generated from yuvipanda/hubploy-template
-
Notifications
You must be signed in to change notification settings - Fork 6
/
.sops.yaml
38 lines (37 loc) · 1.23 KB
/
.sops.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# This is a configuration file for mozilla/sops, a CLI for encrypting/decrypting
# content. See https://github.com/mozilla/sops.
# This is a file that configures SOPS to assume it should use a specific keyring
# and key if encrypting a new file. If it is to decrypt an existing file, that
# information will be available as metadata and this is not needed.
#
# To authenticate yourself sufficiently:
#
# GCP:
# gcloud auth login
# gcloud auth application-default login
#
# AWS:
# See infra/cloudformation-sops.yaml comments
#
# To setup a new keyring and key:
#
# GCP:
# gcloud kms keyrings create l2l --location global
# gcloud kms keyrings list --location global
# gcloud kms keys create main --location global --keyring l2l --purpose encryption
# gcloud kms keys list --location global --keyring l2l
#
# AWS:
# See infra/cloudformation-sops.yaml comments
#
# To encrypt a new file:
#
# sops --encrypt --in-place deployments/l2l/secrets/common.yaml
#
# To edit an encrypted file:
#
# sops deployments/l2l/secrets/common.yaml
#
creation_rules:
# - gcp_kms: projects/neurohackademy/locations/global/keyRings/nh-2020/cryptoKeys/main
- kms: arn:aws:kms:us-west-2:423786577274:key/80fbf43c-a522-4625-ac6d-e6482ddb97e4