state: add Vault Transit as primary SOPS backend, age as fallback

Browse source

- .sops.yaml: add hc_vault_transit_uri for transit/keys/sops-state
- state-sync: try Vault Transit first, fall back to age key on disk
- Re-encrypted all 101 state files with both Vault Transit + age
- Normal workflow: vault login → decrypt via Transit (no key files)
- Bootstrap/DR: age key at ~/.config/sops/age/keys.txt

...

This commit is contained in:

Viktor Barzin 2026-03-17 22:56:33 +00:00

parent 9f80eb7ba0

commit 4e7ca1ad61

96 changed files with 57526 additions and 56754 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

942

state/stacks/webhook_handler/terraform.tfstate.enc

View file

File diff suppressed because it is too large Load diff