1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-17 22:18:17 +00:00
Commit graph

22 commits

Author SHA1 Message Date
Janne Heß
db8fcb50a3
Add support for ssh-generated age keys 2021-09-24 12:09:52 +02:00
Janne Heß
f5a2ba217b
Add age support 2021-09-24 12:09:52 +02:00
Jörg Thalheim
351c716739
allow non-key group users to access /run/secrets
This does not significantly decrease security while making it a lot more
convinient.  There are also services, where it is not possible to set
the keys group i.e. if a daemon unsets all groups.  Processes still
won't be able to list other secrets if they are not in the secret group.

fixes #86
2021-06-05 17:59:22 +02:00
Jörg Thalheim
f540b74ced
remove ssh-to-pgp from sops-nix 2021-02-22 06:49:46 +01:00
Jörg Thalheim
d665aecd88
fix 32-bit build 2021-02-01 13:50:17 +01:00
Jörg Thalheim
4de7358a2b
only mount ramfs once 2021-01-28 22:36:12 +01:00
Jörg Thalheim
80ad73c347
fix sops files that contains lists
fixes #68
2021-01-27 07:22:56 +01:00
Cole Mickens
24fd158fe6
sops-install-secrets: symlinkSecret: set uid/gid (with Fchownat) (#32)
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-08-24 09:24:43 +01:00
Jörg Thalheim
01e4038c9a
don't print full executable path logging key import 2020-07-30 16:19:51 +01:00
Jörg Thalheim
9cd8bb080f
sops-install-secrets: use %w for fmt.Errorf calls 2020-07-30 16:19:14 +01:00
Jörg Thalheim
b8d91d61ac
restrict sops-install-secrets to linux
ramfs is not available elswhere.
2020-07-22 23:46:05 +01:00
Jörg Thalheim
bffb0afb48
fix replace existing files 2020-07-19 23:23:38 +01:00
Jörg Thalheim
59803f7530
fix user manifest validation in sandbox
we should not lookup users there
2020-07-19 21:04:58 +01:00
Jörg Thalheim
30c6879b42
add validation mode 2020-07-19 17:09:27 +01:00
Jörg Thalheim
4224ec9ede
add validate flag 2020-07-19 11:32:59 +01:00
Jörg Thalheim
b1131e035d
sops-install-secrets: improve error message 2020-07-14 13:49:54 +01:00
Jörg Thalheim
6508df75b6
sops-install-secrets: include newline in log 2020-07-14 13:48:30 +01:00
Jörg Thalheim
cf34042dc2
sops-install-secrets: log gpg fingerprint 2020-07-14 13:42:32 +01:00
Jörg Thalheim
8cdca9dd6d
secring: open with more secure umask 2020-07-14 13:41:03 +01:00
Jörg Thalheim
4eda6711ba
fix /etc/secrets.d permissions 2020-07-14 13:21:07 +01:00
Jörg Thalheim
b75e51c423
add tests + ssh key support 2020-07-12 13:50:55 +01:00
Jörg Thalheim
8ccd9ba269
first commit 2020-07-06 07:31:57 +01:00