mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
885 commits 14 branches 1 tag 2.8 MiB
Commit graph

885 commits

This branch
This branch
All branches
Author SHA1 Message Date
Janne Heß
8c5c313b56
Merge pull request #117 from Mic92/age-fix 
import ssh keys both for gpg and age
 2021-09-28 14:38:07 +02:00
Jörg Thalheim
a38ba56ca2 import ssh keys both for gpg and age 2021-09-28 14:07:26 +02:00
Jörg Thalheim
38e9270b77 README: improve age config 2021-09-25 22:37:58 +02:00
Jörg Thalheim
64235a958b
Merge pull request #107 from helsinki-systems/feat/age-support-2 
Add age support, second attempt
 2021-09-24 13:15:30 +01:00
Janne Heß
0b99142c90
Rename ssh-*-to-age to ssh-to-age 2021-09-24 12:09:54 +02:00
Janne Heß
77d0fa5920
Simplify age logic in sops-install-secrets 2021-09-24 12:09:54 +02:00
Janne Heß
0cad90d763
Update all go dependencies 2021-09-24 12:09:54 +02:00
Janne Heß
f636296aff
Switch the libs to now external ones 2021-09-24 12:09:53 +02:00
Janne Heß
6c916c1f57
Add a converter from private ssh keys to age 2021-09-24 12:09:53 +02:00
Janne Heß
4568162629
Import age ssh keys by default 2021-09-24 12:09:53 +02:00
Janne Heß
44d91e885e
Add review suggestions 2021-09-24 12:09:53 +02:00
Janne Heß
19089e588f
Document age usage in the README 2021-09-24 12:09:53 +02:00
Janne Heß
c980f2547e
Add sops-ssh-to-age tool 2021-09-24 12:09:52 +02:00
Janne Heß
db8fcb50a3
Add support for ssh-generated age keys 2021-09-24 12:09:52 +02:00
Janne Heß
b21c0ce3a8
Group gnupg and age in the module 2021-09-24 12:09:52 +02:00
Janne Heß
f5a2ba217b
Add age support 2021-09-24 12:09:52 +02:00
Jörg Thalheim
9d47d2e3e4
Merge pull request #116 from helsinki-systems/fix/unstable-pipeline 
Fix pipeline on unstable
 2021-09-18 07:43:33 +01:00
Janne Heß
ebfa120b52
Fix pipeline on unstable 2021-09-17 21:08:34 +02:00
Jörg Thalheim
32d94573f7
Merge pull request #115 from Mic92/dependabot/github_actions/cachix/install-nix-action-14 
Bump cachix/install-nix-action from 13 to 14
 2021-09-14 07:05:48 +01:00
dependabot[bot]
8fa49a400a
Bump cachix/install-nix-action from 13 to 14 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 13 to 14.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v13...v14)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-13 22:02:21 +00:00
Jörg Thalheim
3e4ebc851c
Merge pull request #111 from Mic92/openpgp 
switch to maintained openpgp library
 2021-08-29 17:37:03 +01:00
Jörg Thalheim
4919735a5e fork sops with new openpgp library 2021-08-29 16:20:30 +00:00
slekky
419e21b80f
Adding logo (#112) 2021-08-29 15:04:06 +01:00
Jörg Thalheim
3e2aefbc61 switch to maintained openpgp library 2021-08-29 15:24:07 +02:00
Jörg Thalheim
024c079aa1
Merge pull request #109 from helsinki-systems/feat/update-nixpkgs-version 
workflow: Update nixos channel to 21.05
 2021-08-28 11:12:23 +01:00
Janne Heß
1029f6e0c9
workflow: Update nixos channel to 21.05 2021-08-28 12:06:18 +02:00
Janne Heß
f61a391089
Merge pull request #110 from starcraft66/patch-1 
Add aarch64-darwin to supported systems
 2021-08-28 12:03:25 +02:00
Tristan
9b4eade565
Add aarch64-darwin to supported systems 2021-08-28 01:04:18 -04:00
Jörg Thalheim
0d4bdc1c21
Merge pull request #106 from Mic92/master-specialfs 
modules/sops: activation after specialfs
 2021-08-26 20:18:23 +01:00
Jörg Thalheim
f3deaae52f
Merge branch 'master' into master-specialfs 2021-08-26 19:53:56 +01:00
Jörg Thalheim
39d26fad6a
Merge pull request #105 from Mic92/build 
sops-nix: fix build
 2021-08-26 19:26:14 +01:00
Jörg Thalheim
ce5e734b26 sops-nix: fix build 2021-08-26 20:01:22 +02:00
0x4A6F
f89c1a5bf1
modules/sops: activation after specialfs 
* ensure mounted /run before running setup-secrets
 2021-08-22 23:28:48 +02:00
Jörg Thalheim
ec2800174d
Merge pull request #103 from Ma27/fix-manual 
modules/sops: fix manual
 2021-07-10 18:01:00 +01:00
Maximilian Bosch
df2d4bbbfc
modules/sops: fix manual 
* Since 0d957142b6 the manual doesn't
  build since `<name>` is interpreted by docbook as (unmatched) XML-tag.
  I decided to use `<xref linkend` as this provides proper linking to
  the referenced option.

