dev: import plaintext token into agenix secret

2026-02-15 17:54:36 -05:00 · 2026-02-15 17:54:36 -05:00 · 223272db7d
commit 223272db7d
parent 7b69f6200f
5 changed files with 93 additions and 6 deletions
--- a/secrets/README.md
+++ b/secrets/README.md
@ -21,15 +21,13 @@ nix develop
 Encrypt (create) a secret:

 ```sh
-cd secrets
-agenix -e cloudflare-api-token.age
+agenix -e secrets/cloudflare-api-token.age
 ```

 Decrypt (inspect) a secret:

 ```sh
-cd secrets
-agenix -d cloudflare-api-token.age
+agenix -d secrets/cloudflare-api-token.age
 ```

 ## Decryption identity
--- a/secrets/codeberg-token.age
+++ b/secrets/codeberg-token.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 29OJ4A G6byj6PhWofxSh8K5FGSqBs5W5uKtyJ2MGY1JFb+STc
+d25eWVNmz2+0zKVVRZ/Pib4YZClhJrML6s3hbLh9rMU
+--- t/6aoMSRLI8vay71VugNOGwKHjHteiC+SinD6gQARYM
+¹ˆ8ùEÉâò /‚³?á¢¿wÝØJlSñæäíz<C3AD>i–8Ç)†äÿƒ`ã;Bæ4LåÑT„Àö?£;ãÀzÇšÐé\
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,9 +0,0 @@
-let
-  # Founder SSH public key (recipient). Safe to commit.
-  founder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJCBTSEEcBOhOkf3WF1e8xmblAZHvgTibFsqck2GY8D/";
-in
-{
-  "cloudflare-api-token.age".publicKeys = [ founder ];
-  "codeberg-token.age".publicKeys = [ founder ];
-}
-