CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions
ansible-infra/docs/guides/sops-gpg-key-replacement.md
June 51cd583dff
Some checks failed
/ Ansible Lint (push) Successful in 2m20s
Details
/ build (push) Failing after 2m40s
Details
docs: move information on secrets and sops into docs
2026-05-20 22:54:32 +02:00

753 B
Raw Blame History

title summary
SOPS: GPG-Key Replacement How to Replace an Expired GPG-Key

SOPS: GPG-Key Replacement

  • When a GPG key expires, it is necessary to update the config in the .sops.yaml and then re-encrypt all files with the updated list of keys.
    • If no new key is available, simply remove the key and re-encrypt all files to keep the repository in a working state. Whenever the relevant member provides a new key, add it again and re-encrypt for it again.
  • The re-encryption can be achieved by running the following command (which could take a considerable amount of time): 
    find inventories -name "*.sops.*" | xargs sops updatekeys --yes