keys: - &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc - &mew 65BD3044771CB6FB - &shanghai_osh age1ua5dukhxsmztpwqrcd25zyvdqhww565dn3uj5mqm7evg9khfjfnq66zywn - &nue_osh age19wwvlh83p4a3t76j8wzcmh2ns9w348ttff5n9h3zwnmxhm3vtgyqg7qh6x - &hakurei_osh age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq - &reimu_osh age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 - &utsuho_osh age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k - &aya_osh age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes - &tewi_gen age17haatqc7gpk9t690affyqcvwmhmz0us95en2r7qpqzw29tpq3ffspld0cf - &tewi_osh age172nhlv3py990k2rgw64hy27hffmnpv6ssxyu9fepww7zxfgg347qna4gzt - &tei_osh age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr - &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 - &litterbox_osh age1xg6zm9t25wjakljm54m38pjdr9q53jysdcl82r5xwkrn0cgyuvvsuh63eh - &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 - &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku - &logistics_osh age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py - &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66 - &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz - &sakuya_osh age1ehdj6hghtr8sf5s5c03rru4y3a02nwrt694e36tjnd6g7eq4l43qfradn6 - &minecraft_osh age16yjxkz4pzuu5qqenmyh9ecwmqkar6ehclvss7wx7mesdntwwy9ys6e7m3c creation_rules: - path_regex: 'nixos/secrets/.+\.yaml$' shamir_threshold: 1 key_groups: - pgp: &pgp_common - *kat - *mew age: &reisen_common - *hakurei_osh - *reimu_osh - *utsuho_osh - *aya_osh - *tei_osh - *mediabox_osh - *litterbox_osh - *keycloak_osh - *kasen_osh - *sakuya_osh - *logistics_osh - *minecraft_osh - path_regex: 'modules/extern/secrets/.+\.yaml$' shamir_threshold: 1 key_groups: - pgp: &pgp_common - *kat - *mew age: &extern_common - *shanghai_osh - *nue_osh - path_regex: 'systems/hakurei/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *hakurei_osh - path_regex: 'systems/reimu/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *reimu_osh - path_regex: 'systems/utsuho/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *utsuho_osh - path_regex: 'systems/aya/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *aya_osh - path_regex: 'systems/sakuya/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *sakuya_osh - path_regex: 'systems/tewi/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *tewi_gen - *tewi_osh - path_regex: 'systems/tei/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *tei_osh - path_regex: 'systems/mediabox/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *mediabox_osh - path_regex: 'systems/litterbox/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *litterbox_osh - path_regex: 'systems/minecraft/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *minecraft_osh - path_regex: 'systems/kuwubernetes/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *kuwubernetes_osh - path_regex: 'systems/keycloak/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *keycloak_osh - path_regex: 'systems/kasen/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *kasen_osh - path_regex: 'systems/logistics/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *logistics_osh - path_regex: 'systems/[^/]+/secrets\.yaml$' shamir_threshold: 1 key_groups: - pgp: *pgp_common - path_regex: tf/terraform.tfvars.sops$ shamir_threshold: 1 key_groups: - pgp: *pgp_common - path_regex: 'k8s/.*secret.yaml' shamir_threshold: 1 encrypted_suffix: 'Templates' key_groups: - pgp: *pgp_common age: - *kuwubernetes_cluster