From 8e462418e3f86db9cce54687026c95e549f74bb0 Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foo.dogsquared@gmail.com>
Date: Sun, 27 Nov 2022 00:51:05 +0800
Subject: [PATCH] hosts/plover: add gcp-kms key for secret

---
 .sops.yaml                        |  2 ++
 hosts/plover/secrets/secrets.yaml | 34 ++++++++++++++++---------------
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 53206a0e..a2deccc7 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,11 +3,13 @@ keys:
   - &foo-dogsquared-age age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
   - &ni age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
   - &plover age1sj497yr895335rk77qqnrqyx9f7462ma3lz0a0x3w5cnla5uqgpspgggtz
+  - &gcp-sops projects/pivotal-sprite-295112/locations/global/keyRings/sops/cryptoKeys/plover-key
 creation_rules:
   - path_regex: hosts/ni/secrets/[^/]+\.(yaml|json)$
     age: *ni
   - path_regex: hosts/plover/secrets/[^/]+\.(yaml|json)$
     age: *plover
+    gcp-kms: *gcp-sops
   - path_regex: secrets/[^/]+\.(yaml|json)$
     key_groups:
       - age:
diff --git a/hosts/plover/secrets/secrets.yaml b/hosts/plover/secrets/secrets.yaml
index ff25ab87..c6540abf 100644
--- a/hosts/plover/secrets/secrets.yaml
+++ b/hosts/plover/secrets/secrets.yaml
@@ -1,34 +1,36 @@
-ssh-key: ENC[AES256_GCM,data:qAExtufRmVYPTLAyJ7P7baYfkvTsEFtHR8I9a1o08bZ9odl0JXTJpuX+qmm5TQyfqzn2SSJLNQjsXHoGYE9B34Y6n29R9LM7Ssc0V/zSNbv4Qzy4JYD7rbiULXE6aJLL1uU4M2C6GFlIlikZm0K9Bh8MQPyx2oJtN5AI8fuVxK0AGeRVGS5M5FaYj4ccfR//B2066Ga2KAs/xKq4rj88jxOv3sSY/S+lRuR0uixV7GI3TJK15OtVIvOX1lZIQyOrfMmdJbWaW4zezAHt8GzBr/VJJdYRv5FOWTiuIWKl80vr0YmxHs9Ol+4d0Dcm48+lxg6GUp6I1+V6/tVvKDakGV901NcVra6e0qZX4L6uHgyRQ4k939GZcCtg6e7CLtrVU31SMuC34EcSJP4DkkWis9dYVZCGwZi0+mhtDO8BzzqrH+wmlgxYh/a0lIMgUO7wN8KbWVX0XN0Tsmhc66NZkxoLDdTZSUDVqItl/Pj/21Sn6+P8m/MdvIlBbcLB0Q+RE55IfU374rGhGxHUIaUk,iv:ffYR1jqrwm94SA9OlRwjALcaGvw4tcrJDdT3YhpM2Qk=,tag:CQoclfSo/ZOuqMlC6dIMXA==,type:str]
+ssh-key: ENC[AES256_GCM,data:xkKDGZtID/MVa4RlNPOjiqkVYCsVqZp/Mn6IrT3gKa9tLZ7/+jA3Lnr0IochxfTrrdmoymJk6UqUT+9zjeBzQ6Wt0yrwTJwmAesR6E1sTTW7LDru+72Yur5D0Ov34p9wL6ALefLP/iEmYpoz6+tONcRaY8sXri8EDMCqB1p5idMHWjdzMztFBBp3suRfS/CgHdmJCBVcElNtnIAACWe4ppWr7P8iixVC+PP4sTPGnYh3bvtOK22sZqiWcwmtN0Btqgw0hPkwyqpnV42CXgVIOm85alZEiIVMVAjIXDnhCIyb+pTnfzKvVBs6YXABxphR9pC/uSlctl18bqrOnGnFJL4CRylC0wyqErEP56G/ypj7UZbC7O2ews45cGspvx5A2vJdzL5/mxs0QMH/llVgDUYYTVEb0BWS+31Q8zViSDGUNVn+MTIir7DXCveck/5PAPwbYQmck7ghtT5yk5TpMMD9+Yc4jBSVtrLuo6b35QQzepT/X4j7zVf4vwxO3xsJbJ5Tu/gc9zbMn6nZKF+S,iv:ffYR1jqrwm94SA9OlRwjALcaGvw4tcrJDdT3YhpM2Qk=,tag:bzb4kHxek0T51GbGmG4fEw==,type:str]
