update sops key to an age key that is derived from the ssh key shared between machines

3 files changed, 14 insertions, 15 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 496fc51..a49783e 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,8 +1,7 @@
 keys:
-  - &T430 age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t
+  - &SSHDerived age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
 creation_rules:
   - path_regex: secrets/.*.yaml$
     key_groups:
       - age:
-        - *T430
-
+        - *SSHDerived
diff --git a/modules/hosts/T495/resources/secrets/wg0.yaml b/modules/hosts/T495/resources/secrets/wg0.yaml
index 96a6349..fd460a3 100644
--- a/modules/hosts/T495/resources/secrets/wg0.yaml
+++ b/modules/hosts/T495/resources/secrets/wg0.yaml
@@ -5,14 +5,14 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t
+        - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWndzOThLTkF1RnZiNW52
-            RE1nYUN4VkFiQzhPQmtnb0lsQUNwbjJLaUZFCkIyVG40ZWlZTFZtMUVKOHZjS0RE
-            MXluMW1Gd0JRZy8wZFNoRTk5elNIeDQKLS0tIHhuTEFTVkFXNU93Vm9BT3BKSWpS
-            WVo3bTUyRU5QZUoyaFpwdlBIQWNTSmsKWFEP1O5pUiwJLYMabtKSMn2Mfk/8P13j
-            cogchslifEJr0t2aSYYUPdwdiJKFOsIXpj68BLYQsHWziOetwCcAvg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NEN4NGxDR1oreGVoSGhE
+            TzMxSEY0QVBhS2Z6MW15ci9aVlJ0a3IyVlZBCldPRVNvcUhJSHhWSEk3akd4RjN0
+            ajhUV2d1ZWRsRFU4cTE2dGl6RmM4MGsKLS0tIFhnUjl5aDJqWVB1NE15SlNzR2Iv
+            YTNydURsOUMrSXZGdk9UOUdUQlA0SFUKxEDJRR6tpYva9qpWo9NxwCxk/xpRVoTl
+            YJkmDZzMcXikXXiro96AprP9dXJXvMPKYPGl2Zsal8PlGFPBoHW2GA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-10-31T03:44:59Z"
     mac: ENC[AES256_GCM,data:SOHUgah6+C1OrzMglW1i+hjZPdRcL2rLUBejVg+o+Ibk2vI3ySyZJF6p389wUOjhWLguhPHf9+8kxn7HRUXOODXSL567LgxahfTj6J8MGDzXjALJuaGphmw5zJKbWGU06sR0tZlbyk89PO54dLVdvnFPuEbkLlma3cHD+qMEK7w=,iv:rX955auFPM4LjuSc8PPItGfvqiVQu7oqNmgs3GniWHc=,tag:1w7zTYHDVDQnX2FsBXs3uQ==,type:str]
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
index d3076ad..b28d1f6 100644
--- a/modules/root/resources/secrets/secrets.yaml
+++ b/modules/root/resources/secrets/secrets.yaml
@@ -5,14 +5,14 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t
+        - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTW9sT2hJNXVEYnQxV2RG
-            NzhSK0JzVlRmMlV0WmlUMDB4b0FkTG1wMmo4CjlJNkRTczB2WDZzOC8zYjdXdGt0
-            MXZDdThvREFoL3lUc3BZQUZWdDIxRkEKLS0tIDliMzNsdTVhSHJtM0piWmpnSFRC
-            STJsY1BEeCswc29NbUg4eFB2VXZ0NHcKfT5NbcKhEw4dD106nCa4gE3UiIWnpRDZ
-            r0cbU0q6qWIbh2SUbkoEvaGTBJ9BQVL2L4isQ42EaPq5LdQDQajp+A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUlBZXQ5Z080UUxoUGdr
+            dm9hRE5uTzFwWXhOWkJnbXNvazd1UnplcUdZCnRKQ3RVT1RGZURLYUxINStBSU4x
+            bUZudFp2SC9DSkVhNTRHV0MrRFFMckEKLS0tIGNBb3FLQVJsTGVsY3hMdy94WWZx
+            UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K
+            nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-11-01T00:54:56Z"
     mac: ENC[AES256_GCM,data:zwAv3vmTAhEoQpil+4tgweExbR1Vl5Vk3YJOhda2WHlVxXuZeN1wXOBOGVIFbwJOzcgY9nwcNfVlCKWXA/V3f8Znx+5mG72NbervLXmUpyBBfr9ALejlRrNT6r6r3BgPXuDHTw+66pq8L2oi3671D8rIWjddHtoJOmhNWv89ZoQ=,iv:oWdKV7bpRwGKcG0wCUUZ4qJhbk0JLkFhPRuk4JnHwQ0=,tag:A7EPpyjz2lugmkXGlnh8rQ==,type:str]