docs(secrets): add secrets

2026-03-07 20:28:08 +01:00 · 2026-03-04 22:55:20 +01:00
parent 8bb9c7717d
commit 434ee6c8b6
2 changed files with 23 additions and 1 deletions
--- a/secrets/README.md
+++ b/secrets/README.md
@@ -0,0 +1,21 @@
+# Secrets
+
+## Add a new machine 
+1) Obtain an age identity
+```bash
+nix run nixpkgs#ssh-to-age -- \
+  -private-key \
+  -i $HOME/.ssh/id_ed25519 \
+  -o $HOME/.config/sops/age/keys.txt
+```
+
+2) Obtain age recipient for the machine
+```bash
+cat /etc/ssh/ssh_host_ed25519_key.pub | nix run nixpkgs#ssh-to-age | wl-copy
+```
+
+3) Paste obtained key into `.sops.yaml`
+4) Re-encrypt old files 
+```bash
+sops updatekeys secrets/default.sops.yaml
+```