state: add Vault Transit as primary SOPS backend, age as fallback
- .sops.yaml: add hc_vault_transit_uri for transit/keys/sops-state - state-sync: try Vault Transit first, fall back to age key on disk - Re-encrypted all 101 state files with both Vault Transit + age - Normal workflow: vault login → decrypt via Transit (no key files) - Bootstrap/DR: age key at ~/.config/sops/age/keys.txt
This commit is contained in:
Viktor Barzin
parent
9f80eb7ba0
commit
4e7ca1ad61
96 changed files with 57526 additions and 56754 deletions
|
|
@ -1,40 +1,40 @@
|
|||
{
|
||||
"version": "ENC[AES256_GCM,data:og==,iv:qY8l2gQEBqoREM0ytOlMt/7J/dY7D3+AV2p0MdIi4RM=,tag:5wHqtWQvlaNoyzfWnpBmdg==,type:float]",
|
||||
"terraform_version": "ENC[AES256_GCM,data:kVj+29M=,iv:I2Mpj1oRE2LjINjNdBv/yenoPL/P/2TKv2DrMkATRco=,tag:ThZvYtXTHuPCffSLUQA18A==,type:str]",
|
||||
"serial": "ENC[AES256_GCM,data:v5Ur2A==,iv:B0OfZIxi5JmROb5cyoFyXvPPr7SKK0L7BdVWl3UP7gA=,tag:7nswr0K7k7EXiN+hqnUbgQ==,type:float]",
|
||||
"lineage": "ENC[AES256_GCM,data:ZxAlvuQ7L2IPnzCY8HABVsy74PvR0450nekoug99wEam21Vi,iv:1Z3QCev7PGd5oq6c/XRsTlrvXUDnRl9w2p8rN8qAq+Y=,tag:HItgNZA/Wpdcu8kWmoQ9ig==,type:str]",
|
||||
"version": "ENC[AES256_GCM,data:gg==,iv:6gqI/+OCaOpTBw9NEblLtKu/ZSgf63hSfOSA3bTvj40=,tag:K6T9tmsesu3zu3De7w2zEg==,type:float]",
|
||||
"terraform_version": "ENC[AES256_GCM,data:oMNFbMA=,iv:TQokoEZjKlMIvkv13vORFOAJ1Hp5BfDiYrYxVfah1gk=,tag:ROisE72Saiuy0cPMhQxruQ==,type:str]",
|
||||
"serial": "ENC[AES256_GCM,data:trhHYA==,iv:Gxryo5SSnrZ/4lVDvYoz3dmIvSlZYWE8CIZpbASqpF8=,tag:1HVVXC5rzEgCDWcgiaXidQ==,type:float]",
|
||||
"lineage": "ENC[AES256_GCM,data:tN373OYM8ydvq36fIM1/qIt34s6o3e/RQ7HpCq+ScJXCvOIt,iv:Vsj+o2q09HnX7qJBmQbwo6qDsrIc3ym6JRacHA64rqg=,tag:axyJLxF9emiDW4gsVuhq3A==,type:str]",
|
||||
"outputs": {
|
||||
"mysql_host": {
|
||||
"value": "ENC[AES256_GCM,data:pm+oYqpVR1X0kKklO6OPJW5vkZTpNHyxdBytS/M=,iv:5BJagZy/RUy2iBK7aIXv3YYmAnidOVMnY1ekNof4RvE=,tag:hZYDhTk1Odgn7YUJXIpedA==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:gf5uN05g,iv:C6Qs/K3es4wq4MNbYZpP6tm5hAisfNbLmXcEpCGJmZw=,tag:iL1u44wTFBAIla6f/BSNTA==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:AZpdune+QSAxZr5e1vtozh4xadx8exmhEX6xWFI=,iv:nPYatuzNU3lNrfi+VYtrfYkKhd1Hh6ShmdKD0h3qyDI=,tag:7tXmYrKreOGx+aqXgQU05w==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:sVkaa865,iv:3txygPvyVTIokxa38LlFeZfi0Yx7zXePQp8sjQgMTIY=,tag:iHf1YEZy717h09s4uvZVSw==,type:str]"
