From df2bce891317037ecffce2f324abc12c0a26072b Mon Sep 17 00:00:00 2001
From: Origami404 <Origami404@foxmail.com>
Date: Sun, 17 May 2026 12:22:50 +0800
Subject: [PATCH] =?UTF-8?q?sops:=20=E9=85=8D=E7=BD=AE=E5=A4=9A=E6=9C=BA?=
 =?UTF-8?q?=E5=99=A8=E6=A0=87=E5=87=86=E5=AF=86=E9=92=A5=E6=B5=81=E7=A8=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .sops.yaml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index eab1515..2719031 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,11 +1,18 @@
 keys:
-  - &primary age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &user age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &oparic-local-dev age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
+# 按 GPT 的说法, 要想不踩坑, 就绝对不要用宽泛的匹配规则
 creation_rules:
-  - path_regex: secrets/ssh-config.yaml$
+  - path_regex: ^secrets/ssh-config\.yaml$
     key_groups:
       - age:
-          - *primary
-  - path_regex: secrets/ssh-private.yaml$
+          - *user
+  - path_regex: ^secrets/ssh-private\.yaml$
     key_groups:
       - age:
-          - *primary
+          - *user
+  - path_regex: ^secrets/hosts/oparic-local-dev\.yaml$
+    key_groups:
+      - age:
+          - *user
+          - *oparic-local-dev