sops: 配置多机器标准密钥流程

2026-05-17 12:22:50 +08:00
parent 153bd77227
commit df2bce8913
1 changed files with 12 additions and 5 deletions
@@ -1,11 +1,18 @@
 keys:
-  - &primary age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &user age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &oparic-local-dev age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
+# 按 GPT 的说法, 要想不踩坑, 就绝对不要用宽泛的匹配规则
 creation_rules:
-  - path_regex: secrets/ssh-config.yaml$
+  - path_regex: ^secrets/ssh-config\.yaml$
    key_groups:
      - age:
-          - *primary
-  - path_regex: secrets/ssh-private.yaml$
+          - *user
+  - path_regex: ^secrets/ssh-private\.yaml$
    key_groups:
      - age:
-          - *primary
+          - *user
+  - path_regex: ^secrets/hosts/oparic-local-dev\.yaml$
+    key_groups:
+      - age:
+          - *user
+          - *oparic-local-dev