fix: ensure that dk1 and dk1-iso share the same key, and keep secrets updated

2025-04-26 19:06:03 +01:00 · 2025-04-26 19:06:03 +01:00 · c84cb9b723
commit c84cb9b723
parent 0829df3b5d
2 changed files with 16 additions and 7 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,9 +1,9 @@
 keys:
  - &sv1 age1zr5m64rzl8r5pk5cnwcfycc8ze09lx4xqa6s0cpkf24gwwxxpy2sltfsug
-  - &dk1-iso age14x7k4stulqyp849x3uksprk2w3vjyn6pjlvgrp6up3tem6g6xucqvms68t
+  - &dk1 age14x7k4stulqyp849x3uksprk2w3vjyn6pjlvgrp6up3tem6g6xucqvms68t
 creation_rules:
  - path_regex: library/secrets/.*.yaml
    key_groups:
      - age:
        - *sv1
-        - *dk1-iso
+        - *dk1
--- a/library/secrets/sb1.yaml
+++ b/library/secrets/sb1.yaml
@ -9,11 +9,20 @@ sops:
        - recipient: age1zr5m64rzl8r5pk5cnwcfycc8ze09lx4xqa6s0cpkf24gwwxxpy2sltfsug
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdlpSYXhOdndtS0Y0QTRz
-            N2pxczhIQVBWSnV1dnY3WDVVRlErYnh4OWdnClRUSjVXeWMrTmxWVEVGT0V6YUMr
-            V2ovSVhpcmRIN3ljWUx0cmJnSnBzMzAKLS0tIHBNalN3emcrbjZZcytoVFgyQTh2
-            elREcXRxeGdVTW1TZGtKelVURkdlWW8KSWpXIAL0Vb1a3un8WIcjMNbIbR41VcK2
-            604AZYjooB6OzX2sOkGOOAIvB17S2nesL/nQUobWkM8bQSuH/TgR5g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZWllVjN5TE1YUENueFFo
+            NVZDbXc5cEFBZ25PaVVRYWtGN3ZuMDI3cVhnCmRSM0g3SzU3dWZueGF2dGZYa01z
+            OFFuMVFIbFdRUkFGaDcyWThnME56cW8KLS0tIFkxanBHUEdOOEJ1cXppSmhDUUdC
+            czExSmg1YWo4YlZQM0plSG5vNnpsR28KQ8v96L/EcZmyBFnKjhJPsgN6miKdWHGt
+            61KwpMn8g89+f+QdFfji4NkJfteeLsnHMG+JKzoetVB05Xp+cDwfmg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age14x7k4stulqyp849x3uksprk2w3vjyn6pjlvgrp6up3tem6g6xucqvms68t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkQ2d2ZVlpTG5NTnZ0RHYx
+            WDVyMlkvVHdhNCtPSFluSHVQSW4yM1dhdmc0CktUazdwK1J1ME1CZERnZlRDM25p
+            bFczQ2hUYWY5YVZ0TTU3R2FLSHk4RkEKLS0tIGJBVkEwcDk4MjdJL3FMVnVXd0ZO
+            YS9pM3VKcTlTSVArK1B3ZHZnRzhvQW8KfdvpHYMWHkTaprrB1WgRIBHzQnaWeKmp
+            Rx6xKwOeTaIS4g62Lv9M9uHJzaVD2v22Q53MNeHOPS+47D7XBrstrA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-01T22:35:24Z"
    mac: ENC[AES256_GCM,data:PH0lfE79d1ZuE0YyMZuWhpZNu1OHh+9JMNbr66RJoRRPpLa134Y6mQE+PzZXOZ0PR2mT+VOrkNhNRhzEhr79oScM0d3ahBfKVY8VcNpvP34Llb9PQWPAZpQ5moa9o6g850bLrXl3XolLPEMpZg4BVa5EzFjo9BXNbuSY/zoW2x0=,iv:my+mb+qbjDs3iHdmaEptylgHbNu7a6zwHx2NEhlwi1Q=,tag:YfEYhl4QOulNbKALLB8ylg==,type:str]