* Also, if the module is included on a machine where `sops` isn't used,
  but `documentation.nixos.includeAllModules = true;` is set, the module
  wouldn't evaluate because `config.sopsFile` is referenced in a
  `default`-tag. This is generally an issue since every change to this
  option would trigger a rebuild of the manual anyways.

  See also 94fd200305 for that.
 2021-07-10 16:11:31 +02:00
Jörg Thalheim
87a27217b2
Merge pull request #102 from NickCao/master 
add readonly option sopsFileHash
 2021-07-07 16:58:06 +01:00
Nick Cao
0d957142b6
add readonly option sopsFileHash 2021-07-04 14:01:37 +08:00
Jörg Thalheim
c4f7025e5d
README: simplify installing sops-nix into shell.nix 2021-07-03 09:42:47 +02:00
Jörg Thalheim
d4c6f466cc
Merge pull request #100 from Mic92/dependabot/go_modules/go.mozilla.org/sops/v3-3.7.1 
Bump go.mozilla.org/sops/v3 from 3.5.0 to 3.7.1
 2021-07-03 08:21:49 +01:00
Jörg Thalheim
45900975cb
golangci-lint: increase timeout 2021-07-03 09:18:15 +02:00
Jörg Thalheim
4b156e10c8
flake: update nixpkgs 2021-07-03 09:18:00 +02:00
Jörg Thalheim
3261557508
update vendorSha256 2021-07-03 09:05:37 +02:00
dependabot[bot]
6f1ad4a008
Bump go.mozilla.org/sops/v3 from 3.5.0 to 3.7.1 
Bumps [go.mozilla.org/sops/v3](https://github.com/mozilla/sops) from 3.5.0 to 3.7.1.
- [Release notes](https://github.com/mozilla/sops/releases)
- [Changelog](https://github.com/mozilla/sops/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/mozilla/sops/compare/v3.5.0...v3.7.1)

---
updated-dependencies:
- dependency-name: go.mozilla.org/sops/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-03 07:00:00 +00:00
Jörg Thalheim
94535c632d
Merge pull request #99 from Mic92/sops-import-keys-hook 
Replace sops-gpg-hook with sops-import-keys-hook
 2021-07-03 07:55:22 +01:00
Jörg Thalheim
6d27428b35
dependabot: add go 2021-07-03 08:52:01 +02:00
Jörg Thalheim
34a650555e
fix nixos-test 
We no longer require membership in keys group.
 2021-07-03 08:20:27 +02:00
Jörg Thalheim
73e19bf11b
Replace sops-gpg-hook with sops-import-keys-hook 2021-07-03 08:08:38 +02:00
Jörg Thalheim
7918c59b39
Merge pull request #97 from Mic92/fix-permissions 
allow non-key group users to access /run/secrets
 2021-06-05 19:51:02 +02:00
Jörg Thalheim
835f825646
Merge branch 'master' into fix-permissions 2021-06-05 18:02:17 +02:00
Jörg Thalheim
351c716739
allow non-key group users to access /run/secrets 
This does not significantly decrease security while making it a lot more
convinient.  There are also services, where it is not possible to set
the keys group i.e. if a daemon unsets all groups.  Processes still
won't be able to list other secrets if they are not in the secret group.

fixes #86
 2021-06-05 17:59:22 +02:00