studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧(sops) update secrets

Browse Source 
Decrypt and reencrypt secrets to grant access to marie's key
This commit is contained in:
Jacques ROUSSEL
2024-01-31 18:17:48 +01:00
committed by Marie
parent 31a5518a5c
commit 5b0b2933a2
2 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/secrets.enc.env vendored
View File

@@ -1,16 +1,18 @@
SOPS_PRIVATE=ENC[AES256_GCM,data:433w55r60yfeqffOLRTC/y6zNd1Lj8RfP4c2mPH/39Yd8l1GWjSQx+8YwKrtrrym3CTflEI9IEg3/Ryw0gbe/cO8t9TeiTMJ+u0=,iv:YZKHf670T4TWjPjO7qTk6c72Hb5zT2XYW4FwT35hAC8=,tag:4+8y5lidgHPI08zBeajWOw==,type:str]
CROWDIN_API_TOKEN=ENC[AES256_GCM,data:6GwEKPBIWvvI2lxd9itd9Nlb6ZDjUCUTNke7z+sIsuComTIvPDuqJQgWbK1y9n8ri1DWlXKawCoA/EcIc+knjUKdRidvJBJWnZ+n3mVnIIM=,iv:wzErFzu25h3j6JSTF7tS/OrbRf8BJ/uU2AbbVQ43tJk=,tag:IY3iqt6s67gaUPJ0zHuRhg==,type:str]
CROWDIN_BASE_PATH=ENC[AES256_GCM,data:XSx/WWOU2vc=,iv:FQJqcqV7bu828T6raBz519TVUK5Pnjml0fibhMjPK08=,tag:HyWjaXP6B6Vui92ThfUf5g==,type:str]
CROWDIN_PROJECT_ID=ENC[AES256_GCM,data:fXn3JP/+,iv:WyrLVVfnEFl9dT1pywe0r3e2HB4vZpPg+P0I6csoFQU=,tag:wTlzy+DFBMjpv5zImIw4fQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvOU9qS3hDRGdtUzRBeWd4\ndHBWOGgxRytQVi8vNjhmeStaRnlKYkJKMzAwCkNjdEVMNFUwdHBTQVlvQzhMYzFl\ncXpKMDBVYjFWRllsZnlOeU9Ob2d1YW8KLS0tIDdBRnU3dE1MdmI0d25FWWV4NEpo\nUWlXNDl6cWxDdVpmMFphQXREcDlJMVEKQqMjIg9KBMDIkZJeKkWkdB+CA1rROHS7\nLm6XxaxE98/gPf3d7zywkwuqaQui0mzZeGaeds+2mTNC90QR5i8ymw==\n-----END AGE ENCRYPTED FILE-----\n
SOPS_PRIVATE=ENC[AES256_GCM,data:uMsnbpi1FFxO430iptp2axlH/souCPCJ/afCqh/kIDWs8xWHu0xJ2o6PlNOgb4l1gHF8sy4eSHFOW5HPKVbZ9gafRIL0JYHJr3A=,iv:IgaHDad7IuW2wFoxGALLDCs+UiSd3rEYwGNSX38wUfI=,tag:zs4wn4hDm5fghfI/7iH6CQ==,type:str]
CROWDIN_API_TOKEN=ENC[AES256_GCM,data:tZRGFs792GjKYGit+oNubCwPbjWarhlgcyQ7oStO8K3nao0lEzLrm3+ARaOEXkzEkKSal2N1c+vlYIjRyzV1X7WZ7nZQWBiihEJgAfF3NGM=,iv:hohak/1niu5kV/W4XA0KEE3UB0BuNCDxbRxb0O+Aocs=,tag:Ssi0HyEhCKb9+WFyp3/yBQ==,type:str]
CROWDIN_BASE_PATH=ENC[AES256_GCM,data:m44KrW5xJDE=,iv:bSyKrKQ0Z1yzrNaejAUyD+n1Z9z+ci92GoyS5KiiFKI=,tag:dDtpbn+6LkPwsg+qgMNWvA==,type:str]
