gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a6e5dff5bce71b1ed70e13721c20a4cd578071e
home-server/talos/runbooks/sops.md

925 B
Raw Blame History

Runbook: SOPS secrets (git-encrypted)

Symptoms: sops -d fails; kubectl apply after Ansible shows no secret; noble.yml skips apply.

Checklist

  1. Private key: age-key.txt at the repository root (gitignored). Create with age-keygen -o age-key.txt and add the public key to .sops.yaml (see clusters/noble/secrets/README.md).
  2. Environment: export SOPS_AGE_KEY_FILE=/absolute/path/to/home-server/age-key.txt when editing or applying by hand.
  3. Edit encrypted file: sops clusters/noble/secrets/<name>.secret.yaml
  4. Apply one file: sops -d clusters/noble/secrets/<name>.secret.yaml | kubectl apply -f -
  5. Ansible: noble_apply_sops_secrets is true by default; the platform role applies all *.yaml when age-key.txt exists.

References: clusters/noble/secrets/README.md, Mozilla SOPS.

Reference in New Issue View Git Blame Copy Permalink