CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions
ansible-infra/docs/guides/sops-gpg-key-replacement.md
June 51cd583dff
Some checks failed
/ Ansible Lint (push) Successful in 2m20s
Details
/ build (push) Failing after 2m40s
Details
docs: move information on secrets and sops into docs
2026-05-20 22:54:32 +02:00

13 lines
753 B
Markdown
Raw Blame History

---
title: "SOPS: GPG-Key Replacement"
summary: How to Replace an Expired GPG-Key
---
# SOPS: GPG-Key Replacement
- When a GPG key expires, it is necessary to update the config in the [`.sops.yaml`](https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/branch/main/.sops.yaml) and then re-encrypt all files with the updated list of keys.
- If no new key is available, simply remove the key and re-encrypt all files to keep the repository in a working state. Whenever the relevant member provides a new key, add it again and re-encrypt for it again.
- The re-encryption can be achieved by running the following command (which could take a considerable amount of time):
```bash
find inventories -name "*.sops.*" | xargs sops updatekeys --yes
```
Reference in a new issue View git blame Copy permalink