a7e332f9ec
Added 2 phases: 1. secret-reencrypt - This phase can be used to reecnrypt the existing secrets with new key. To do so SOPS_IMPORT_PGP must contain old public key and new private key (but may also include other data). SOPS_PGP_FP must contain fingerprint of new private key. 2. secret-show - This phase may be useful for some users that need to see what generated by secret-generate phase. Disabled SOPS debug by default. To enable it back run commands with env variable DEBUG_SOPS_GPG=true Change-Id: Id7fe13d6943d386577df25dba4aaa83e62e58980
7 lines
98 B
YAML
7 lines
98 B
YAML
resources:
|
|
- generated/secrets.yaml
|
|
|
|
transformers:
|
|
- decrypt-secrets
|
|
- ../overrideplacement
|