mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity

README.md: improve documentation on gnupgHome.

Browse source
This commit is contained in:
Jörg Thalheim 2020-08-11 05:46:00 +01:00
parent 7d2b22a18d
commit 70dbc816f2
No known key found for this signature in database
GPG key ID: 003F2096411B5F92
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -649,6 +649,22 @@ fingerprint: E4CA86768F176AEB6C01554153AF8D7F149613B1
```
In this case you need to make upload the gpg key directory `/tmp/newkey` to your server.
If you uploaded it to `/var/lib/sops` than your sops configuration will look like this:
```nix
{
# Make sure that `/var/lib/sops` is owned by root and is not world-readable/writable
sops.gnupgHome = "/var/lib/sops";
# disable import host ssh keys
sops.sshKeyPaths = [];
}
```
However be aware that this will also run gnupg on your server including the
gnupg daemon. Gnupg is in general not great software and might break in
hilarious ways. If you experience problems, you are on your own. If you want a
more stable and predictable solution go with ssh keys or one of the KMS services.
## Share secrets between different users