CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions

docs: move information on secrets and sops into docs
Some checks failed
/ Ansible Lint (push) Successful in 2m20s
Details
/ build (push) Failing after 2m40s
Details

Browse source
This commit is contained in:
June 2026-05-20 22:54:32 +02:00
commit 51cd583dff
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 40 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/guides/sops-gpg-key-replacement.md Normal file
View file

@ -0,0 +1,13 @@
---
title: "SOPS: GPG-Key Replacement"
summary: How to Replace an Expired GPG-Key
---
# SOPS: GPG-Key Replacement
- When a GPG key expires, it is necessary to update the config in the [`.sops.yaml`](https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/branch/main/.sops.yaml) and then re-encrypt all files with the updated list of keys.
- If no new key is available, simply remove the key and re-encrypt all files to keep the repository in a working state. Whenever the relevant member provides a new key, add it again and re-encrypt for it again.
- The re-encryption can be achieved by running the following command (which could take a considerable amount of time):
```bash
find inventories -name "*.sops.*" | xargs sops updatekeys --yes
```