 sourcehut:
-    network-key: ENC[AES256_GCM,data:/wrk2b2CvOECvBJGVUuHtNMOfQf0l3leweZlDVJRTCUHlifEkxPvNyL9bZo=,iv:44VlT5ID8KXDquDOZMIEPBWl7r+JwbamRdqhBsFO4Rw=,tag:KVRe5bYuwqeCcKiiJZxRDA==,type:str]
-    service-key: ENC[AES256_GCM,data:wYGipx79xs/456f3tiUa/P6Pz/IVDSZc0rNxXp4g5swK+n/OwCLK4UJu5baeoHzAxv7wPilKqRbSEuQWbeJShQ==,iv:S4BzMYPZtVFhXV0g5qBxjItqCyEQ25Ct6swBut7FefQ=,tag:/asB4OAKxGm/8UWiIJzmNg==,type:str]
-    webhook-key: ENC[AES256_GCM,data:4QSxP6MGS+TUcfBIB3OwIzveJAC3QKeS4cjHwKfLCORrw0tHuMowNoOVnp4=,iv:nUCkIgw5lNzEha6HVjBHtGD8ZzBwOlP8yMRQ/usD/64=,tag:SJU1Q48mwf34HTjJ71q/6Q==,type:str]
+    network-key: ENC[AES256_GCM,data:8W1cHjGGsvA8p/z07fS9QcPi5WI4Ho1lq5clQ5rFJMDyoWGBnxQ3TJ8eB/I=,iv:44VlT5ID8KXDquDOZMIEPBWl7r+JwbamRdqhBsFO4Rw=,tag:vEV8BEZHlrpZWXP1kRZ4nw==,type:str]
+    service-key: ENC[AES256_GCM,data:s/oq5ud8XZAAQwhJDPkPZg77MQAnbZVvposvR1RFMiVclOQtucK2CPxP1Lw65TCCLxMXIeRAOLfhKehIk6Jk5w==,iv:S4BzMYPZtVFhXV0g5qBxjItqCyEQ25Ct6swBut7FefQ=,tag:NNytSDn73zM2Z3uWYjknMw==,type:str]
+    webhook-key: ENC[AES256_GCM,data:cKOG9xM7jp1LYHfKjyFqds7ectatGklq8bIWFUeuAkFI2Mwm/XVRm30Lzfk=,iv:nUCkIgw5lNzEha6HVjBHtGD8ZzBwOlP8yMRQ/usD/64=,tag:NHNiPpH9GUq6lSsWTJ1SFw==,type:str]
     smtp:
-        user: ENC[AES256_GCM,data:Lr/tkIk=,iv:kF7GXxsJupbGZlvvgfL6gKGZl1+W2rsr++XsVykVYOI=,tag:NcHjd1/yXWQmzzbuTGW/Dg==,type:str]
-        password: ENC[AES256_GCM,data:ZlFyFiA=,iv:2nSH03+WlA4xylK60DhlX32HYOnFwtXEEFwKPvdFCBw=,tag:IboFoNAGe41koc/3lTp2GQ==,type:str]
+        user: ENC[AES256_GCM,data:GPFxsIs=,iv:kF7GXxsJupbGZlvvgfL6gKGZl1+W2rsr++XsVykVYOI=,tag:gsDhGBTUbbPoO+R+y+Ssiw==,type:str]
+        password: ENC[AES256_GCM,data:JPBfuaM=,iv:2nSH03+WlA4xylK60DhlX32HYOnFwtXEEFwKPvdFCBw=,tag:Glfgbi5o7kSKDgfLsUv4UQ==,type:str]
 gitea:
     db:
-        password: ENC[AES256_GCM,data:Roc8HAPbQQWYS9x7nVpGO1rb+mUDduK3CI5qxDudcQQw7sqGzaRW3ParZvUcFVQA/+5xV2pkVkpTkKJEF44G9Nv+THNSGDFX7g==,iv:zChXWYtY1BIwE0ROJYtVj3FNhJbSLh/mu7adbhliawU=,tag:Dvv/8JmxMZjLPcmXcK1INQ==,type:str]
