update sops config. Decided to use an approach when encrypted file contains only secrets. This approach does not require to configure encrypted_regex stuff.
.env files are going to be used for .env secrets for containers that can't read secrets from file. .yaml files are for secrets that can be converted into docker secrets (key - file name, value - file content) because it easy to extract such data usyn `yq` than trying to parse .env files.
This commit is contained in:
v.karaychentsev
@@ -1,6 +1,9 @@
|
||||
creation_rules:
|
||||
- path_regex: '(^|[\\/]).*\.sops\.ya?ml$'
|
||||
- path_regex: '(^|[\\/]).*secrets\.sops\.env$'
|
||||
age:
|
||||
- age1ua9qahphsqf2x8ew2n4umapp23a66t0eccccc0d5etp82n8tsqgsfc8qjk # me
|
||||
- age1nw388umnlxfj3cg9lqjyltghfx6w709nam8s2x826c3nxla9famq3uya73 # server
|
||||
- path_regex: '(^|[\\/]).*secrets\.sops\.ya?ml$'
|
||||
age:
|
||||
- age1ua9qahphsqf2x8ew2n4umapp23a66t0eccccc0d5etp82n8tsqgsfc8qjk # me
|
||||
- age1nw388umnlxfj3cg9lqjyltghfx6w709nam8s2x826c3nxla9famq3uya73 # server
|
||||
encrypted_regex: '^(DB_PASSWORD|API_KEY)$'
|
||||
|
||||
Reference in New Issue
Block a user