e04efa1cb1
Resolves #20 Changes: - Add hcloud_token to secrets/shared.sops.yaml (encrypted with Age) - Create scripts/load-secrets-env.sh to automatically load token from SOPS - Update all management scripts to auto-load token if not set - Remove plaintext tokens from tofu/terraform.tfvars - Update documentation in README.md, scripts/README.md, and SECURITY-NOTE-tokens.md Benefits: ✅ Token encrypted at rest ✅ Can be safely backed up to cloud storage ✅ Consistent with other secrets management ✅ Automatic loading - no manual token management needed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
27 lines
3 KiB
YAML
27 lines
3 KiB
YAML
#ENC[AES256_GCM,data:/eh4zz6uEw7qlElFH0QH6C78W+bwRwzUfrVw1w0+5poZOQl136b+6e4=,iv:t/wsXLGjDe+Lf3Cvp5R4VATw3olGLVJ1H2RUSFlOMF8=,tag:D7kzKpDHGtCY+E67LJeKkQ==,type:comment]
|
|
#ENC[AES256_GCM,data:VM0dHs+tOx/1Z6oamSlAa21A4M2He4KuNLXsPdM6/leqvus5M+k=,iv:61HeqUFJBEVw2Ge5jWps/hv4uuvPxz6iZaJrBONwySs=,tag:zi4V00IRiudBZujrs67bdQ==,type:comment]
|
|
#ENC[AES256_GCM,data:1ptTqfjwMAOzAv9T62FDHVJo+qrseQ+XHLEerh0Sux0eelsmSpxHK/lkEkclR4SctM9j+FZgEc/1fw/LgW37aoqIWFLo,iv:LPZxbeFd0oMTDDgUvswNGbkU1BO4Jmo9+zT/qVQij9g=,tag:KbNUGlGaEzjtCHPJytK4tQ==,type:comment]
|
|
hcloud_token: ENC[AES256_GCM,data:gn0NL2Wlnh44RFtACu/DfLO1Cot1hBqbPI9S8DhG58jYuutmVefiuYo5GT4AVn4cDMYjL0sthQ3gX6uGvbCh7g==,iv:PUvbYQvwez4BASvgOiIdST549HAfYJ+g/y0JsFfeQqg=,tag:2VTRTUT1hftOf1nYprjQbg==,type:str]
|
|
#ENC[AES256_GCM,data:KpCylAL5gOarG+cNdmcL5cgmJI/6YT4mdIA7GlSqSJRfgNBVYe/xBgL1Hpiq+Q==,iv:+O4/ADo/OoYvMx50+g/sAqyjy+O7DmwURGMqBdDhLZM=,tag:PI42CwChPU6MVF/8/mT6Pg==,type:comment]
|
|
storage_box_host: ENC[AES256_GCM,data:rO/FEQp1Ksd824TToUh3q0WOVFY4cRk3W64=,iv:61Jor26LvSTKoXo3A9S5NTfgwuVcP8afUneKxSmyT/c=,tag:MrWsp91eygd2YvOnNNyanA==,type:str]
|
|
storage_box_user: ENC[AES256_GCM,data:KXUlMAixCQ==,iv:8o84GdNHZXKtBJwYop31YwqUL4HqhBNeKbEnhVLPl9A=,tag:hW5O9zSZ9dSLq0FORKqx3g==,type:str]
|
|
storage_box_password: ENC[AES256_GCM,data:SyzHuEXRbLru+wflZGkxauZpZtUDmo1vMuHmbJlh0yhS,iv:PgqmRC85bQqSreMaL2ibnmOL9+nkg07i0lDNJSEQoDU=,tag:+TVM11wz89TirKBesjKwfQ==,type:str]
|
|
#ENC[AES256_GCM,data:y+MWRmWUdPVOdaHk8vyZrc3HPD44NIWDZ4mr,iv:P6wh9kz8XcE2i/OVIOfvKRj49qizcQoYh0NZqpJk3bE=,tag:ZYgRx8zsILKp06ZQDn/4/A==,type:comment]
|
|
acme_email: ENC[AES256_GCM,data:cu9ReaF3xouE0eKZEx4PkiNmMfKOPyix,iv:fqgM8f3tMz7D8HAGCJ5ziwQ/Swsu3K8ZNkQ+p6Qc0Hs=,tag:pO+8wVnAMHSMMfeZ1dEKNA==,type:str]
|
|
#ENC[AES256_GCM,data:SX03vdRrckyWY15r//Y5pJZWXFGfaQSnNnJvA6k+AsutO1Vl9reVQMexQEU=,iv:p1LbT0qxIFfoiJPUerjGqlHD+fK0o0lLnFUvPhIyHdk=,tag:1zURmS+50zRThvHpOWJ0HA==,type:comment]
|
|
mailgun_api_key: ENC[AES256_GCM,data:WxrIeq1odexHduN4YTJSIX9+CaiLaGnkPNkEQpUwTou8PU7aMqJtclxliGl6YrYjncM=,iv:RzHQO1URtLPeAFRRjR3YF9+z//5WostpuwPtf7wxCZI=,tag:mi+mVIGGJqJaHu6cM3HcfA==,type:str]
|
|
sops:
|
|
age:
|
|
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
|
enc: |
|
|
-----BEGIN AGE ENCRYPTED FILE-----
|
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cGhtWTREWTA1NWZ1SE9u
|
|
UGwvNWM3Z2pjdmsxMXRFK2UwcHQ1MkgySVE0CmJsVDBZUWhnVlJjdnhLWkwwOE83
|
|
b3dsMDhKamJNLzFaYnZ4V2ZnS0VydzgKLS0tIE10MmZuc3U5bFFmeDFGNXhwbytG
|
|
eXNRencwRmM5ZEdqbks2NTZ5UloxOTgK3NE24DZp7QaDUIUQOQjENm3zKorckrmt
|
|
JEk2oRXoH6PGJHrZMh2AkmoG3/enh24U8PNQBpmYX6U2ZA7zfnjZXg==
|
|
-----END AGE ENCRYPTED FILE-----
|
|
lastmodified: "2026-01-18T17:12:08Z"
|
|
mac: ENC[AES256_GCM,data:uNDFf6KeSbLmbmjkSlSOKJEP0R4CjsUVHdCN6Xhx5JNvFutnBpI7k0Fy6SUQgO+Glyw0fJgo7vyxixPoFRT460xAePPNRo+uGXrbtkR+gXX0nOZKaDnu1AcnW2pTXR3450abHlfBRfoYKpJ/yY5AaitIUiRk2H3Lj7H6Q4tj/oE=,iv:citqKI31p2fiifMW2QL8E43BmQYRO3/grR3nOEL3hJo=,tag:sNjW5j0Wl10nBxOiqYBCCA==,type:str]
|
|
unencrypted_suffix: _unencrypted
|
|
version: 3.11.0
|