Janne Heß
db8fcb50a3
Add support for ssh-generated age keys
2021-09-24 12:09:52 +02:00
Janne Heß
f5a2ba217b
Add age support
2021-09-24 12:09:52 +02:00
Jörg Thalheim
351c716739
allow non-key group users to access /run/secrets
...
This does not significantly decrease security while making it a lot more
convinient. There are also services, where it is not possible to set
the keys group i.e. if a daemon unsets all groups. Processes still
won't be able to list other secrets if they are not in the secret group.
fixes #86
2021-06-05 17:59:22 +02:00
Jörg Thalheim
f540b74ced
remove ssh-to-pgp from sops-nix
2021-02-22 06:49:46 +01:00
Jörg Thalheim
d665aecd88
fix 32-bit build
2021-02-01 13:50:17 +01:00
Jörg Thalheim
4de7358a2b
only mount ramfs once
2021-01-28 22:36:12 +01:00
Jörg Thalheim
80ad73c347
fix sops files that contains lists
...
fixes #68
2021-01-27 07:22:56 +01:00
Cole Mickens
24fd158fe6
sops-install-secrets: symlinkSecret: set uid/gid (with Fchownat) ( #32 )
...
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-08-24 09:24:43 +01:00
Jörg Thalheim
01e4038c9a
don't print full executable path logging key import
2020-07-30 16:19:51 +01:00
Jörg Thalheim
9cd8bb080f
sops-install-secrets: use %w for fmt.Errorf calls
2020-07-30 16:19:14 +01:00
Jörg Thalheim
b8d91d61ac
restrict sops-install-secrets to linux
...
ramfs is not available elswhere.
2020-07-22 23:46:05 +01:00
Jörg Thalheim
bffb0afb48
fix replace existing files
2020-07-19 23:23:38 +01:00
Jörg Thalheim
59803f7530
fix user manifest validation in sandbox
...
we should not lookup users there
2020-07-19 21:04:58 +01:00
Jörg Thalheim
30c6879b42
add validation mode
2020-07-19 17:09:27 +01:00
Jörg Thalheim
4224ec9ede
add validate flag
2020-07-19 11:32:59 +01:00
Jörg Thalheim
b1131e035d
sops-install-secrets: improve error message
2020-07-14 13:49:54 +01:00
Jörg Thalheim
6508df75b6
sops-install-secrets: include newline in log
2020-07-14 13:48:30 +01:00
Jörg Thalheim
cf34042dc2
sops-install-secrets: log gpg fingerprint
2020-07-14 13:42:32 +01:00
Jörg Thalheim
8cdca9dd6d
secring: open with more secure umask
2020-07-14 13:41:03 +01:00
Jörg Thalheim
4eda6711ba
fix /etc/secrets.d permissions
2020-07-14 13:21:07 +01:00
Jörg Thalheim
b75e51c423
add tests + ssh key support
2020-07-12 13:50:55 +01:00
Jörg Thalheim
8ccd9ba269
first commit
2020-07-06 07:31:57 +01:00