mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-05 16:17:47 +00:00
Code Activity

Merge pull request #35 from Mic92/fix-tests

Browse source
This commit is contained in:
Jörg Thalheim 2020-08-17 21:59:43 +01:00 committed by GitHub
commit 9a14b6ab14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -649,6 +649,22 @@ fingerprint: E4CA86768F176AEB6C01554153AF8D7F149613B1
```
In this case you need to make upload the gpg key directory `/tmp/newkey` to your server.
If you uploaded it to `/var/lib/sops` than your sops configuration will look like this:
```nix
{
# Make sure that `/var/lib/sops` is owned by root and is not world-readable/writable
sops.gnupgHome = "/var/lib/sops";
# disable import host ssh keys
sops.sshKeyPaths = [];
}
```
However be aware that this will also run gnupg on your server including the
gnupg daemon. Gnupg is in general not great software and might break in
hilarious ways. If you experience problems, you are on your own. If you want a
more stable and predictable solution go with ssh keys or one of the KMS services.
## Share secrets between different users