fcuny/llm.age".publicKeys = [ users.fcuny ];
+  "users/fcuny/anthropic-api-key.age".publicKeys = [ users.fcuny ];
+}
diff --git a/secrets/users/fcuny/anthropic-api-key.age b/secrets/users/fcuny/anthropic-api-key.age
new file mode 100644
index 0000000..9928518
--- /dev/null
+++ b/secrets/users/fcuny/anthropic-api-key.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Ia8+w Q6ksvKOR40oiVtNAp9Sa1iCfdef0ntgJ6cRnnSnbWzM
+h/i6oBh/E3iUAm1TCruFb5LUGTt3enbFhUcEuxkZ9TY
+--- 6uwnMUvrqZaUdXIX7NaYpAzFDB4imIjuoKFPjCKnG/w
+�����'L�dz�Vs�0G|ei"ە3*x���ɫ�uܴ�綳
4�#ᑪ�xƙJ�C(���ɒ:d��=17�$��m<��덷@�W'���#6z!���fe2�
+.��6R��A��0N�Q�Tkj��(ԉ)
\ No newline at end of file
diff --git a/secrets/users/fcuny/llm.age b/secrets/users/fcuny/llm.age
new file mode 100644
index 0000000..780fe5b
--- /dev/null
+++ b/secrets/users/fcuny/llm.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Ia8+w Bir55Uqpbc9LiWfeuhcrl5FluYT7WGKtY0SdSvS0w1o
+SjAYkn0OrDGIgd4yK709Wc+Y7d3LaSHWQAdSe9qkUr8
+--- 5p8VDC+lrVMyXPaWdNDPWrONSjsC36LsLeNJoMqmSN4
+7
=3��WDz$y�Y���fWg�L� ��9WS4!�������߱s�|�e�aIk����@��Z��;_ޫ��z�h1�
ߗq�8,�]�B�v�����P��JP�&��q�0Cr��FT��J�{�(2���t*�%������QE��K�a��҄�^��Q�p��A��gH,���~�H�/T�u�����ܡ���/��PR����=mfζ���w���R�mY{JC
\ No newline at end of file
-- 
cgit v1.2.3