|
||||
},
|
||||
"mysql_port": {
|
||||
"value": "ENC[AES256_GCM,data:mpIgJQ==,iv:tMfO1Cbq4vgp66aMOSW/5hvzc2mq9+1nSVPTMGNYENw=,tag:vYOIiC4gh6Z+gLztRJVi3g==,type:float]",
|
||||
"type": "ENC[AES256_GCM,data:2fn1yRJF,iv:Bvy3CQIRPgryGknvmO5V1IyjE0UzG7F4FE1+vpYESA4=,tag:kCHPdeAG2h+HT5Dg7leyTg==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:C3dnuA==,iv:4JdBI1X7RrsGzi8pvwzMydWFYBDhX2H8n+acODjpqUo=,tag:P+6BL7cLMr9ANtr4QmAaAQ==,type:float]",
|
||||
"type": "ENC[AES256_GCM,data:5J/P0Vp5,iv:/w/u3Y9JPmXsCFw55iDrGS7lqZRUCB7cKIRYRaKrBTQ=,tag:ai40Ccx76WOhi56yDWDsTw==,type:str]"
|
||||
},
|
||||
"postgresql_host": {
|
||||
"value": "ENC[AES256_GCM,data:mj3ckD6H2I3OZv1B7+vwI9twZVQDPEZT9OrO8X6Ziwwy7Q==,iv:BD+kOSPuF0+Uy8lwZxFvIGocTszDdW63ZcY0QmgNoOY=,tag:bOQ+O+ocdbqqueH7NryCDQ==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:WKxXs5Ug,iv:qh5syEow0mKxTOLVjfEC3ggnt6E+JO8BFnd2ZSAk7F0=,tag:XM5xUCgP3Wt6S115SbNAOA==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:1ekdrE4LiGoplBaSFsuBH/brcXbyazIIRgQHMktzEQrllQ==,iv:xNF8NZhhc2JK6ajhmBP0x/d7V5Dx074nEXVpbDlU1Qs=,tag:Tcn2u+R8v57yVTpT7LLC/g==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:IZIeKff9,iv:qNU2pbDypWHSepsyiTpXabksXKLTnoHGeheDdYaH3TI=,tag:aLWLRLfVm+05RcVfObw7nw==,type:str]"
|
||||
},
|
||||
"postgresql_port": {
|
||||
"value": "ENC[AES256_GCM,data:tGaL5A==,iv:x/dANCZJWtjMkXWa1Dkwph42tNRufGCrEUtd9/xSNhk=,tag:qeqJ/pmVuGw1/DQVbYlR0A==,type:float]",
|
||||
"type": "ENC[AES256_GCM,data:q7twy1JU,iv:sWVuIDSTmVVkRgcFTXrZaTov2+B/lzhXYbX8M9J3Jys=,tag:rDb13ouidxOaWWjLfZ0uSA==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:k75w8g==,iv:63gHtVH1HlIn+XlCKqwbEIE8cpD9L2AaU82LTWmvpC0=,tag:Ldxgz3+6jqdBQRJCHg0s4g==,type:float]",
|
||||
"type": "ENC[AES256_GCM,data:YlzaGs8t,iv:VNmov+FjDq/3IM4MaF17OvOHQY4Oovo/jiWUWikEnqQ=,tag:/vo6iYEABQ6APpfgvd3u5w==,type:str]"
|
||||
},
|
||||
"redis_host": {
|
||||
"value": "ENC[AES256_GCM,data:ur6VEK9eh5ZZK408nK4Q5rL4qjuLCE1gAq9GaOs=,iv:y5KGfL+nG6cckMoZoGZpoHL7hPVdJoekYl/OdkdiJfQ=,tag:598eLncSKxFXG75kklUXGg==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:rAr0J4ge,iv:cY5oQIDQLYHDSz2oaK9qXQXgzNqVZu9P+Yr7BhwzBRg=,tag:JZAXsBrqMwZMrhLBk+hiIg==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:Gl+eNPp68F23cqzLzM0gPZ3ExCNxdwycM+bvWqk=,iv:zaxp2yEKiqbV3sH6lQ4a0KU01cH0eyFLg9u5TwhyOLw=,tag:+oEqnqIt4bCGL24aNK+04A==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:4Gt43It4,iv:6Qs27iHhwe4VVnCeYvuCydbvK2Kc9Ankes5FFwczHCs=,tag:nt3kL8Lv1A8JxTIET5Q68w==,type:str]"
