This repository has been archived by the owner on Feb 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.sops.yaml
46 lines (46 loc) · 1.78 KB
/
.sops.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---
creation_rules:
- path_regex: cluster/.*\.sops\.ya?ml
encrypted_regex: "^(data|stringData)$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: cluster/.*\.sops\.toml
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: ansible/.*\.sops\.ya?ml
unencrypted_regex: "^(kind)$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: kubernetes/.*\.sops\.ya?ml
encrypted_regex: "^(data|stringData|fromCIDR|clusterDomain|k8sServiceHost|cidrs)$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: machineconfigs/.*.yaml
encrypted_regex: "^(crt|certSANs|dnsDomain|endpoint|secret|bootstraptoken|clusterName|hostname|secretboxEncryptionSecret|token|key|password|addresses|gateway|id)$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: secrets.yaml
encrypted_regex: "^(secret|bootstraptoken|secretboxencryptionsecret|token|key)$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: kubeconfig
encrypted_regex: "^client-key-data$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: talosconfig
encrypted_regex: "^key$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm
- path_regex: ^kubernetes\/.*\/gotk-components[^\/]*\.ya?ml$
encrypted_regex: "^(args)$"
key_groups:
- age:
- age1ms2d7n4yhaq0mdap4cfyaq2xtfutlachqapkjfr0z2qr7ghc2ckq000jhm