add readme documentation on passwords
This commit is contained in:
parent
88fc2248e1
commit
ed827d4f57
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 40 additions and 0 deletions
40
README.md
40
README.md
|
|
@ -7,6 +7,46 @@
|
|||
- CCCHH Proxmox Address: https://10.31.210.248:8006/
|
||||
|
||||
|
||||
## Password & Secret Management
|
||||
|
||||
This repository contains a sops configuration that is used for password encryption as well as secret management for our nix machines.
|
||||
|
||||
### Passwords
|
||||
|
||||
All relevant passwords should be stored in `secrets/passwords.yaml` which is a plain yaml document with no strict schema but which is sops encrypted.
|
||||
It should contain all relevant passwords, a NOC admin needs.
|
||||
|
||||
#### Accessing Passwords
|
||||
|
||||
```bash
|
||||
sops decrypt secrets/passwords.yaml
|
||||
```
|
||||
|
||||
#### Adding/Updating Passwords
|
||||
|
||||
```bash
|
||||
sops edit secrets/passwords.yaml
|
||||
```
|
||||
|
||||
#### Authorizing new Users
|
||||
|
||||
Sops supports either GPG or age encryption.
|
||||
I (Lilly) personally prefer age since it skips all the openpgp cli weirdness and having to import keys from their IDs.
|
||||
|
||||
Adding a new age key works like this:
|
||||
|
||||
1. `vim .sops.yaml` and enter the new key (preferably as a yaml anchor) under `keys` as well as the `creation_rule` for the passwords file.
|
||||
Look at the existing file content and you'll figure it out.
|
||||
2. `sops updatekeys secrets/passwords.yaml` to reencrypt the password file with the newly added key.
|
||||
3. Commit and push changes.
|
||||
|
||||
### Machine-Secrets
|
||||
|
||||
See [sops-nix](https://github.com/Mic92/sops-nix)
|
||||
|
||||
**TODO**
|
||||
|
||||
|
||||
## VM Installation Instructions
|
||||
|
||||
1. Create a new system configuration in the [systems/](./systems/) directory.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue