Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../.gitignore
Pieter 6bc8e508c6 Complete SOPS secrets management setup (#5) 
Completed Issue #5: SOPS Secrets Management

All objectives met:
-  Age encryption key generated (keys/age-key.txt)
-  SOPS configured with Age backend (.sops.yaml)
-  Secrets directory structure created
-  Example encrypted secrets (shared + test client)
-  Comprehensive documentation for key backup
-  Ready for Ansible integration

Security measures:
- Age private key gitignored (keys/age-key.txt)
- Only encrypted .sops.yaml files committed
- Plaintext secrets explicitly excluded
- Key backup procedures documented

Files added:
- .sops.yaml - SOPS configuration with Age public key
- secrets/shared.sops.yaml - Shared secrets (encrypted)
- secrets/clients/test.sops.yaml - Test client secrets (encrypted)
- secrets/README.md - Complete SOPS usage guide
- keys/README.md - Key backup procedures
- keys/.gitignore - Protects private keys

Updated:
- .gitignore - Allow .sops.yaml, block plaintext

Tested:
- Encryption:  Files encrypted successfully
- Decryption:  Secrets decrypt correctly
- Git safety:  Private key excluded from commits

Next: Ready for Zitadel/Nextcloud deployment with secure credentials

Closes #5

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-27 14:23:36 +01:00

58 lines
715 B
Text
Raw Blame History

# Secrets - NEVER commit plaintext, only encrypted .sops.yaml files
secrets/**/*.yaml
secrets/**/*.yml
!secrets/**/*.sops.yaml
!secrets/.sops.yaml
keys/age-key.txt
*.key
*.pem
# OpenTofu/Terraform state and variables
tofu/.terraform/
tofu/.terraform.lock.hcl
tofu/terraform.tfstate
tofu/terraform.tfstate.backup
tofu/*.tfvars
!tofu/terraform.tfvars.example
# Ansible
ansible/*.retry
ansible/.vault_pass
# OS files
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
Thumbs.db
Desktop.ini
# Editor files
.vscode/
.idea/
*.swp
*.swo
*~
.env
.env.local
# Logs
*.log
logs/
# Backup files
*.bak
*.backup
# Python (if using scripts)
__pycache__/
*.py[cod]
*$py.class
.venv/
venv/
# Temporary files
tmp/
temp/
*.tmp
Reference in a new issue View git blame Copy permalink