|
||||
},
|
||||
"smtp_host": {
|
||||
"value": "ENC[AES256_GCM,data:+EKWlfx1L7lYnw40aI1VA4o+azA=,iv:4eWclJ3ko26Ql4+NtUnwogp91DGiiP2B27GOoeQz91w=,tag:1Vn+RxcJZSv4NOcX6CUqdQ==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:yEaDy0Fg,iv:zRqVLxUdLCPD3EX9lAjk/tTzCNae10mVIzIZ/KC0n2c=,tag:muFSpr27Cxh3SQBPjVrNGA==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:X2p7abQ2kxr7kJo0Z7eMjCmYfAY=,iv:mbgzdH0U+qKqUBBz4l3JTg8+XOZPcpkqAa/pkKBCw7U=,tag:+q1rwgtABhCrxLWrLjuCeg==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:FygA4cA2,iv:/dcXlouH2IsHTnaUzL3+72091faiYhYpulzqSeT6Ntw=,tag:dFhofYhHE1oWOeUOuez+Xw==,type:str]"
|
||||
},
|
||||
"smtp_port": {
|
||||
"value": "ENC[AES256_GCM,data:88s/,iv:HFzFPS0e4ZfScvPWd+P5k2L53BMciStkSI3isuR1zR8=,tag:8yBiEqu+svSLD6bRm1+5jQ==,type:float]",
|
||||
"type": "ENC[AES256_GCM,data:3+wM4EQN,iv:lGz62/xIBahJiyWqXFhb1cojBy3CmiVCKz8qOH/IpRk=,tag:rEoT4usfX6oSH9QbaKm8Dg==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:V8sP,iv:O6l0gJsxDmJpePIVWW9FmL4hX0UULBQI7gwIf9cAJ+8=,tag:e9vWgjr0zSFxxOBs8W31Ag==,type:float]",
|
||||
"type": "ENC[AES256_GCM,data:FEIK/hDT,iv:Jxi4W/0MZAU1Qho5i3pt1Zd4BffmZzf4vq7Tu3LUUws=,tag:ATf9u5m+zXYxvsRIY/nzeg==,type:str]"
|
||||
},
|
||||
"tls_secret_name": {
|
||||
"value": "ENC[AES256_GCM,data:Fd7+0tcWU+0YHg==,iv:sBBdKgZR//5jntMpLUvl3fjmSGu/LmDSNqUuj05/Rno=,tag:pxv8JtNC5uNyzo3ljo5lyw==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:KcgqA2rr,iv:ZgvKTv1B9JkbQALCZ/FcvtWVJHr52wBHsuXNByRCToQ=,tag:fFsudukv7T3Z3Y7TkijF4Q==,type:str]"
|
||||
"value": "ENC[AES256_GCM,data:3SW+vrLRn7h3+w==,iv:dOcJAHU/Ejdp66WLBtxqz691/+0ZdztdYGC3/iwiKtc=,tag:lYtSsG7SGwVEQierasY0PQ==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:61O0UbII,iv:jP+iorlm763zzlt55RF518JoMKXM/6NQ9zXGt6ZfYCI=,tag:Dwu5mEUXQZtUOOnrw989IA==,type:str]"
|
||||
}
|
||||
},
|
||||
"resources": [],
|
||||
|
|
@ -43,19 +43,27 @@
|
|||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"hc_vault": [
|
||||
{
|
||||
"vault_address": "https://vault.viktorbarzin.me",
|
||||
"engine_path": "transit",
|
||||
"key_name": "sops-state",
|
||||
"created_at": "2026-03-17T22:55:17Z",
|
||||
"enc": "vault:v1:EuJ1R1m5FRD+SjpOZfaAkwvTCmoJ3+2PKKh1H+6Ts6jkNGF265YBWVbSEMR0h6IzcYmCaqsrmwrUmHdD"