+        password: ENC[AES256_GCM,data:LcCwh4HKP4xuQFtzheE4OFHra8TFG/+jYMPNQdSKJEbdU2pcVp9JY1zbSUe7KwSuwLveGt8EqERCSoN5nmwT1GRw4krvDltJkA==,iv:zChXWYtY1BIwE0ROJYtVj3FNhJbSLh/mu7adbhliawU=,tag:2UpH2P6yJm9x7ZfMVZdoMQ==,type:str]
     smtp:
-        #ENC[AES256_GCM,data:Wd0tLHr3kQMASBa0om3y4BM=,iv:2MvRyhaJY5hgHqZOlLcIwsCMlYB/nZJk1ZLpoFSNqrI=,tag:6Rr1zMQ2ehvIwkqKBAO7uw==,type:comment]
         password: null
 sops:
     kms: []
-    gcp_kms: []
+    gcp_kms:
+        - resource_id: projects/pivotal-sprite-295112/locations/global/keyRings/sops/cryptoKeys/plover-key
+          created_at: "2022-11-26T16:13:49Z"
+          enc: CiQAGtNpzlnA4uGgxLtVLU0Su4vN4MiIyh2pDOhs5za4pImeLLgSSQD/0un9N03PQnZSTunpJwA7BUq+B7t2D0w5tiL4eYz2kPUHbTSudfG4611eQa0oyxsMEylIRd0Ch6C2nyjo/PbO9BmRXbI1wz8=
     azure_kv: []
     hc_vault: []
     age:
         - recipient: age1sj497yr895335rk77qqnrqyx9f7462ma3lz0a0x3w5cnla5uqgpspgggtz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdnpLYXUxVDZ0Yk1JM1d5
-            OUxsUVJIR3MrcVVId1ZxaHU3amZ5WThKNm04CkRMUU5nQ1RXLzhGNDVMNUVkR1lE
-            VHJveENMWHVrNHBscEExeDBtUFdSSkUKLS0tIDE1NlZyc1puYWVzazZJaldNTVM1
-            akJBYVU2bnBoRWZBQnRFeXpZdzIrdzAK1ZOvzCL8F5+cLobdKIqPUfFJXy/LjbfF
-            T2VmFyqV1Gx+tnrrGhdmJyP6F24q9S5BUi0TzMCIOspPEau7pTBpaQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2THVPWHdVdkR3bjZRbVI0
+            M0xNbHhQRnBrR2Y0cUlVMHdXOUpWdFh2K1JjCjNBTEJNdDgwckR2bWZuOEw2Z3VQ
+            Z0Q1Wm1JRkNIYmh2cExIdWJ3ZFZVVHMKLS0tIFppeTVGc0k0eHIrTndpMVJuTTV5
+            YTZnVWJBdkVKTDIyN0JjNUVkNU84bmsKVEvYry/jpwScC0wtDqbvE4WtYVm+bBss
+            /uTld6ObaI92LLVwdkcApVSzt8AD/vCRD/Kf084oi+fRDFn2JiYChQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-11-24T15:12:10Z"
-    mac: ENC[AES256_GCM,data:rk2x9xBywOJLoga3Qz8bBThNKgm/LMlRZzTfva++kY2qaNhXlV+kRWdN/ERtYRlQ+XI87EsK82QCniqg0paGRnLiyhGluW0iMmMNlt3UthpFUfOwYZ87J/tu2l5iyaj/bd0lMgFwn2vQWelSnmDg+o6tXxzGbyAP+mVj6mnC/q8=,iv:jnctvTpNlvT49/l20BuyC25ptHuqjS62mU3ffxgJ8sE=,tag:zH3HZAEA+nIssXSYH4M+vQ==,type:str]
+    lastmodified: "2022-11-26T16:20:58Z"
+    mac: ENC[AES256_GCM,data:/woV7MJrvsIvoI/FZ2K31HNQJkAb7r+lqCiEiFV3XW8b2XjZ4dSYjyUlkhTq99EtewOoeHnO0FdUagz+sueV4/hrQ6SxP5LrqNIXet5Lk6RheqEaMWr2StQN8jVifKmKB9a0cHt/uHrfAWgExYMdBeNuMY/f5XtnWLXXX7DaClg=,iv:dk8qxbkMiXmVtBa/o022MP6Vb/ySEx4NyXty5f+AVLY=,tag:JVV6Qo7zIniaxfAngWu5vA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3