CROWDIN_PROJECT_ID=ENC[AES256_GCM,data:Gonh6ps7,iv:yUqPty+R060m6CYrDf7na2f6h0aRpIhRCXZoJW4ThJg=,tag:ewupoenajsc9o0Aj0r/niw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIbkIyRi9jTGEzL2RZcGFS\nVkhuN2xMN1FBcm04eGJQUnpvQVRpdmFmaFF3CjdoNVhSM0lrb0lTSXAyUytSKzhG\nNERYaC80OThmUUxCSmt2U2Q0Mno3b0kKLS0tIFRjQzYyOEcwTnRScGhzaGxwaGFL\namxEUXNaeVhWUjYwbzR2Z1Uzb3JsTlEK6tyhbRmcUP4Aql49DPkrYb5tbwvK2EdA\ntvyPQo4pPit+pzgqsVgW+O8Wo4/rYLlITfuVRrOfHEaH3wmf6hziSw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHBlSjhrYkFtZlBMUDZN\nTDQxTWViaGVTZHp3d2dZQ3VseFoxZmpsRUhJCjNBclRncXBnODVuYWIwdGVHNEJR\nSjhFSHkzNHVOaG5DWG9SR1lnTzgwNzAKLS0tIHFOTHo1N3dLUDRBMTJBeE1BMmxS\neWNKcjBrdTR0T1AzWEVNeEx6d0NiaWMKX+P3nvVllG1MToNSZQzL8B3kG00gAIYf\nfaTRipBSoAacbZ67Fuam29P5NH6tNJkVNH+1TQht/cZQeHZNgmyYYQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIL2NwVjVtVmd1ZE15WmFC\nVGl5cnU1OHVUcXAxWmZCQXBJbXBlcXFUN0RzClpOVXBTek9wbVB6M2s5TWlFbUo3\nelZrT3dsK3p6cEJGTGJoSTRvaEh4NW8KLS0tIGlsL29oSEthU28xV0RERFIxTnZR\nSSs3YjdUT0NyTEtlbjlmZXVOaTd3SzgK5jFJGREfJ/HVytWsCKWFsqM5JoaFSnhv\n538KzzldzcbtWfnY+bQ6A2EBjETwOzCTuQB8axAMj0URXPI+qelKIQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUG5sbm1TMjRHVGJXTllU\nRnluZG9tTGxqOGJSay9Wd1Z6S253V2NsUVgwCkRKbDV5WGxja1A4dW5PS1pKcUlo\nbzFnR3h5WU9MWFNKL054UjloTCtnRUEKLS0tIEZBN1hRb3IzOGd0TWZIRko0MENJ\nbmgwRDJjSlk3SzJtSnNwbFd4N1pwc3cKySMazkqccAwMoQQcKo709sikVZxtuuHP\nKtxymJzVX/W5MLCVARauWFCB6glf251XpJS5TI61LuqH62CtV9AOyg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOWtwSytMNGRmSHNQN0Zz\nV1RTWktXT1c5VjYvNTg2V0x1U3JSTFA1dmtvCnc4RHRodjVxSzcrZXJycCtJMGNy\nZ3ZwbTFDTUc4TTMxbm8rNXQ1ME90Q1UKLS0tIERPUmg1dSt5OWQwaXV0Y2FiYWdt\nVzlhcFNvUS9Nd3A5ZTYwT2lLUU5WVU0KGHSm1BQ3voKs98WiXNLO6hlqoiQmi1/F\n2RCBkE4/gOVyAmJAjOFizaF0Dhd7Ba4KS5l5QylFHloL8XtyixEhog==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1g5keveae6zhn059e7cxkjqdz4v3u47ypejv9ujld65nwh6d5pd9qfm0ecv
sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncXBSQm9PRkVjTG05ZjJm\nRVE3MlhPMVNkbFZMUzFTQUcxYUFCQ2pCWlNzCnpoMXUrYnBLYUxsWTFYUWRnU25y\neExxanM0SkZYNmd4aEdNQmpTb0hkc3MKLS0tIFEzOG9hdENMalNpZkFMMVRWem5T\nYU4yR1REVVFHZFJDRkU0YXNlQTY2bkEKeKjMUnA6cIRGSRR8yHUFB6FP/oX6Rxjn\nKtDVsnJrLNFhfJr1VgJjDE79/AGhaqBKA9tL4cHtQZbZTCRa8ZDZLg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYlB6cEZKK3NLbm5Ob0hi\nS3M0OFoyTHhVYVA1WmcvSHc2MUErQ2JyaUh3Cnp1NlYvU1BPUnVON29UZWUvWmEz\nOW85N013VUJ3Q1ZZUmMvTWdYclBZTUkKLS0tIG1KODdkazhTUHRPMXZXQnJFNXJY\nOFlSNjZCbkpxcm9tN1dFTkZ4K1lETFUKhiPwKEG71OlTcK/Ul1GKGayLy025vAmo\nNgQUhbqXf7KmqDAmrQNzXTsLsOpRi33l66jFSGkTsFtiXNlmjFljKg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_3__map_recipient=age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
sops_lastmodified=2024-01-29T11:12:28Z
sops_mac=ENC[AES256_GCM,data:jJEax1tpNx9v1xqoA6wkv1dyvbip9Xq8vWB5bvJbMYnWTB+dflJol+bBVyBFfq3VzQz6F6sUOwN2TTqJ4ivkRhEuk72uf1y9E92Bz1vkF6Bz0PNOn2y/V41AZLkzMGS5X2rHQkgHrYxe9hbz1IqqN81mY6VhAqLVrJsUXUtBtM8=,iv:RfKEsV9wSxqnmOVBbeHrPI/puvuqdKkeYy2IXRZBZJI=,tag:p4esaM/C+haYXrc3sjdz8g==,type:str]
sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUzI2eDB0MU41YWoxcjAv\nOU8yMlowb3IybCtzcFBBTEVlUzdBczZkQlFNCk5tbnhLR2kweGNFZmx1OFgwaWZU\nTzRKZTBZamJjRFNYOUJlYmxTUVg4S2MKLS0tIDNGdlVVc0hLK1BPTUJVc0tPb1lK\ndVVWVi9GRkxwYXR1cXMrdnlsejJBeGsKKmVWvIMrBYH+UrDMkZPxN8KWnCgA6WK2\nbexMYr2AIF2QMbhck7XW2NuvAwvwjbJMfcd+cp9boe+EcC4YjdJZlw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_4__map_recipient=age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa
sops_lastmodified=2024-01-31T17:11:27Z
sops_mac=ENC[AES256_GCM,data:3fFr3c7YSDSDC5OfwZti2WLdvWfWqjSAw8VKOT3R+NswOqV09mfAnCwp8mou2TLJL1XY/M2kK8iEwAAU6/7cjFxgll04EybYeS2euWA0Br2C9Pv8pVf9tomSP+bCxqgEBlYuLyhqsOpe258zarKXL/iPUwh5TjTxVYcg0LGxwrg=,iv:at/JTWhrbFRkrrggIQ9WWFXI33qEqV+SrTRKyYTBNeQ=,tag:c9TYIGU15H42TcyN8ZxUGA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

3
scripts/install-pre-commit-hook.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
mkdir -p "$(dirname -- "${BASH_SOURCE[0]}")/../.git/hooks/"
PRE_COMMIT_FILE="$(dirname -- "${BASH_SOURCE[0]}")/../.git/hooks/pre-commit"
cat <<'EOF' >$PRE_COMMIT_FILE
@@ -16,7 +17,7 @@ exec </dev/tty
for d in $DIRS; do
# find files containing secrets that should be encrypted
for f in $(find "${d}" -type f -regex ".*enc.*"); do
for f in $(find "${d}" -type f -regex ".*\.enc\..*"); do
if ! $(grep -q "unencrypted_suffix" $f); then
printf '\xF0\x9F\x92\xA5 '
echo "File $f has non encrypted secrets!"