|
||||
}
|
||||
],
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1z64h9t3acsm2rr74pz7j4846kwj5tutx9sk78jqv46y8fln4vs2sy920ce",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlS0cxZFlwY1M1TFhQeUxh\nTXdBc3VQalZJV29kTWV6WklMQndvaTRuZVhzCmNpMDk0UU5hSEZvTkQzQ1VUZ0lI\neUdrcnkyalBmbTNRNEJrZlplVDNCTjQKLS0tIHFyNzVRZmNxVTlDNjFBRUZDMXF0\nSHpLL2szaVJEQXdZdktyWktZUkY0SjgKSbeGagNdGHn4nbhqLHVMS5OeFRgqBWUS\nja+iF9QkjSbjOtZlU+rK+iYrutwe5VJF/xLpNX3t3hMUQij/wt7alg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUUMvcVArSnY1WWtWdm9D\na3RmTnNtQkZiVVdzbEFUY2d0WmtZeGM2SEVNClRlS0RObmY2VEtnaTQ0RlhBMEhI\neUlMT3JYanFEdjJlVEpPR2RYMEordDAKLS0tIDdCOXZrWiszTUQ0YlVZZGluc1Er\nRU1xZEtDT0p2ZkRNbTUyMXNFL0hmcXcKt1eo2/Gl5OY+5Fy0juBA/BFk1fwitV4n\nawS82DLnFjNv2zoB2CrqC/hQUBRzE4EDPowUkTeSMVWZYchQPPo4Zw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1rekkad48r2wzhwqgfetw5yugu3ln3qlht4xg3txmx55tee8cveess60r90",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdVBxNW1TTkJtNnYydUIz\nTVMrSlR2cTJMbS81ZDB6YnN2ekVRZzBVSmt3CnB1OVhnMTVHaFdHZDlhenZtMWFI\nQTFxVkpCM2U2TmxBc3ZKbjYwOThGZDQKLS0tIFUrYktWNkZLWk1heE1JdjZDdEVm\nbEZNRXd2cENNMnV2NldzZTNMeHR3SEEKgRB9l7RG9Q0/1jW0cjwmfSp8q5hgd+XR\n9gzTc+JQ0TYIHGobkG70z8j+9VrwPxDwGqxoVtb86WGP1Mc+Z59orQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbTRnZi9NVW5FeS8zaW5D\nYW41MTU2dVJuTy9rUGwya2MvZW1YSDgvbmc4Clg5blpWNWY4UmVMdkVmNmRzMy9v\nTVhjc04rUTJFbkxsRUJnK2hRTlF3M2MKLS0tIG5jRlRQMjAvUWtFMEQyU1hDWU5N\nODNhaEJQeTRFTHhkZGVpV2pmd2FrV1UK7n3YOP6eIUbb4FZykHNn1cu9ED3kSzmK\naODTBe+HG/Tz7Y+BpvLqWmT0kp8meqC2TN1elEf1Ae2HxVAvdLcp1w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-03-17T22:35:08Z",
|
||||
"mac": "ENC[AES256_GCM,data:0wIyvpo/t22fYRgAft9RDBSohJTJ3lqzGyFAlGVkLdo88/i6C2fw6Z/MDt3HdaLyeezYjteFMI9Yt2vQhsfA8CzDEJ2uIGJt16DBhnSl77rMnJmC8t4Uf9vYwWBIOtPpiGXGhtI3bO3vmjWINrWm7Zu9Vrtts3Z4Qe6E+4sZ3hg=,iv:kW3r9M6SPdc/K2+hph2ZR7eMpSkj2Bi69k8k3PnuZqE=,tag:Funftwov3xewsGksJJDNNQ==,type:str]",
|
||||
"lastmodified": "2026-03-17T22:55:17Z",
|
||||
"mac": "ENC[AES256_GCM,data:TwGx2rbpOxaAEcijZwZcVN7pszTPcGAKrhaRRIEp+wMa4fpcQXBhxs7jfgoQ2R7ntwWRqrJFADnZPGTpusUT96W20ixm4TKWgkw3fj7wA9j5/KLQbHTEvFpSfb8Ozg12MIchfNQgWWELkdKZZndcfQaQID1H85Fr5PKIrVDZW8E=,iv:XVXPo6moEbebCemBLQCzhv5hm7zPo2jV5NDxlEvYvmE=,tag:f4ZjmjqyS4EKJnbwXKsafA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.4"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue