state: add Vault Transit as primary SOPS backend, age as fallback
- .sops.yaml: add hc_vault_transit_uri for transit/keys/sops-state - state-sync: try Vault Transit first, fall back to age key on disk - Re-encrypted all 101 state files with both Vault Transit + age - Normal workflow: vault login → decrypt via Transit (no key files) - Bootstrap/DR: age key at ~/.config/sops/age/keys.txt
This commit is contained in:
Viktor Barzin
parent
9f80eb7ba0
commit
4e7ca1ad61
96 changed files with 57526 additions and 56754 deletions
|
|
@ -1,5 +1,6 @@
|
|||
creation_rules:
|
||||
- path_regex: '\.tfstate(\.enc)?$'
|
||||
hc_vault_transit_uri: "https://vault.viktorbarzin.me/v1/transit/keys/sops-state"
|
||||
age: >-
|
||||
age1z64h9t3acsm2rr74pz7j4846kwj5tutx9sk78jqv46y8fln4vs2sy920ce,
|
||||
age1rekkad48r2wzhwqgfetw5yugu3ln3qlht4xg3txmx55tee8cveess60r90
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue