# wget https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64
# mv sops-v3.11.0.linux.amd64 /usr/local/bin/sops
# chmod +x /usr/local/bin/sops
# VAULT_ADDR=http://server.corpX.un:8200
# export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU
~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key --in-place
~/openvpn1# cat openvpn1/files/server.key
~/openvpn1# sops decrypt openvpn1/files/server.key -i
# cat .sops.yaml
creation_rules:
- path_regex: inventory.yaml
encrypted_regex: ^ansible.*pass
hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1"
- path_regex: openvpn1/files/server.key
hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1"
# - path_regex: keycloak-db-secret.yaml
# hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-pgcluster"
# - path_regex: values.yaml
# encrypted_regex: adminPassword|password
# hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-keycloak"
~/openvpn1# sops encrypt inventory.yaml
~/openvpn1#
sops -e -i inventory.yaml
sops -e -i openvpn1/files/server.key
~/openvpn1# cat inventory.yaml
~/openvpn1# sops edit inventory.yaml
~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}'
~/openvpn1# ###sops -d -i inventory.yaml